Configuration of Environment Variables
Agenta encodes the same nesting at three layers: the environment variable name,
the Python env.py attribute path, and the Helm values.yaml path. Every
section below lists the canonical names in those three forms.
For deprecated/legacy environment variable names that still work via fallback, see Deprecated environment variables at the bottom.
For Helm deployments, set the values.yaml path instead of the env var. The
chart maps every value to the same canonical env var internally.
The Helm chart accepts a single Helm-only key, secrets.existingSecret, that
points at a pre-created Kubernetes Secret. When set, the chart will not create
or update the Secret object; it just wires envFrom/secretKeyRef references
to the name you provide. Your Secret must contain the canonical env-var keys
(AGENTA_AUTH_KEY, AGENTA_CRYPT_KEY, POSTGRES_PASSWORD, and any optional
keys such as SUPERTOKENS_API_KEY, OPENAI_API_KEY, OAuth client secrets,
etc.) — see Deploy to Kubernetes — Secrets.
This key has no env-var or env.py equivalent.
Agenta — core
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_LICENSE | agenta.license | agenta.license |
AGENTA_WEB_URL | agenta.web_url | agenta.webUrl |
AGENTA_SERVICES_URL | agenta.services_url | agenta.servicesUrl |
AGENTA_API_URL | agenta.api_url | agenta.apiUrl |
AGENTA_API_INTERNAL_URL | agenta.api_internal_url | agenta.apiInternalUrl |
AGENTA_AUTH_KEY | agenta.auth_key | agenta.authKey |
AGENTA_CRYPT_KEY | agenta.crypt_key | agenta.cryptKey |
Agenta — access
The first four variables (allowed/blocked domains and emails, allowed owner emails) apply to both the open source and Enterprise editions. See Restrict Sign-ups and Organization Creation for how they behave. The plan and role variables are Enterprise-only; see Dynamic Access Controls.
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_ACCESS_ALLOWED_DOMAINS | agenta.access.allowed_domains | agenta.access.allowedDomains |
AGENTA_ACCESS_ALLOWED_OWNER_EMAILS | agenta.access.allowed_owner_emails | agenta.access.allowedOwnerEmails |
AGENTA_ACCESS_BLOCKED_DOMAINS | agenta.access.blocked_domains | agenta.access.blockedDomains |
AGENTA_ACCESS_BLOCKED_EMAILS | agenta.access.blocked_emails | agenta.access.blockedEmails |
AGENTA_ACCESS_DEFAULT_PLAN | agenta.access.default_plan | agenta.access.defaultPlan |
AGENTA_ACCESS_DEFAULT_PLAN_OVERLAY | agenta.access.default_plan_overlay | agenta.access.defaultPlanOverlay |
AGENTA_ACCESS_EMAIL_DISABLED | agenta.access.email_disabled | agenta.access.emailDisabled |
AGENTA_ACCESS_PLANS | agenta.access.plans | agenta.access.plans |
AGENTA_ACCESS_ROLES | agenta.access.roles | agenta.access.roles |
AGENTA_ACCESS_ROLES_OVERLAY | agenta.access.roles_overlay | agenta.access.rolesOverlay |
Agenta — AI services
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_AI_SERVICES_API_KEY | agenta.ai_services.api_key | agenta.aiServices.apiKey |
AGENTA_AI_SERVICES_API_URL | agenta.ai_services.api_url | agenta.aiServices.apiUrl |
AGENTA_AI_SERVICES_ENVIRONMENT_SLUG | agenta.ai_services.environment_slug | agenta.aiServices.environmentSlug |
AGENTA_AI_SERVICES_REFINE_PROMPT_KEY | agenta.ai_services.refine_prompt_key | agenta.aiServices.refinePromptKey |
Agenta — billing
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_BILLING_CATALOG | agenta.billing.catalog | agenta.billing.catalog |
AGENTA_BILLING_PRICING | agenta.billing.pricing | agenta.billing.pricing |
Agenta — API
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_API_CACHING_ENABLED | agenta.api.caching.enabled | agenta.api.caching.enabled |
