Skip to content

Environment variables reference

Note 1 : Some variable default values might change depending on the selected start mode (Docker or Developer), especially URL-related ones
Note 2 : Relative paths start from the executing service directory

Domains & URLs

Name Service Description Default value
GATEWAY_API_HOST api-gateway, workspaces, events api-gateway internal URL for internal requests (i.e contact fetching) http://localhost:3001/v2
API_URL console, pages, api-gateway, runtime api-gateway public URL http://studio.local.prisme.ai:3001/v2
CONSOLE_URL api-gateway, console, pages, runtime Studio URL, used for emails, auth redirections & runtime variable {{global.studioUrl}} http://studio.local.prisme.ai:3000
PAGES_HOST api-gateway, console, pages, runtime Pages base domain starting with a '.', workspace slug will be prefixed as a subdomain. Used for pages builder, pages sign in redirection from api gateway, & runtime variable {{global.pagesUrl}} .pages.local.prisme.ai:3100

Databases

Notes on uploads bucket :
By default, S3 driver stores all uploads inside the same bucket whether they are public or private. This unique bucket is expected to allow public accesses and enable object level ACLs, letting the S3 driver selectively set objects public or private ACL.

In case these S3 options are forbidden in your environment, you can have 2 separate S3 Buckets for public / private objects :
* Both buckets can keep default S3 settings (which forbid any public access & disable object level ACLs) * The 2nd additional bucket will be served through a public CDN allowed to access * objects (or any more restrictive patterns you want)

In this setup, UPLOADS_STORAGE_S3_* environement variables will configure the private bucket, and the public bucket can be enabled with UPLOADS_PUBLIC_STORAGE_S3_* environment variables.
Separate secret/access keys can be provided for the public bucket, or you can retrieve credentials from the first bucket by simply setting these 2 variables :

UPLOADS_PUBLIC_STORAGE_S3_LIKE_BUCKET_NAME="here is your public uploads bucket name"
UPLOADS_PUBLIC_STORAGE_S3_LIKE_BASE_URL="here is your CDN public base URL"

A last option in order to avoid public S3 bucket without creating a second one behind a CloudFront would be simply to force all files download requests to always go through Prisme.ai API. For this, all you have to do is to not provide the UPLOADS_STORAGE_S3_LIKE_BASE_URL environment variable.

