Configuration of Environment Variables

This guide lists the env vars in the same order as the .example files in hosting/docker-compose. These variables control various aspects of the platform, from core functionality to third-party integrations.

Configuration file location

Defaults live in hosting/docker-compose/*/env.*.example. Use --env-file to point to your own file.

Environment file sections (in file order)

Agenta - License

Controls OSS vs EE behavior and defaults.

Variable	Purpose	Default
`AGENTA_LICENSE`	License type (`oss` or `ee`)	`oss`

Agenta - Secrets

Used for internal authorization and encryption. Change in production.

Variable	Purpose	Default
`AGENTA_AUTH_KEY`	Authorization key	`replace-me`
`AGENTA_CRYPT_KEY`	Encryption key	`replace-me`

Agenta - Endpoints

Public URLs and internal API URL.

Variable	Purpose	Default
`AGENTA_WEB_URL`	Web URL	`http://localhost`
`AGENTA_API_URL`	API URL	`http://localhost/api`
`AGENTA_SERVICES_URL`	Services URL	`http://localhost/services`
`AGENTA_API_INTERNAL_URL`	Internal API URL	(empty)

Agenta - Images

Override Docker image names or tags.

Variable	Purpose	Default
`AGENTA_WEB_IMAGE_NAME`	Web image name	`agenta-web`
`AGENTA_WEB_IMAGE_TAG`	Web image tag	`latest`
`AGENTA_API_IMAGE_NAME`	API image name	`agenta-api`
`AGENTA_API_IMAGE_TAG`	API image tag	`latest`
`AGENTA_COMPLETION_IMAGE_NAME`	Completion image name	`agenta-completion`
`AGENTA_COMPLETION_IMAGE_TAG`	Completion image tag	`latest`
`AGENTA_CHAT_IMAGE_NAME`	Chat image name	`agenta-chat`
`AGENTA_CHAT_IMAGE_TAG`	Chat image tag	`latest`

Agenta - OTLP

Tracing batch size limit.

Variable	Purpose	Default
`AGENTA_OTLP_MAX_BATCH_BYTES`	Max OTLP batch bytes	`10485760`

Agenta - API

Basic backend options.

Variable	Purpose	Default
`AGENTA_DEMOS`	Enable demos	(empty)
`AGENTA_ALLOWED_DOMAINS`	Allowed email domains	(empty)

Agenta - Services

Middleware cache and sandbox runner.

Variable	Purpose	Default
`AGENTA_SERVICES_MIDDLEWARE_CACHE_ENABLED`	Enable cache	`true`
`AGENTA_SERVICES_SANDBOX_RUNNER`	`local` or `daytona`	`local`

Network - Traefik

Reverse proxy and TLS settings.

Variable	Purpose	Default
`TRAEFIK_PROTOCOL`	`http` or `https`	`http`
`TRAEFIK_DOMAIN`	Hostname	`localhost`
`TRAEFIK_PORT`	HTTP port	`80`
`TRAEFIK_UI_PORT`	Dashboard port	`8080`
`TRAEFIK_HTTPS_PORT`	HTTPS port	`443`
`TRAEFIK_SSL_DIR`	SSL cert dir	`/home/user/ssl_certificates`

Network - Nginx

Only used if you enable Nginx.

Variable	Purpose	Default
`NGINX_PORT`	Nginx port	`80`

Docker - Compose

Project name affects container naming.

Variable	Purpose	Default
`COMPOSE_PROJECT_NAME`	Compose project name	`agenta-oss-dev`

Databases - Postgres

User, password, ports, and connection strings.

Variable	Purpose	Default
`POSTGRES_USER`	DB user	`username`
`POSTGRES_PASSWORD`	DB password	`password`
`POSTGRES_PORT`	DB port	`5432`
`POSTGRES_URI_CORE`	Core DB URI	`postgresql+asyncpg://username:password@postgres:5432/agenta_oss_core`
`POSTGRES_URI_TRACING`	Tracing DB URI	`postgresql+asyncpg://username:password@postgres:5432/agenta_oss_tracing`
`POSTGRES_URI_SUPERTOKENS`	SuperTokens DB URI	`postgresql://username:password@postgres:5432/agenta_oss_supertokens`

Databases - Alembic (migrations)

Controls migrations and config paths.