Agenta — extras
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_EXTRAS_DEMOS | agenta.extras.demos | agenta.extras.demos |
Agenta — logging
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_LOGGING_CONSOLE_ENABLED | agenta.logging.console_enabled | agenta.logging.consoleEnabled |
AGENTA_LOGGING_CONSOLE_LEVEL | agenta.logging.console_level | agenta.logging.consoleLevel |
AGENTA_LOGGING_FILE_ENABLED | agenta.logging.file_enabled | agenta.logging.fileEnabled |
AGENTA_LOGGING_FILE_LEVEL | agenta.logging.file_level | agenta.logging.fileLevel |
AGENTA_LOGGING_FILE_PATH | agenta.logging.file_path | agenta.logging.filePath |
AGENTA_LOGGING_OTLP_ENABLED | agenta.logging.otlp_enabled | agenta.logging.otlpEnabled |
AGENTA_LOGGING_OTLP_LEVEL | agenta.logging.otlp_level | agenta.logging.otlpLevel |
Agenta — OTLP
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_OTLP_MAX_BATCH_BYTES | agenta.otlp.max_batch_bytes | agenta.otlp.maxBatchBytes |
Agenta — services
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_SERVICES_CODE_SANDBOX_RUNNER | agenta.services.code.sandbox_runner | agenta.services.code.sandboxRunner |
AGENTA_SERVICES_HOOK_ALLOW_INSECURE | agenta.services.hook.allow_insecure | agenta.services.hook.allowInsecure |
AGENTA_SERVICES_MIDDLEWARE_AUTH_ENABLED | n/a (SDK-side) | agenta.services.middleware.authEnabled |
AGENTA_SERVICES_MIDDLEWARE_CACHING_ENABLED | agenta.services.middleware.caching_enabled | agenta.services.middleware.cachingEnabled |
Agent runner
These variables configure agent workflows. AGENTA_RUNNER_* variables are read by the
Services API. SANDBOX_AGENT_* variables are read by the separate runner service. See
Deploy the agent runner.
| Env var | Component | values.yaml path |
|---|---|---|
AGENTA_RUNNER_URL | Services API | agentRunner.externalUrl or generated from agentRunner.enabled |
AGENTA_RUNNER_TIMEOUT_SECONDS | Services API / SDK | n/a |
AGENTA_AGENT_MCPS_ENABLED | Services API | agentRunner.enableMcp |
SANDBOX_AGENT_PROVIDER | runner | agentRunner.provider |
SANDBOX_AGENT_LOG_LEVEL | runner | agentRunner.logLevel |
DAYTONA_API_KEY | runner | agentRunner.daytona.apiKey |
DAYTONA_API_URL | runner | agentRunner.daytona.apiUrl |
DAYTONA_TARGET | runner | agentRunner.daytona.target |
DAYTONA_SNAPSHOT | runner | agentRunner.daytona.snapshot |
DAYTONA_IMAGE | runner | agentRunner.daytona.image |
DAYTONA_AUTOSTOP | runner | agentRunner.daytona.autostopDelay |
AGENTA_AGENT_SANDBOX_PI_INSTALLED | runner | agentRunner.daytona.installPi |
AGENTA_SERVICES_CODE_SANDBOX_RUNNER selects how custom-code evaluators execute:
restricted(default) — in-process Python sandbox with limited builtins and an allowlist of pure-standard-library imports. No filesystem, network, or host access.local— raw execution in the services process with no sandbox. Any author who can create a custom-code evaluator can run arbitrary code on the host. Use only for trusted, single-tenant deployments.daytona— isolated remote sandbox (strongest). Recommended when evaluator authors are not fully trusted. Requires the daytona credentials below.
The legacy AGENTA_SERVICES_SANDBOX_RUNNER is still accepted as a fallback.
Store (durable object store)
Backs the durable working directory for sessions and agents. Files written by an agent run
survive sandbox teardown and reappear in the next turn. The store is disabled until ACCESS_KEY
and SECRET_KEY are set. Point these at any S3-compatible store: the bundled SeaweedFS, AWS S3,
or MinIO. ENDPOINT_URL is always explicit (SeaweedFS defaults it to http://seaweedfs:8333; a
remote store must set it).
