Environment variables reference¶
Note 1 : Some variable default values might change depending on the selected start mode (Docker or Developer), especially URL-related ones
Note 2 : Relative paths start from the executing service directory
Domains & URLs¶
Name | Service | Description | Default value |
GATEWAY_API_HOST | api-gateway, workspaces, events | api-gateway internal URL for internal requests (i.e contact fetching) | http://localhost:3001/v2 |
API_URL | console, pages, api-gateway, runtime | api-gateway public URL | http://studio.local.prisme.ai:3001/v2 |
CONSOLE_URL | api-gateway, console, pages, runtime | Studio URL, used for emails, auth redirections & runtime variable {{global.studioUrl}} | http://studio.local.prisme.ai:3000 |
PAGES_HOST | api-gateway, console, pages, runtime | Pages base domain starting with a '.', workspace slug will be prefixed as a subdomain. Used for pages builder, pages sign in redirection from api gateway, & runtime variable {{global.pagesUrl}} | .pages.local.prisme.ai:3100 |
Databases¶
Notes on uploads bucket :
By default, S3 driver stores all uploads inside the same bucket whether they are public or private. This unique bucket is expected to allow public accesses and enable object level ACLs, letting the S3 driver selectively set objects public or private ACL.
In case these S3 options are forbidden in your environment, you can have 2 separate S3 Buckets for public / private objects :
* Both buckets can keep default S3 settings (which forbid any public access & disable object level ACLs)
* The 2nd additional bucket will be served through a public CDN allowed to access *
objects (or any more restrictive patterns you want)
In this setup, UPLOADS_STORAGE_S3_*
environement variables will configure the private bucket, and the public bucket can be enabled with UPLOADS_PUBLIC_STORAGE_S3_*
environment variables.
Separate secret/access keys can be provided for the public bucket, or you can retrieve credentials from the first bucket by simply setting these 2 variables :
UPLOADS_PUBLIC_STORAGE_S3_LIKE_BUCKET_NAME="here is your public uploads bucket name"
UPLOADS_PUBLIC_STORAGE_S3_LIKE_BASE_URL="here is your CDN public base URL"
A last option in order to avoid public S3 bucket without creating a second one behind a CloudFront would be simply to force all files download requests to always go through Prisme.ai API. For this, all you have to do is to not provide the UPLOADS_STORAGE_S3_LIKE_BASE_URL environment variable.
Name | Service | Description | Default value |
BROKER_HOST | All services | Redis broker URL (must be the same across services) | redis://localhost:6379/0 |
BROKER_PASSWORD | All services | Redis broker password | |
BROKER_NAMESPACE | All services | Optional namespace to segment events in case the same database instance is shared by multiple platforms | |
BROKER_TOPIC_MAXLEN | All services | Redis streams max length before getting truncated (See Capped Streams) | 10000 |
BROKER_EMIT_MAXLEN | All services | Maximum size (in bytes) of emitted events | 100000 |
PERMISSIONS_STORAGE_HOST | All services | MongoDB URL for permissions storage (must be the same for both workspaces & events) | mongodb://localhost:27017/permissions |
USERS_STORAGE_HOST | api-gateway | MongoDB URL for users storage | mongodb://localhost:27017/users |
SESSIONS_STORAGE_HOST | api-gateway | Redis URL for sessions storage | redis://localhost:6379/0 |
SESSIONS_STORAGE_PASSWORD | api-gateway | Redis password for sessions storage | |
CORS_ADDITIONAL_ALLOWED_ORIGINS | api-gateway | Allowed CORS origins. By default, only allowed origins are STUDIO_URL, PAGES_HOST or workspace configured custom domains | |
RATE_LIMIT_SIGNUP | api-gateway | Maximum number of signup per ip per minute | 1 |
RATE_LIMIT_ANONYMOUS_LOGIN | api-gateway | Maximum number of anonymous login per ip per minute | 10 |
RATE_LIMIT_PRISMEAI_LOGIN | api-gateway | Maximum number of email/password login attempt per email per minute | 5 |
RATE_LIMIT_PASSWORD_RESET | api-gateway | Maximum number of password reset per ip per minute | 1 |
EVENTS_STORAGE_ES_HOST | events | Elasticsearch URL for events persistance | http://localhost:9200 |
EVENTS_STORAGE_ES_USER | events | Elasticsearch user for events persistance | |