Variable	Purpose	Default
`ALEMBIC_AUTO_MIGRATIONS`	Auto migrations	`true`
`ALEMBIC_CFG_PATH_CORE`	Core alembic path	`/app/oss/databases/postgres/migrations/core/alembic.ini`
`ALEMBIC_CFG_PATH_TRACING`	Tracing alembic path	`/app/oss/databases/postgres/migrations/tracing/alembic.ini`

Databases - Redis

Use one Redis or split to volatile/durable.

Variable	Purpose	Default
`REDIS_URI`	Single Redis URI	`redis://redis:6379/0`
`REDIS_URI_VOLATILE`	Volatile Redis URI	`redis://redis-volatile:6379/0`
`REDIS_URI_DURABLE`	Durable Redis URI	`redis://redis-durable:6381/0`

Authentication - SuperTokens

Auth service connection and email auth toggle.

Variable	Purpose	Default
`SUPERTOKENS_API_KEY`	SuperTokens API key	(empty)
`SUPERTOKENS_CONNECTION_URI`	SuperTokens URL	`http://supertokens:3567`
`SUPERTOKENS_EMAIL_DISABLED`	Disable email auth	`false`

Authentication - Email providers

Used for email login (OTP).

Variable	Purpose	Default
`SENDGRID_API_KEY`	SendGrid key	(empty)
`SENDGRID_FROM_ADDRESS`	SendGrid sender	(empty)

Authentication - OIDC providers

Set the provider pairs you use.

Variable	Purpose
`GOOGLE_OAUTH_CLIENT_ID`	Google client ID
`GOOGLE_OAUTH_CLIENT_SECRET`	Google client secret
`GOOGLE_WORKSPACES_OAUTH_CLIENT_ID`	Google Workspaces client ID
`GOOGLE_WORKSPACES_OAUTH_CLIENT_SECRET`	Google Workspaces client secret
`GOOGLE_WORKSPACES_HD`	Google Workspaces hosted domain
`GITHUB_OAUTH_CLIENT_ID`	GitHub client ID
`GITHUB_OAUTH_CLIENT_SECRET`	GitHub client secret
`APPLE_OAUTH_CLIENT_ID`	Apple client ID
`APPLE_OAUTH_CLIENT_SECRET`	Apple client secret
`APPLE_KEY_ID`	Apple key ID
`APPLE_TEAM_ID`	Apple team ID
`APPLE_PRIVATE_KEY`	Apple private key
`DISCORD_OAUTH_CLIENT_ID`	Discord client ID
`DISCORD_OAUTH_CLIENT_SECRET`	Discord client secret
`FACEBOOK_OAUTH_CLIENT_ID`	Facebook client ID
`FACEBOOK_OAUTH_CLIENT_SECRET`	Facebook client secret
`GITLAB_OAUTH_CLIENT_ID`	GitLab client ID
`GITLAB_OAUTH_CLIENT_SECRET`	GitLab client secret
`GITLAB_BASE_URL`	GitLab base URL
`BITBUCKET_OAUTH_CLIENT_ID`	Bitbucket client ID
`BITBUCKET_OAUTH_CLIENT_SECRET`	Bitbucket client secret
`LINKEDIN_OAUTH_CLIENT_ID`	LinkedIn client ID
`LINKEDIN_OAUTH_CLIENT_SECRET`	LinkedIn client secret
`OKTA_OAUTH_CLIENT_ID`	Okta client ID
`OKTA_OAUTH_CLIENT_SECRET`	Okta client secret
`OKTA_DOMAIN`	Okta domain
`AZURE_AD_OAUTH_CLIENT_ID`	Azure AD client ID
`AZURE_AD_OAUTH_CLIENT_SECRET`	Azure AD client secret
`AZURE_AD_DIRECTORY_ID`	Azure AD directory ID
`BOXY_SAML_OAUTH_CLIENT_ID`	BoxyHQ SAML client ID
`BOXY_SAML_OAUTH_CLIENT_SECRET`	BoxyHQ SAML client secret
`BOXY_SAML_URL`	BoxyHQ SAML URL
`TWITTER_OAUTH_CLIENT_ID`	Twitter client ID
`TWITTER_OAUTH_CLIENT_SECRET`	Twitter client secret