The API holds the master credentials and never passes them to the runner. At run start it mints
short-lived, prefix-scoped credentials and only those reach the sandbox, which mounts the durable
prefix as its working directory. The STS mechanism depends on the backend (see the two-backend
note below): bundled SeaweedFS uses AssumeRoleWithWebIdentity; a remote S3 store uses
GetFederationToken.
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_STORE_ENDPOINT_URL | store.endpoint_url | store.endpointUrl (auto-populated when store.seaweedfs.enabled=true) |
AGENTA_STORE_STS_ENDPOINT_URL | store.sts_endpoint_url | store.stsEndpointUrl |
AGENTA_STORE_ACCESS_KEY | store.access_key | store.accessKey |
AGENTA_STORE_SECRET_KEY | store.secret_key | store.secretKey |
AGENTA_STORE_REGION | store.region | store.region |
AGENTA_STORE_BUCKET | store.bucket | store.bucket |
AGENTA_STORE_NAMESPACE | store.namespace | store.namespace |
AGENTA_STORE_SIGNING_KEY | store.signing_key | store.signingKey |
AGENTA_STORE_JWT_ISSUER | store.jwt_issuer | store.jwtIssuer |
AGENTA_STORE_JWT_PRIVATE_KEY | store.jwt_private_key | store.jwtPrivateKey |
| — | — | store.seaweedfs.enabled |
store.seaweedfs.enabled=true bundles a SeaweedFS StatefulSet and auto-populates
store.endpointUrl. Set it to false and supply store.endpointUrl to use an external
S3-compatible store. This toggle mirrors postgresql.enabled.
AGENTA_STORE_NAMESPACE — sharing one bucket across environmentsThe key layout treats the store as a small database: the bucket is the cluster, an optional
namespace is the database, the entity prefix (mounts/) is the table, and <project>/<mount>
is the row — so a full key is <bucket>/[<namespace>/]mounts/<project_id>/<mount_id>/....
Leave NAMESPACE unset for a dedicated bucket; the key layout is then identical to a single-tenant
store (no empty leading segment). Set it — typically to a deployment or environment id — when
several ephemeral environments share one bucket. Each environment's keys are prefixed with its
namespace, and the short-lived credentials the API signs are scoped to that namespace, so one
environment can never read or write another's objects even though they live in the same bucket.
The namespace narrows the credential scope; it never widens it, and it is orthogonal to the store
backend (it works on remote S3 and on bundled SeaweedFS alike).
SIGNING_KEY presence)The API narrows the master credentials to one mount prefix per run with an inline session policy.
How it signs that scoped credential depends on the backend, and the backend is chosen by whether
AGENTA_STORE_SIGNING_KEY is set — not by the endpoint:
SIGNING_KEYset → bundled SeaweedFS. SeaweedFS authorizes scoped credentials only through its OIDC IAM engine: the API acts as the OIDC issuer, mints a short-lived RS256 web-identity token, and serves the matching public JWKS at/.well-known/jwks.json; SeaweedFS fetches that JWKS to verify the token on eachAssumeRoleWithWebIdentitycall.SIGNING_KEYunset → remote S3-compatible store (AWS S3, MinIO). The API already holds S3 credentials, so it signs aGetFederationTokenrequest (SigV4) with them — no OIDC provider, no role. Cloudflare R2 is not supported: it does not implement AWS STSGetFederationToken.
AGENTA_STORE_STS_ENDPOINT_URL is the STS endpoint for the remote-S3 path. It defaults to the S3
endpoint (MinIO co-locates STS there); set it only when the store splits STS onto another host —
AWS: https://sts.<region>.amazonaws.com. It is ignored on the SeaweedFS path.
The SeaweedFS-only settings (SIGNING_KEY, JWT_ISSUER, JWT_PRIVATE_KEY):
AGENTA_STORE_SIGNING_KEY— base64 of exactly 32 bytes; the HMAC key SeaweedFS signs its own STS session tokens with (head -c 32 /dev/urandom | base64). Its presence also selects the SeaweedFS backend, so leave it unset for a remote S3 store.AGENTA_STORE_JWT_ISSUER— the in-network API URL SeaweedFS fetches the JWKS from (e.g.http://api:8000).AGENTA_STORE_JWT_PRIVATE_KEY— a stable RSA private key (PKCS#8 PEM) the API signs the web-identity token with. Required in production: every API replica must share one key, or SeaweedFS's cached JWKS desyncs and token validation fails intermittently. Generate withopenssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048. Local dev falls back to a built-in key when unset.
