Configuration of Environment Variables

This guide lists the env vars in the same order as the .example files in hosting/docker-compose. These variables control various aspects of the platform, from core functionality to third-party integrations.

Kubernetes / Helm

If you deployed Agenta using the Helm chart, configuration is done through values.yaml rather than environment variables. See the Deploy on Kubernetes guide for the full Helm values reference. The environment variables listed below still apply — the Helm chart maps its values to the same variables internally.

Configuration file location

Defaults live in hosting/docker-compose/*/env.*.example. Use --env-file to point to your own file.

Environment file sections (in file order)

Agenta - License

Controls OSS vs EE behavior and defaults.

Variable	Purpose	Default
`AGENTA_LICENSE`	License type (`oss` or `ee`)	`oss`

Agenta - Secrets

Used for internal authorization and encryption. Change in production.

Variable	Purpose	Default
`AGENTA_AUTH_KEY`	Authorization key	`replace-me`
`AGENTA_CRYPT_KEY`	Encryption key	`replace-me`

Agenta - Endpoints

Public URLs and internal API URL.

Variable	Purpose	Default
`AGENTA_WEB_URL`	Web URL	`http://localhost`
`AGENTA_API_URL`	API URL	`http://localhost/api`
`AGENTA_SERVICES_URL`	Services URL	`http://localhost/services`
`AGENTA_API_INTERNAL_URL`	Internal API URL	(empty)

Agenta - Images

Override Docker image names or tags.

Variable	Purpose	Default
`AGENTA_WEB_IMAGE_NAME`	Web image name	`agenta-web`
`AGENTA_WEB_IMAGE_TAG`	Web image tag	`latest`
`AGENTA_API_IMAGE_NAME`	API image name	`agenta-api`
`AGENTA_API_IMAGE_TAG`	API image tag	`latest`
`AGENTA_SERVICES_IMAGE_NAME`	Services image name	`agenta-services`
`AGENTA_SERVICES_IMAGE_TAG`	Services image tag	`latest`

Agenta - OTLP

Tracing batch size limit.

Variable	Purpose	Default
`AGENTA_OTLP_MAX_BATCH_BYTES`	Max OTLP batch bytes	`10485760`

Agenta - API

Basic backend options.

Variable	Purpose	Default
`AGENTA_DEMOS`	Enable demos	(empty)
`AGENTA_ALLOWED_DOMAINS`	Allowed email domains	(empty)

Agenta - Services

Middleware cache and sandbox runner.

Variable	Purpose	Default
`AGENTA_SERVICES_MIDDLEWARE_CACHE_ENABLED`	Enable cache	`true`
`AGENTA_SERVICES_SANDBOX_RUNNER`	`local` or `daytona`	`local`

Network - Traefik

Reverse proxy and TLS settings.

Variable	Purpose	Default
`TRAEFIK_PROTOCOL`	`http` or `https`	`http`
`TRAEFIK_DOMAIN`	Hostname	`localhost`
`TRAEFIK_PORT`	HTTP port	`80`
`TRAEFIK_UI_PORT`	Dashboard port	`8080`
`TRAEFIK_HTTPS_PORT`	HTTPS port	`443`
`TRAEFIK_SSL_DIR`	SSL cert dir	`/home/user/ssl_certificates`

Network - Nginx

Only used if you enable Nginx.

Variable	Purpose	Default
`NGINX_PORT`	Nginx port	`80`

Docker - Compose

Project name affects container naming.

Variable	Purpose	Default
`COMPOSE_PROJECT_NAME`	Compose project name	`agenta-oss-dev`

Databases - Postgres

User, password, ports, and connection strings.