EVENTS_STORAGE_ES_PASSWORD | events | Elasticsearch password for events persistance | |
EVENTS_TOPICS_CACHE_HOST | events | Redis URL for event userTopics persistance. | BROKER_HOST variable |
EVENTS_TOPICS_CACHE_PASSWORD | events | Redis password for event userTopics persistance. | |
WORKSPACES_STORAGE_TYPE | runtime & workspaces | Workspaces storage driver (FILESYSTEM | S3_LIKE | AZURE_BLOB). Must be the same instance for both runtime & workspaces. | FILESYSTEM |
WORKSPACES_STORAGE_FILESYSTEM_DIRPATH | runtime & workspaces | Workspaces filesystem storage : directory path | ../../data/models/ |
UPLOADS_STORAGE_FILESYSTEM_DIRPATH | runtime & workspaces | Uploads filesystem storage : directory path | ../../data/models/ |
WORKSPACES_STORAGE_S3_LIKE_ACCESS_KEY | runtime & workspaces | Workspaces s3 like storage : access key | |
WORKSPACES_STORAGE_S3_LIKE_SECRET_KEY | runtime & workspaces | Workspaces s3 like storage : secret key | |
WORKSPACES_STORAGE_S3_LIKE_BASE_URL | runtime & workspaces | Workspaces s3 like storage : base download url. If omitted, workspaces API will be used as proxy | |
WORKSPACES_STORAGE_S3_LIKE_ENDPOINT | runtime & workspaces | Workspaces s3 like storage : endpoint | |
WORKSPACES_STORAGE_S3_LIKE_BUCKET_NAME | runtime & workspaces | Workspaces s3 like storage : bucket name | |
WORKSPACES_STORAGE_S3_LIKE_REGION | runtime & workspaces | Workspaces s3 like storage : region | |
WORKSPACES_STORAGE_AZURE_BLOB_CONTAINER | runtime & workspaces | Workspaces Azure Blob container name | models |
WORKSPACES_STORAGE_AZURE_BLOB_CONNECTION_STRING | runtime & workspaces | Workspaces Azure Blob connection string | models |
CONTEXTS_CACHE_HOST | runtime | Redis URL for contexts persistance. | redis://localhost:6379/0 |
CONTEXTS_CACHE_PASSWORD | runtime | Redis password for contexts persistance. | |
UPLOADS_STORAGE_TYPE | workspaces | Uploads storage driver (FILESYSTEM | S3_LIKEĀ | AZURE_BLOB). Must be the same instance for workspaces. | FILESYSTEM |
UPLOADS_STORAGE_FILESYSTEM_DIRPATH | workspaces | Uploads filesystem storage : directory path | ../../data/uploads |
UPLOADS_STORAGE_S3_LIKE_ACCESS_KEY | workspaces | Uploads s3 like storage : access key | |
UPLOADS_STORAGE_S3_LIKE_SECRET_KEY | workspaces | Uploads s3 like storage : secret key | |
UPLOADS_STORAGE_S3_LIKE_BASE_URL | workspaces | Uploads s3 like storage : base download url | |
UPLOADS_STORAGE_S3_LIKE_ENDPOINT | workspaces | Uploads s3 like storage : endpoint | |
UPLOADS_STORAGE_S3_LIKE_BUCKET_NAME | workspaces | Uploads s3 like storage : bucket name | |
UPLOADS_STORAGE_S3_LIKE_REGION | workspaces | Uploads s3 like storage : region | |
UPLOADS_FILESYSTEM_DOWNLOAD_URL | workspaces | Base download URL for files uploaded to filesystem driver | Upload/Get request URL |
UPLOADS_STORAGE_AZURE_BLOB_CONTAINER | workspaces | Uploads Azure Blob container name | models |
UPLOADS_STORAGE_AZURE_BLOB_CONNECTION_STRING | workspaces | Uploads Azure Blob connection string | |
UPLOADS_STORAGE_AZURE_BLOB_BASE_URL | workspaces | Base public download url for uploads azure blob container : If omitted, workspaces API will be used as proxy |
Other¶
Name | Service | Description | Default value |
OPENAPI_FILEPATH | All services | Requests & events validation swagger file path | ../specifications/swagger.yml |
UPLOADS_MAX_SIZE | workspaces,api-gateway,runtime | Max upload size in bytes | 10000000 (10MB) |
OIDC_PROVIDER_URL | api-gateway, pages, console, runtime | OIDC Authorization server URL. You don't need to define this OIDC variable if you intend to add another provider | API_URL env var, without any base path. |
OIDC_STUDIO_CLIENT_ID | api-gateway, console | Studio OIDC client id | local-client-id |
OIDC_STUDIO_CLIENT_SECRET | api-gateway | Studio OIDC client secret, only known by api-gateway | local-client-id |
OIDC_CLIENT_REGISTRATION_TOKEN | api-gateway | Access token required for OIDC clients registration API | local-client-id |
OIDC_WELL_KNOWN_URL | api-gateway | OIDC provider configuration discovery URL (only if it's an external provider) | |
SESSION_COOKIES_MAX_AGE | api-gateway | Auth server session cookies expiration (in seconds) | 2592000 (1 month) |
ACCESS_TOKENS_MAX_AGE | api-gateway | Session expiration, used for both anonymous & authenticated sessions (in seconds) | 2592000 (1 month) |