The bundled store and the API must agree on ACCESS_KEY and SECRET_KEY; in the Helm chart and
docker-compose this is wired automatically.
A local sandbox mounts durable storage on the runner host against the in-network store. A
remote sandbox mounts from inside the cloud sandbox, so the store endpoint must be publicly
reachable. Enable the ngrok tunnel (the compose remote profile) or point
AGENTA_STORE_ENDPOINT_URL at a public S3 URL. Only the scoped, short-lived credentials ever
cross into a remote sandbox.
Agenta — webhooks
| Env var | env.py path | values.yaml path |
|---|---|---|
AGENTA_WEBHOOKS_ALLOW_INSECURE | agenta.webhooks.allow_insecure | agenta.webhooks.allowInsecure |
alembic
| Env var | env.py path | values.yaml path |
|---|---|---|
ALEMBIC_AUTO_MIGRATIONS | alembic.auto_migrations | alembic.autoMigrations |
ALEMBIC_CFG_PATH_CORE | alembic.cfg_path_core | alembic.cfgPathCore |
ALEMBIC_CFG_PATH_TRACING | alembic.cfg_path_tracing | alembic.cfgPathTracing |
cloudflare
| Env var | env.py path | values.yaml path |
|---|---|---|
CLOUDFLARE_TURNSTILE_ALLOWED_HOSTNAMES | cloudflare.turnstile.allowed_hostnames | cloudflare.turnstile.allowedHostnames |
CLOUDFLARE_TURNSTILE_SECRET_KEY | cloudflare.turnstile.secret_key | cloudflare.turnstile.secretKey |
CLOUDFLARE_TURNSTILE_SITE_KEY | cloudflare.turnstile.site_key | cloudflare.turnstile.siteKey |
composio
| Env var | env.py path | values.yaml path |
|---|---|---|
COMPOSIO_API_KEY | composio.api_key | composio.apiKey |
COMPOSIO_API_URL | composio.api_url | composio.apiUrl |
crisp
| Env var | env.py path | values.yaml path |
|---|---|---|
CRISP_WEBSITE_ID | crisp.website_id | crisp.websiteId |
daytona
| Env var | env.py path | values.yaml path |
|---|---|---|
DAYTONA_API_KEY | daytona.api_key | daytona.apiKey |
DAYTONA_API_URL | daytona.api_url | daytona.apiUrl |
DAYTONA_SNAPSHOT | daytona.snapshot | daytona.snapshot |
DAYTONA_TARGET | daytona.target | daytona.target |
docker
| Env var | env.py path | values.yaml path |
|---|---|---|
DOCKER_NETWORK_MODE | docker.network_mode | docker.networkMode |
identity (OIDC providers)
| Env var | env.py path | values.yaml path |
|---|---|---|
APPLE_OAUTH_CLIENT_ID | identity.apple.client_id | identity.apple.clientId |
APPLE_OAUTH_CLIENT_SECRET | identity.apple.client_secret | identity.apple.clientSecret |
APPLE_KEY_ID | identity.apple.key_id | identity.apple.keyId |
APPLE_PRIVATE_KEY | identity.apple.private_key | identity.apple.privateKey |
APPLE_TEAM_ID | identity.apple.team_id | identity.apple.teamId |
AZURE_AD_OAUTH_CLIENT_ID | identity.azure_ad.client_id | identity.azureAd.clientId |
AZURE_AD_OAUTH_CLIENT_SECRET | identity.azure_ad.client_secret | identity.azureAd.clientSecret |
AZURE_AD_DIRECTORY_ID | identity.azure_ad.directory_id | identity.azureAd.directoryId |
BITBUCKET_OAUTH_CLIENT_ID | identity.bitbucket.client_id | identity.bitbucket.clientId |
BITBUCKET_OAUTH_CLIENT_SECRET | identity.bitbucket.client_secret | identity.bitbucket.clientSecret |