Name Service Description Default value
BROKER_HOST All services Redis broker URL (must be the same across services) redis://localhost:6379/0
BROKER_PASSWORD All services Redis broker password
BROKER_NAMESPACE All services Optional namespace to segment events in case the same database instance is shared by multiple platforms
BROKER_TOPIC_MAXLEN All services Redis streams max length before getting truncated (See Capped Streams) 10000
BROKER_EMIT_MAXLEN All services Maximum size (in bytes) of emitted events 100000
PERMISSIONS_STORAGE_HOST All services MongoDB URL for permissions storage (must be the same for both workspaces & events) mongodb://localhost:27017/permissions
USERS_STORAGE_HOST api-gateway MongoDB URL for users storage mongodb://localhost:27017/users
SESSIONS_STORAGE_HOST api-gateway Redis URL for sessions storage redis://localhost:6379/0
SESSIONS_STORAGE_PASSWORD api-gateway Redis password for sessions storage
CORS_ADDITIONAL_ALLOWED_ORIGINS api-gateway Allowed CORS origins. By default, only allowed origins are STUDIO_URL, PAGES_HOST or workspace configured custom domains
RATE_LIMIT_SIGNUP api-gateway Maximum number of signup per ip per minute 1
RATE_LIMIT_ANONYMOUS_LOGIN api-gateway Maximum number of anonymous login per ip per minute 10
RATE_LIMIT_PRISMEAI_LOGIN api-gateway Maximum number of email/password login attempt per email per minute 5
RATE_LIMIT_PASSWORD_RESET api-gateway Maximum number of password reset per ip per minute 1
EVENTS_STORAGE_ES_HOST events Elasticsearch URL for events persistance http://localhost:9200
EVENTS_STORAGE_ES_USER events Elasticsearch user for events persistance
EVENTS_STORAGE_ES_PASSWORD events Elasticsearch password for events persistance
EVENTS_TOPICS_CACHE_HOST events Redis URL for event userTopics persistance. BROKER_HOST variable
EVENTS_TOPICS_CACHE_PASSWORD events Redis password for event userTopics persistance.
WORKSPACES_STORAGE_TYPE runtime & workspaces Workspaces storage driver (FILESYSTEM | S3_LIKE | AZURE_BLOB). Must be the same instance for both runtime & workspaces. FILESYSTEM
WORKSPACES_STORAGE_FILESYSTEM_DIRPATH runtime & workspaces Workspaces filesystem storage : directory path ../../data/models/
UPLOADS_STORAGE_FILESYSTEM_DIRPATH runtime & workspaces Uploads filesystem storage : directory path ../../data/models/
WORKSPACES_STORAGE_S3_LIKE_ACCESS_KEY runtime & workspaces Workspaces s3 like storage : access key
WORKSPACES_STORAGE_S3_LIKE_SECRET_KEY runtime & workspaces Workspaces s3 like storage : secret key
WORKSPACES_STORAGE_S3_LIKE_BASE_URL runtime & workspaces Workspaces s3 like storage : base download url. If omitted, workspaces API will be used as proxy
WORKSPACES_STORAGE_S3_LIKE_ENDPOINT runtime & workspaces Workspaces s3 like storage : endpoint
WORKSPACES_STORAGE_S3_LIKE_BUCKET_NAME runtime & workspaces Workspaces s3 like storage : bucket name
WORKSPACES_STORAGE_S3_LIKE_REGION runtime & workspaces Workspaces s3 like storage : region
WORKSPACES_STORAGE_AZURE_BLOB_CONTAINER runtime & workspaces Workspaces Azure Blob container name models
WORKSPACES_STORAGE_AZURE_BLOB_CONNECTION_STRING runtime & workspaces Workspaces Azure Blob connection string models
CONTEXTS_CACHE_HOST runtime Redis URL for contexts persistance. redis://localhost:6379/0
CONTEXTS_CACHE_PASSWORD runtime Redis password for contexts persistance.
UPLOADS_STORAGE_TYPE workspaces Uploads storage driver (FILESYSTEM | S3_LIKEĀ | AZURE_BLOB). Must be the same instance for workspaces. FILESYSTEM
UPLOADS_STORAGE_FILESYSTEM_DIRPATH workspaces Uploads filesystem storage : directory path ../../data/uploads
UPLOADS_STORAGE_S3_LIKE_ACCESS_KEY workspaces Uploads s3 like storage : access key
UPLOADS_STORAGE_S3_LIKE_SECRET_KEY workspaces Uploads s3 like storage : secret key
UPLOADS_STORAGE_S3_LIKE_BASE_URL workspaces Uploads s3 like storage : base download url
UPLOADS_STORAGE_S3_LIKE_ENDPOINT workspaces Uploads s3 like storage : endpoint
UPLOADS_STORAGE_S3_LIKE_BUCKET_NAME workspaces Uploads s3 like storage : bucket name
UPLOADS_STORAGE_S3_LIKE_REGION workspaces Uploads s3 like storage : region
UPLOADS_FILESYSTEM_DOWNLOAD_URL workspaces Base download URL for files uploaded to filesystem driver Upload/Get request URL
UPLOADS_STORAGE_AZURE_BLOB_CONTAINER workspaces Uploads Azure Blob container name models
UPLOADS_STORAGE_AZURE_BLOB_CONNECTION_STRING workspaces Uploads Azure Blob connection string
UPLOADS_STORAGE_AZURE_BLOB_BASE_URL workspaces Base public download url for uploads azure blob container : If omitted, workspaces API will be used as proxy