Variable	Purpose	Default
`POSTGRES_USER`	DB user	`username`
`POSTGRES_PASSWORD`	DB password	`password`
`POSTGRES_PORT`	DB port	`5432`
`POSTGRES_URI_CORE`	Core DB URI	`postgresql+asyncpg://username:password@postgres:5432/agenta_oss_core`
`POSTGRES_URI_TRACING`	Tracing DB URI	`postgresql+asyncpg://username:password@postgres:5432/agenta_oss_tracing`
`POSTGRES_URI_SUPERTOKENS`	SuperTokens DB URI	`postgresql://username:password@postgres:5432/agenta_oss_supertokens`

Databases - Alembic (migrations)

Controls migrations and config paths.

Variable	Purpose	Default
`ALEMBIC_AUTO_MIGRATIONS`	Auto migrations	`true`
`ALEMBIC_CFG_PATH_CORE`	Core alembic path	`/app/oss/databases/postgres/migrations/core/alembic.ini`
`ALEMBIC_CFG_PATH_TRACING`	Tracing alembic path	`/app/oss/databases/postgres/migrations/tracing/alembic.ini`

Databases - Redis

Use one Redis or split to volatile/durable.

Variable	Purpose	Default
`REDIS_URI`	Single Redis URI	`redis://redis:6379/0`
`REDIS_URI_VOLATILE`	Volatile Redis URI	`redis://redis-volatile:6379/0`
`REDIS_URI_DURABLE`	Durable Redis URI	`redis://redis-durable:6381/0`

Authentication - SuperTokens

Auth service connection and email auth toggle.

Variable	Purpose	Default
`SUPERTOKENS_API_KEY`	SuperTokens API key	(empty)
`SUPERTOKENS_CONNECTION_URI`	SuperTokens URL	`http://supertokens:3567`
`SUPERTOKENS_EMAIL_DISABLED`	Disable email auth	`false`

Authentication - Email providers

Used for email login (OTP).

Variable	Purpose	Default
`SENDGRID_API_KEY`	SendGrid key	(empty)
`SENDGRID_FROM_ADDRESS`	SendGrid sender	(empty)

Authentication - OIDC providers

Set the provider pairs you use.

Variable	Purpose
`GOOGLE_OAUTH_CLIENT_ID`	Google client ID
`GOOGLE_OAUTH_CLIENT_SECRET`	Google client secret
`GOOGLE_WORKSPACES_OAUTH_CLIENT_ID`	Google Workspaces client ID
`GOOGLE_WORKSPACES_OAUTH_CLIENT_SECRET`	Google Workspaces client secret
`GOOGLE_WORKSPACES_HD`	Google Workspaces hosted domain
`GITHUB_OAUTH_CLIENT_ID`	GitHub client ID
`GITHUB_OAUTH_CLIENT_SECRET`	GitHub client secret
`APPLE_OAUTH_CLIENT_ID`	Apple client ID
`APPLE_OAUTH_CLIENT_SECRET`	Apple client secret
`APPLE_KEY_ID`	Apple key ID
`APPLE_TEAM_ID`	Apple team ID
`APPLE_PRIVATE_KEY`	Apple private key
`DISCORD_OAUTH_CLIENT_ID`	Discord client ID
`DISCORD_OAUTH_CLIENT_SECRET`	Discord client secret
`FACEBOOK_OAUTH_CLIENT_ID`	Facebook client ID
`FACEBOOK_OAUTH_CLIENT_SECRET`	Facebook client secret
`GITLAB_OAUTH_CLIENT_ID`	GitLab client ID
`GITLAB_OAUTH_CLIENT_SECRET`	GitLab client secret
`GITLAB_BASE_URL`	GitLab base URL
`BITBUCKET_OAUTH_CLIENT_ID`	Bitbucket client ID
`BITBUCKET_OAUTH_CLIENT_SECRET`	Bitbucket client secret
`LINKEDIN_OAUTH_CLIENT_ID`	LinkedIn client ID
`LINKEDIN_OAUTH_CLIENT_SECRET`	LinkedIn client secret
`OKTA_OAUTH_CLIENT_ID`	Okta client ID
`OKTA_OAUTH_CLIENT_SECRET`	Okta client secret
`OKTA_DOMAIN`	Okta domain
`AZURE_AD_OAUTH_CLIENT_ID`	Azure AD client ID
`AZURE_AD_OAUTH_CLIENT_SECRET`	Azure AD client secret
`AZURE_AD_DIRECTORY_ID`	Azure AD directory ID
`BOXY_SAML_OAUTH_CLIENT_ID`	BoxyHQ SAML client ID
`BOXY_SAML_OAUTH_CLIENT_SECRET`	BoxyHQ SAML client secret
`BOXY_SAML_URL`	BoxyHQ SAML URL
`TWITTER_OAUTH_CLIENT_ID`	Twitter client ID
`TWITTER_OAUTH_CLIENT_SECRET`	Twitter client secret