BOXY_SAML_OAUTH_CLIENT_ID | identity.boxy_saml.client_id | identity.boxySaml.clientId |
BOXY_SAML_OAUTH_CLIENT_SECRET | identity.boxy_saml.client_secret | identity.boxySaml.clientSecret |
BOXY_SAML_URL | identity.boxy_saml.url | identity.boxySaml.url |
DISCORD_OAUTH_CLIENT_ID | identity.discord.client_id | identity.discord.clientId |
DISCORD_OAUTH_CLIENT_SECRET | identity.discord.client_secret | identity.discord.clientSecret |
FACEBOOK_OAUTH_CLIENT_ID | identity.facebook.client_id | identity.facebook.clientId |
FACEBOOK_OAUTH_CLIENT_SECRET | identity.facebook.client_secret | identity.facebook.clientSecret |
GITHUB_OAUTH_CLIENT_ID | identity.github.client_id | identity.github.clientId |
GITHUB_OAUTH_CLIENT_SECRET | identity.github.client_secret | identity.github.clientSecret |
GITLAB_BASE_URL | identity.gitlab.base_url | identity.gitlab.baseUrl |
GITLAB_OAUTH_CLIENT_ID | identity.gitlab.client_id | identity.gitlab.clientId |
GITLAB_OAUTH_CLIENT_SECRET | identity.gitlab.client_secret | identity.gitlab.clientSecret |
GOOGLE_OAUTH_CLIENT_ID | identity.google.client_id | identity.google.clientId |
GOOGLE_OAUTH_CLIENT_SECRET | identity.google.client_secret | identity.google.clientSecret |
GOOGLE_WORKSPACES_OAUTH_CLIENT_ID | identity.google_workspaces.client_id | identity.googleWorkspaces.clientId |
GOOGLE_WORKSPACES_OAUTH_CLIENT_SECRET | identity.google_workspaces.client_secret | identity.googleWorkspaces.clientSecret |
GOOGLE_WORKSPACES_HD | identity.google_workspaces.hd | identity.googleWorkspaces.hd |
LINKEDIN_OAUTH_CLIENT_ID | identity.linkedin.client_id | identity.linkedin.clientId |
LINKEDIN_OAUTH_CLIENT_SECRET | identity.linkedin.client_secret | identity.linkedin.clientSecret |
OKTA_OAUTH_CLIENT_ID | identity.okta.client_id | identity.okta.clientId |
OKTA_OAUTH_CLIENT_SECRET | identity.okta.client_secret | identity.okta.clientSecret |
OKTA_DOMAIN | identity.okta.domain | identity.okta.domain |
TWITTER_OAUTH_CLIENT_ID | identity.twitter.client_id | identity.twitter.clientId |
TWITTER_OAUTH_CLIENT_SECRET | identity.twitter.client_secret | identity.twitter.clientSecret |
llm (provider API keys)
| Env var | env.py path | values.yaml path |
|---|---|---|
ALEPHALPHA_API_KEY | llm.alephalpha | llm.alephalpha |
ANTHROPIC_API_KEY | llm.anthropic | llm.anthropic |
ANYSCALE_API_KEY | llm.anyscale | llm.anyscale |
COHERE_API_KEY | llm.cohere | llm.cohere |
DEEPINFRA_API_KEY | llm.deepinfra | llm.deepinfra |
GEMINI_API_KEY | llm.gemini | llm.gemini |
GROQ_API_KEY | llm.groq | llm.groq |
MINIMAX_API_KEY | llm.minimax | llm.minimax |
MISTRAL_API_KEY | llm.mistral | llm.mistral |
OPENAI_API_KEY | llm.openai | llm.openai |
OPENROUTER_API_KEY | llm.openrouter | llm.openrouter |
PERPLEXITYAI_API_KEY | llm.perplexityai | llm.perplexityai |
TOGETHERAI_API_KEY | llm.togetherai | llm.togetherai |
loops
| Env var | env.py path | values.yaml path |
|---|---|---|
LOOPS_API_KEY | loops.api_key | loops.apiKey |
newrelic
| Env var | env.py path | values.yaml path |
|---|---|---|
NEWRELIC_LICENSE_KEY | newrelic.license_key | newrelic.licenseKey |