Other

Name Service Description Default value
OPENAPI_FILEPATH All services Requests & events validation swagger file path ../specifications/swagger.yml
UPLOADS_MAX_SIZE workspaces,api-gateway,runtime Max upload size in bytes 10000000 (10MB)
OIDC_PROVIDER_URL api-gateway, pages, console, runtime OIDC Authorization server URL. You don't need to define this OIDC variable if you intend to add another provider API_URL env var, without any base path.
OIDC_STUDIO_CLIENT_ID api-gateway, console Studio OIDC client id local-client-id
OIDC_STUDIO_CLIENT_SECRET api-gateway Studio OIDC client secret, only known by api-gateway local-client-id
OIDC_CLIENT_REGISTRATION_TOKEN api-gateway Access token required for OIDC clients registration API local-client-id
OIDC_WELL_KNOWN_URL api-gateway OIDC provider configuration discovery URL (only if it's an external provider)
SESSION_COOKIES_MAX_AGE api-gateway Auth server session cookies expiration (in seconds) 2592000 (1 month)
ACCESS_TOKENS_MAX_AGE api-gateway Session expiration, used for both anonymous & authenticated sessions (in seconds) 2592000 (1 month)
JWKS_URL api-gateway Defines the endpoint to call in order to retrieve the JWKS as part of our JWKS strategy.
You might want to change this value using an internal api-gateway hostname if your are using our local provider (example: http://api-gateway/oidc/jwks).
OIDC_PROVIDER_URL/oidc/jwks
SESSION_COOKIES_SIGN_SECRET api-gateway Session cookies signing secret
WEBSOCKETS_DEFAULT_TRANSPORTS console,pages Default socketio transport method polling,websocket
PORT console Listening port number 3000
PORT api-gateway Listening port number 3001
GATEWAY_CONFIG_PATH api-gateway gateway.config.yml path ../../gateway.config.yml
AUTH_PROVIDERS_CONFIG api-gateway authProviders.config.yml path ../../authProviders.config.yml
INTERNAL_API_KEY api-gateway, workspaces API Key allowing internal services fetching events /sys/cleanup API
PASSWORD_VALIDATION_REGEXP api-gateway Password validation regular expression .{8,32}
EMAIL_VALIDATION_ENABLED api-gateway Depreacted. Use ACCOUNT_VALIDATION_METHOD instead. Enable email validation on signup true
ACCOUNT_VALIDATION_METHOD api-gateway Account validation method on signup. Can be an auto validation ("auto"), a validation by email ("email") or a manual validation by a super admin ("manual") email
WORKSPACES_API_URL api-gateway prismeai-workspaces internal URL http://workspaces:3002
EVENTS_API_URL api-gateway prismeai-events internal URL http://events:3004
RUNTIME_API_URL api-gateway prismeai-runtime internal URL http://runtime:3003
X_FORWARDED_HEADERS api-gateway Add X-Forwarded-* headers on proxied requests yes
SUPER_ADMIN_EMAILS api-gateway List of users emails which should have access to every workspaces. Each email should be separated with a comma. Example: john.doe@foo.com,admin@bar.ai None
PORT events Listening port number 3004
EVENTS_BUFFER_FLUSH_AT events Persists events in the data lake each N events 128
EVENTS_BUFFER_HIGH_WATERMARK events Stops listening for new events to be persisted when N events are already waiting to be persisted 256
EVENTS_BUFFER_FLUSH_EVERY events Persists events every N milliseconds even if EVENTS_BUFFER_FLUSH_AT has not been reached 5000
EVENTS_RETENTION_DAYS events Number of days events are kept inside the data lake before being removed 180
EVENTS_CLEANUP_WORKSPACE_INACTIVITY_DAYS events Delete workspaces events if inactive for more than N days & with less than EVENTS_CLEANUP_WORKSPACE_MAX_EVENTS 15
EVENTS_CLEANUP_WORKSPACE_MAX_EVENTS events Delete workspaces events if inactive for more than EVENTS_CLEANUP_WORKSPACE_INACTIVITY_DAYS & with less than N events 100
EVENTS_SCHEDULED_DELETION_DAYS events Number of days events are kept inside the data lake after deleting their workspace 90
SOCKETIO_COOKIE_MAX_AGE events Socket.io cookie maxAge Default value from 'cookie' NodeJS module
EVENTS_STORAGE_ES_BULK_REFRESH events Enable Elastic "refresh" option when bulk inserting events (might induce overhead) no
PORT runtime Listening port number 3003
MAXIMUM_SUCCESSIVE_CALLS runtime Maximum number of automation execution for the same correlation id (i.e initiated by the same webhook or external event) 20
CONTEXT_RUN_EXPIRE_TIME runtime Run context expiration time in seconds. 60
CONTEXT_UNAUTHENTICATED_SESSION_EXPIRE_TIME runtime Session context expiration time in seconds for unauthenticated sessions 60*60 (1 hour)
ADDITIONAL_GLOBAL_VARS_* runtime Additional variables that will be available from global context (ADDITIONAL_GLOBAL_VARS_apiUrl will be available as {{global.apiUrl}}). None
WORKSPACE_CONFIG_{{workspaceSlug}}_{{variableName}} runtime Additional variables that will be available for a specific workspace. (WORKSPACE_CONFIG_knowledge-manager_secretApiKey will be available at {{config.secretApiKey}} within the automations of the knowledge-manager workspace). None
APP_CONFIG_{{appSlug}}_{{variableName}} runtime Additional variables that will be available for a specific app. (APP_CONFIG_MailSender_mailApiKey will be available as {{config.mailApiKey}} within the automations of an instance of the MailSender app). Useful if you want to publish your app without compromising a secret. None
PORT workspaces Listening port number 3002
UPLOADS_ALLOWED_MIMETYPES workspaces Allowed upload MIME types, comma-separated image/*,text/*,video/*,audio/*,application/*
UPLOADS_FORBIDDEN_MIMETYPES workspaces Forbidden upload MIME types, comma-separated (do not support wildcards)
UPLOADS_DEFAULT_VISIBILITY workspaces If not explicitly set in API request, default uploads visibility public