Billing - Stripe [ee-only]

Only for EE deployments.

Variable	Purpose	Default
`STRIPE_API_KEY`	Stripe API key	(empty)
`STRIPE_WEBHOOK_SECRET`	Stripe webhook secret	(empty)
`STRIPE_WEBHOOK_TARGET`	Stripe webhook target	(empty)
`STRIPE_PRICING`	Stripe pricing JSON	(empty)

Proxy - LLM Providers

API keys for the LLM proxy.

Variable	Purpose
`OPENAI_API_KEY`	OpenAI key
`ANTHROPIC_API_KEY`	Anthropic key
`COHERE_API_KEY`	Cohere key
`GROQ_API_KEY`	Groq key
`GEMINI_API_KEY`	Gemini key
`MISTRAL_API_KEY`	Mistral key
`ALEPHALPHA_API_KEY`	Aleph Alpha key
`ANYSCALE_API_KEY`	Anyscale key
`DEEPINFRA_API_KEY`	DeepInfra key
`OPENROUTER_API_KEY`	OpenRouter key
`PERPLEXITYAI_API_KEY`	Perplexity key
`TOGETHERAI_API_KEY`	Together key

Sandbox - Daytona

Used when AGENTA_SERVICES_SANDBOX_RUNNER=daytona.

Variable	Purpose	Default
`DAYTONA_API_KEY`	Daytona API key	(empty)
`DAYTONA_API_URL`	Daytona API URL	`https://app.daytona.io/api`
`DAYTONA_TARGET`	Region (`AGENTA_REGION` or `eu`)	`eu`
`DAYTONA_SNAPSHOT`	Snapshot ID	`daytona-small`

Analytics - PostHog

Analytics key for OSS.

Variable	Purpose	Default
`POSTHOG_API_KEY`	PostHog key	`phc_xxxxxxxx`

Self-hosting basics

Pick a file: hosting/docker-compose/oss/env.oss.dev.example (development) or hosting/docker-compose/oss/env.oss.gh.example. EE has matching env.ee.*.example.
Copy it and edit the values you need.
Use it with Docker Compose:

docker compose -f hosting/docker-compose/oss/docker-compose.gh.yml --env-file .my-env-file --profile with-web --profile with-traefik up -d

Key environments variables for self-hosting:

AGENTA_LICENSE
AGENTA_AUTH_KEY
AGENTA_CRYPT_KEY
AGENTA_WEB_URL
AGENTA_API_URL
AGENTA_SERVICES_URL
AGENTA_API_INTERNAL_URL
TRAEFIK_PROTOCOL
TRAEFIK_DOMAIN
TRAEFIK_PORT
TRAEFIK_HTTPS_PORT
TRAEFIK_SSL_DIR
POSTGRES_URI_CORE
POSTGRES_URI_TRACING
POSTGRES_URI_SUPERTOKENS
REDIS_URI (or REDIS_URI_VOLATILE + REDIS_URI_DURABLE)

Deprecated variables

These are deprecated and will be removed later:

Deprecated Variable	New Variable(s)	Migration Note
`AGENTA_PORT`	`TRAEFIK_PORT`	Port configuration moved to Traefik
`BARE_DOMAIN_NAME`	`TRAEFIK_DOMAIN`	Domain configuration moved to Traefik
`DOMAIN_NAME`	`AGENTA_API_URL`	More specific API URL configuration
`WEBSITE_DOMAIN_NAME`	`AGENTA_WEB_URL`	More specific web URL configuration
`SERVICE_URL_TEMPLATE`	`AGENTA_SERVICES_URL`	Simplified service URL template
`POSTGRES_DB`	(removed)	Database names now hardcoded
`POSTGRES_URI`	`POSTGRES_URI_CORE`, `POSTGRES_URI_TRACING`, `POSTGRES_URI_SUPERTOKENS`	Split into separate database connections
`ALEMBIC_CFG_PATH`	`ALEMBIC_CFG_PATH_CORE`, `ALEMBIC_CFG_PATH_TRACING`	Split migration configs
`AGENTA_HOST`	(removed)	No longer needed

Migration of Deprecated Environment Variables

When you start Agenta with deprecated variables, you'll see a warning message. To migrate:

Update your environment file with the new variable names
Remove the deprecated variables from your configuration
Restart Agenta to apply the changes

Example migration:

# Old (deprecated)
AGENTA_PORT=80
BARE_DOMAIN_NAME=mydomain.com
DOMAIN_NAME=http://mydomain.com
SERVICE_URL_TEMPLATE=http://localhost:80/services/{path}

# New (current)
TRAEFIK_PORT=80
TRAEFIK_DOMAIN=mydomain.com
AGENTA_API_URL=http://mydomain.com/api
AGENTA_WEB_URL=http://mydomain.com
AGENTA_SERVICES_URL=http://mydomain.com/services

Configuration Examples

Local Development

AGENTA_LICENSE=oss
AGENTA_API_URL=http://localhost/api
AGENTA_WEB_URL=http://localhost
TRAEFIK_DOMAIN=localhost
TRAEFIK_PORT=80

Production with Custom Domain

AGENTA_LICENSE=oss
AGENTA_API_URL=https://agenta.mydomain.com/api
AGENTA_WEB_URL=https://agenta.mydomain.com
TRAEFIK_DOMAIN=agenta.mydomain.com
TRAEFIK_PORT=80
TRAEFIK_HTTPS_PORT=443
TRAEFIK_SSL_DIR=/home/user/ssl_certificates

Production with IP Address

AGENTA_LICENSE=oss
AGENTA_API_URL=http://192.168.1.100/api
AGENTA_WEB_URL=http://192.168.1.100
TRAEFIK_DOMAIN=192.168.1.100
TRAEFIK_PORT=80

Security Considerations

Replace default secrets: Always change AGENTA_AUTH_KEY, AGENTA_CRYPT_KEY, and SUPERTOKENS_API_KEY in production
Secure database credentials: Use strong passwords for POSTGRES_PASSWORD
Use HTTPS in production: Configure SSL/TLS for production deployments

Troubleshooting

Common Issues

Services can't connect: Verify database URIs and service URLs are correct
Authentication failures: Check that auth keys match across services
SSL certificate issues: Ensure AGENTA_SSL_DIR points to a directory with proper permissions
Deprecated variable warnings: Follow the migration guide to update your configuration

Getting Help

For configuration assistance:

Check the GitHub issues
Join our Slack community

Configuration file location​

Environment file sections (in file order)​

Agenta - License​

Agenta - Secrets​

Agenta - Endpoints​

Agenta - Images​

Agenta - OTLP​

Agenta - API​

Agenta - Services​

Network - Traefik​

Network - Nginx​

Docker - Compose​

Databases - Postgres​

Databases - Alembic (migrations)​

Databases - Redis​

Authentication - SuperTokens​

Authentication - Email providers​

Authentication - OIDC providers​

Billing - Stripe [ee-only]​

Proxy - LLM Providers​

Sandbox - Daytona​

Analytics - PostHog​

Self-hosting basics​

Deprecated variables​

Migration of Deprecated Environment Variables​

Configuration Examples​

Local Development​

Production with Custom Domain​

Production with IP Address​

Security Considerations​

Troubleshooting​

Common Issues​

Getting Help​