postgres
| Env var | env.py path | values.yaml path |
|---|---|---|
POSTGRES_USER | postgres.user | postgres.user |
POSTGRES_PASSWORD | postgres.password | postgres.password |
POSTGRES_PORT | postgres.port | postgres.port |
POSTGRES_URI_CORE | postgres.uri_core | postgres.uriCore |
POSTGRES_URI_SUPERTOKENS | postgres.uri_supertokens | postgres.uriSupertokens |
POSTGRES_URI_TRACING | postgres.uri_tracing | postgres.uriTracing |
posthog
| Env var | env.py path | values.yaml path |
|---|---|---|
POSTHOG_API_KEY | posthog.api_key | posthog.apiKey |
POSTHOG_API_URL | posthog.api_url | posthog.apiUrl |
redis
| Env var | env.py path | values.yaml path |
|---|---|---|
REDIS_URI | redis.uri | redis.uri |
REDIS_URI_DURABLE | redis.uri_durable | redis.uriDurable |
REDIS_URI_VOLATILE | redis.uri_volatile | redis.uriVolatile |
smtp
SMTP is preferred for email delivery. It is enabled only when host, port, and sender are configured. SendGrid remains supported as a fallback when SMTP is not fully configured.
For local Mailpit from an API container, use SMTP_HOST=host.docker.internal
when Mailpit runs on the host, or SMTP_HOST=mailpit only when Mailpit is on
the same Docker network.
| Env var | env.py path | values.yaml path |
|---|---|---|
SMTP_HOST | smtp.host | (not mapped) |
SMTP_PORT | smtp.port | (not mapped) |
SMTP_USERNAME | smtp.username | (not mapped) |
SMTP_PASSWORD | smtp.password | (not mapped) |
SMTP_FROM_EMAIL | smtp.from_email | (not mapped) |
SMTP_USE_TLS | smtp.use_tls | (not mapped) |
SMTP_USE_SSL | smtp.use_ssl | (not mapped) |
SMTP_TIMEOUT | smtp.timeout | (not mapped) |
sendgrid
SendGrid is used only when SMTP is not fully configured.
| Env var | env.py path | values.yaml path |
|---|---|---|
SENDGRID_API_KEY | sendgrid.api_key | sendgrid.apiKey |
SENDGRID_FROM_EMAIL | sendgrid.from_email | sendgrid.fromEmail |
stripe
| Env var | env.py path | values.yaml path |
|---|---|---|
STRIPE_API_KEY | stripe.api_key | stripe.apiKey |
STRIPE_WEBHOOK_SECRET | stripe.webhook_secret | stripe.webhookSecret |
STRIPE_WEBHOOK_TARGET | stripe.webhook_target | stripe.webhookTarget |
supertokens
| Env var | env.py path | values.yaml path |
|---|---|---|
SUPERTOKENS_API_KEY | supertokens.api_key | supertokens.apiKey |
SUPERTOKENS_APPLICATION | supertokens.application | supertokens.application |
SUPERTOKENS_PASSWORD_MAX_LENGTH | supertokens.password_max_length | supertokens.passwordMaxLength |
SUPERTOKENS_PASSWORD_MIN_LENGTH | supertokens.password_min_length | supertokens.passwordMinLength |
SUPERTOKENS_PASSWORD_POLICY | supertokens.password_policy | supertokens.passwordPolicy |
SUPERTOKENS_PASSWORD_REGEX | supertokens.password_regex | supertokens.passwordRegex |
SUPERTOKENS_TENANT | supertokens.tenant | supertokens.tenant |
SUPERTOKENS_URI_CORE | supertokens.uri_core | supertokens.uriCore |
Deprecated environment variables
The following legacy names still work via fallback (the Pydantic env loader reads the new name first, then the legacy one). They will be removed in a future major release.