Billing - Stripe [ee-only]

Only for EE deployments.

Variable	Purpose	Default
`STRIPE_API_KEY`	Stripe API key	(empty)
`STRIPE_WEBHOOK_SECRET`	Stripe webhook secret	(empty)
`STRIPE_WEBHOOK_TARGET`	Stripe webhook target	(empty)
`STRIPE_PRICING`	Stripe pricing JSON	(empty)

Proxy - LLM Providers

API keys for the LLM proxy.

Variable	Purpose
`OPENAI_API_KEY`	OpenAI key
`ANTHROPIC_API_KEY`	Anthropic key
`COHERE_API_KEY`	Cohere key
`GROQ_API_KEY`	Groq key
`GEMINI_API_KEY`	Gemini key
`MISTRAL_API_KEY`	Mistral key
`ALEPHALPHA_API_KEY`	Aleph Alpha key
`ANYSCALE_API_KEY`	Anyscale key
`DEEPINFRA_API_KEY`	DeepInfra key
`OPENROUTER_API_KEY`	OpenRouter key
`PERPLEXITYAI_API_KEY`	Perplexity key
`TOGETHERAI_API_KEY`	Together key

Sandbox - Daytona

Used when AGENTA_SERVICES_SANDBOX_RUNNER=daytona.

Variable	Purpose	Default
`DAYTONA_API_KEY`	Daytona API key	(empty)
`DAYTONA_API_URL`	Daytona API URL	`https://app.daytona.io/api`
`DAYTONA_TARGET`	Region (`AGENTA_REGION` or `eu`)	`eu`
`DAYTONA_SNAPSHOT`	Snapshot ID	`daytona-small`

Analytics - PostHog

Analytics key for OSS.

Variable	Purpose	Default
`POSTHOG_API_KEY`	PostHog key	`phc_xxxxxxxx`

Self-hosting basics

Pick a file: hosting/docker-compose/oss/env.oss.dev.example (development) or hosting/docker-compose/oss/env.oss.gh.example. EE has matching env.ee.*.example.
Copy it and edit the values you need.
Use it with Docker Compose:

docker compose -f hosting/docker-compose/oss/docker-compose.gh.yml --env-file .my-env-file --profile with-web --profile with-traefik up -d

Key environments variables for self-hosting:

AGENTA_LICENSE
AGENTA_AUTH_KEY
AGENTA_CRYPT_KEY
AGENTA_WEB_URL
AGENTA_API_URL
AGENTA_SERVICES_URL
AGENTA_API_INTERNAL_URL
TRAEFIK_PROTOCOL
TRAEFIK_DOMAIN
TRAEFIK_PORT
TRAEFIK_HTTPS_PORT
TRAEFIK_SSL_DIR
POSTGRES_URI_CORE
POSTGRES_URI_TRACING
POSTGRES_URI_SUPERTOKENS
REDIS_URI (or REDIS_URI_VOLATILE + REDIS_URI_DURABLE)

Deprecated variables

These are deprecated and will be removed later:

Deprecated Variable	New Variable(s)	Migration Note
`AGENTA_PORT`	`TRAEFIK_PORT`	Port configuration moved to Traefik
`BARE_DOMAIN_NAME`	`TRAEFIK_DOMAIN`	Domain configuration moved to Traefik
`DOMAIN_NAME`	`AGENTA_API_URL`	More specific API URL configuration
`WEBSITE_DOMAIN_NAME`	`AGENTA_WEB_URL`	More specific web URL configuration
`SERVICE_URL_TEMPLATE`	`AGENTA_SERVICES_URL`	Simplified service URL template
`POSTGRES_DB`	(removed)	Database names now hardcoded
`POSTGRES_URI`	`POSTGRES_URI_CORE`, `POSTGRES_URI_TRACING`, `POSTGRES_URI_SUPERTOKENS`	Split into separate database connections
`ALEMBIC_CFG_PATH`	`ALEMBIC_CFG_PATH_CORE`, `ALEMBIC_CFG_PATH_TRACING`	Split migration configs
`AGENTA_HOST`	(removed)	No longer needed

Migration of Deprecated Environment Variables

When you start Agenta with deprecated variables, you'll see a warning message. To migrate:

Update your environment file with the new variable names
Remove the deprecated variables from your configuration
Restart Agenta to apply the changes

Example migration:

# Old (deprecated)
AGENTA_PORT=80
BARE_DOMAIN_NAME=mydomain.com
DOMAIN_NAME=http://mydomain.com
SERVICE_URL_TEMPLATE=http://localhost:80/services/{path}

# New (current)
TRAEFIK_PORT=80
TRAEFIK_DOMAIN=mydomain.com
AGENTA_API_URL=http://mydomain.com/api
AGENTA_WEB_URL=http://mydomain.com
AGENTA_SERVICES_URL=http://mydomain.com/services

Configuration Examples

Local Development

AGENTA_LICENSE=oss
AGENTA_API_URL=http://localhost/api
AGENTA_WEB_URL=http://localhost
TRAEFIK_DOMAIN=localhost
TRAEFIK_PORT=80

Production with Custom Domain

AGENTA_LICENSE=oss
AGENTA_API_URL=https://agenta.mydomain.com/api
AGENTA_WEB_URL=https://agenta.mydomain.com
TRAEFIK_DOMAIN=agenta.mydomain.com
TRAEFIK_PORT=80
TRAEFIK_HTTPS_PORT=443
TRAEFIK_SSL_DIR=/home/user/ssl_certificates

Production with IP Address

AGENTA_LICENSE=oss
AGENTA_API_URL=http://192.168.1.100/api
AGENTA_WEB_URL=http://192.168.1.100
TRAEFIK_DOMAIN=192.168.1.100
TRAEFIK_PORT=80

Security Considerations

Replace default secrets: Always change AGENTA_AUTH_KEY, AGENTA_CRYPT_KEY, and SUPERTOKENS_API_KEY in production
Secure database credentials: Use strong passwords for POSTGRES_PASSWORD
Use HTTPS in production: Configure SSL/TLS for production deployments

Troubleshooting

Common Issues

Services can't connect: Verify database URIs and service URLs are correct
Authentication failures: Check that auth keys match across services
SSL certificate issues: Ensure AGENTA_SSL_DIR points to a directory with proper permissions
Deprecated variable warnings: Follow the migration guide to update your configuration

Getting Help

For configuration assistance:

Check the GitHub issues
Join our Slack community

Configuration file location​

Environment file sections (in file order)​

Agenta - License​

Agenta - Secrets​

Agenta - Endpoints​

Agenta - Images​

Agenta - OTLP​

Agenta - API​

Agenta - Services​

Network - Traefik​

Network - Nginx​

Docker - Compose​

Databases - Postgres​

Databases - Alembic (migrations)​

Databases - Redis​

Authentication - SuperTokens​

Authentication - Email providers​

Authentication - OIDC providers​

Billing - Stripe [ee-only]​

Proxy - LLM Providers​

Sandbox - Daytona​

Analytics - PostHog​

Self-hosting basics​

Deprecated variables​

Migration of Deprecated Environment Variables​

Configuration Examples​

Local Development​

Production with Custom Domain​

Production with IP Address​

Security Considerations​

Troubleshooting​

Common Issues​

Getting Help​