| Legacy env var | Canonical replacement |
|---|---|
AGENTA_ALLOWED_DOMAINS | AGENTA_ACCESS_ALLOWED_DOMAINS |
AGENTA_ORG_CREATION_ALLOWLIST | AGENTA_ACCESS_ALLOWED_OWNER_EMAILS |
AGENTA_ACCESS_ORG_CREATION_ALLOWLIST | AGENTA_ACCESS_ALLOWED_OWNER_EMAILS |
AGENTA_ACCESS_ALLOWED_ORGANIZATION_OWNERS | AGENTA_ACCESS_ALLOWED_OWNER_EMAILS |
AGENTA_BLOCKED_DOMAINS | AGENTA_ACCESS_BLOCKED_DOMAINS |
AGENTA_BLOCKED_EMAILS | AGENTA_ACCESS_BLOCKED_EMAILS |
AGENTA_DEFAULT_PLAN | AGENTA_ACCESS_DEFAULT_PLAN |
SUPERTOKENS_EMAIL_DISABLED | AGENTA_ACCESS_EMAIL_DISABLED |
AGENTA_PRICING | AGENTA_BILLING_PRICING |
STRIPE_PRICING | AGENTA_BILLING_PRICING |
AGENTA_CACHE_ENABLED | AGENTA_API_CACHING_ENABLED |
AGENTA_CACHING_ENABLED | AGENTA_API_CACHING_ENABLED |
AGENTA_DEMOS | AGENTA_EXTRAS_DEMOS |
AGENTA_LOG_CONSOLE_ENABLED | AGENTA_LOGGING_CONSOLE_ENABLED |
AGENTA_LOG_CONSOLE_LEVEL | AGENTA_LOGGING_CONSOLE_LEVEL |
AGENTA_LOG_FILE_ENABLED | AGENTA_LOGGING_FILE_ENABLED |
AGENTA_LOG_FILE_LEVEL | AGENTA_LOGGING_FILE_LEVEL |
AGENTA_LOG_FILE_PATH | AGENTA_LOGGING_FILE_PATH |
AGENTA_LOG_OTLP_ENABLED | AGENTA_LOGGING_OTLP_ENABLED |
AGENTA_LOG_OTLP_LEVEL | AGENTA_LOGGING_OTLP_LEVEL |
AGENTA_SERVICES_SANDBOX_RUNNER | AGENTA_SERVICES_CODE_SANDBOX_RUNNER |
AGENTA_SERVICE_MIDDLEWARE_AUTH_ENABLED (singular SERVICE) | AGENTA_SERVICES_MIDDLEWARE_AUTH_ENABLED |
AGENTA_SERVICE_MIDDLEWARE_CACHE_ENABLED (singular SERVICE) | AGENTA_SERVICES_MIDDLEWARE_CACHING_ENABLED |
AGENTA_WEBHOOK_ALLOW_INSECURE | AGENTA_WEBHOOKS_ALLOW_INSECURE (API), AGENTA_SERVICES_HOOK_ALLOW_INSECURE (SDK) |
AGENTA_AUTO_MIGRATIONS | ALEMBIC_AUTO_MIGRATIONS |
AGENTA_RUNTIME_PREFIX | (removed; no consumer in API) |
ACTIVE_DIRECTORY_OAUTH_CLIENT_ID | AZURE_AD_OAUTH_CLIENT_ID |
ACTIVE_DIRECTORY_OAUTH_CLIENT_SECRET | AZURE_AD_OAUTH_CLIENT_SECRET |
ACTIVE_DIRECTORY_DIRECTORY_ID | AZURE_AD_DIRECTORY_ID |
NEW_RELIC_LICENSE_KEY | NEWRELIC_LICENSE_KEY |
NRIA_LICENSE_KEY | NEWRELIC_LICENSE_KEY |
POSTHOG_HOST | POSTHOG_API_URL |
AGENTA_AUTHN_EMAIL_FROM | SMTP_FROM_EMAIL (preferred) or SENDGRID_FROM_EMAIL fallback |
AGENTA_SEND_EMAIL_FROM_ADDRESS | SMTP_FROM_EMAIL (preferred) or SENDGRID_FROM_EMAIL fallback |
STRIPE_TARGET | STRIPE_WEBHOOK_TARGET |
SUPERTOKENS_CONNECTION_URI | SUPERTOKENS_URI_CORE |