JWKS_URL | api-gateway | Defines the endpoint to call in order to retrieve the JWKS as part of our JWKS strategy. You might want to change this value using an internal api-gateway hostname if your are using our local provider (example: http://api-gateway/oidc/jwks ). |
OIDC_PROVIDER_URL/oidc/jwks |
SESSION_COOKIES_SIGN_SECRET | api-gateway | Session cookies signing secret | |
WEBSOCKETS_DEFAULT_TRANSPORTS | console,pages | Default socketio transport method | polling,websocket |
PORT | console | Listening port number | 3000 |
PORT | api-gateway | Listening port number | 3001 |
GATEWAY_CONFIG_PATH | api-gateway | gateway.config.yml path | ../../gateway.config.yml |
AUTH_PROVIDERS_CONFIG | api-gateway | authProviders.config.yml path | ../../authProviders.config.yml |
INTERNAL_API_KEY | api-gateway, workspaces | API Key allowing internal services fetching events /sys/cleanup API | |
PASSWORD_VALIDATION_REGEXP | api-gateway | Password validation regular expression | .{8,32} |
EMAIL_VALIDATION_ENABLED | api-gateway | Depreacted. Use ACCOUNT_VALIDATION_METHOD instead. Enable email validation on signup | true |
ACCOUNT_VALIDATION_METHOD | api-gateway | Account validation method on signup. Can be an auto validation ("auto"), a validation by email ("email") or a manual validation by a super admin ("manual") | |
WORKSPACES_API_URL | api-gateway | prismeai-workspaces internal URL | http://workspaces:3002 |
EVENTS_API_URL | api-gateway | prismeai-events internal URL | http://events:3004 |
RUNTIME_API_URL | api-gateway | prismeai-runtime internal URL | http://runtime:3003 |
X_FORWARDED_HEADERS | api-gateway | Add X-Forwarded-* headers on proxied requests | yes |
SUPER_ADMIN_EMAILS | api-gateway | List of users emails which should have access to every workspaces. Each email should be separated with a comma. Example: john.doe@foo.com,admin@bar.ai |
None |
PORT | events | Listening port number | 3004 |
EVENTS_BUFFER_FLUSH_AT | events | Persists events in the data lake each N events | 128 |
EVENTS_BUFFER_HIGH_WATERMARK | events | Stops listening for new events to be persisted when N events are already waiting to be persisted | 256 |
EVENTS_BUFFER_FLUSH_EVERY | events | Persists events every N milliseconds even if EVENTS_BUFFER_FLUSH_AT has not been reached | 5000 |
EVENTS_RETENTION_DAYS | events | Number of days events are kept inside the data lake before being removed | 180 |
EVENTS_CLEANUP_WORKSPACE_INACTIVITY_DAYS | events | Delete workspaces events if inactive for more than N days & with less than EVENTS_CLEANUP_WORKSPACE_MAX_EVENTS | 15 |
EVENTS_CLEANUP_WORKSPACE_MAX_EVENTS | events | Delete workspaces events if inactive for more than EVENTS_CLEANUP_WORKSPACE_INACTIVITY_DAYS & with less than N events | 100 |
EVENTS_SCHEDULED_DELETION_DAYS | events | Number of days events are kept inside the data lake after deleting their workspace | 90 |
SOCKETIO_COOKIE_MAX_AGE | events | Socket.io cookie maxAge | Default value from 'cookie' NodeJS module |
EVENTS_STORAGE_ES_BULK_REFRESH | events | Enable Elastic "refresh" option when bulk inserting events (might induce overhead) | no |
PORT | runtime | Listening port number | 3003 |
MAXIMUM_SUCCESSIVE_CALLS | runtime | Maximum number of automation execution for the same correlation id (i.e initiated by the same webhook or external event) | 20 |
CONTEXT_RUN_EXPIRE_TIME | runtime | Run context expiration time in seconds. | 60 |
CONTEXT_UNAUTHENTICATED_SESSION_EXPIRE_TIME | runtime | Session context expiration time in seconds for unauthenticated sessions | 60*60 (1 hour) |
ADDITIONAL_GLOBAL_VARS_* | runtime | Additional variables that will be available from global context (ADDITIONAL_GLOBAL_VARS_apiUrl will be available as {{global.apiUrl}}). | None |
WORKSPACE_CONFIG_{{workspaceSlug}}_{{variableName}} | runtime | Additional variables that will be available for a specific workspace. (WORKSPACE_CONFIG_knowledge-manager_secretApiKey will be available at {{config.secretApiKey}} within the automations of the knowledge-manager workspace). |
None |
APP_CONFIG_{{appSlug}}_{{variableName}} | runtime | Additional variables that will be available for a specific app.
(APP_CONFIG_MailSender_mailApiKey will be available as {{config.mailApiKey}} within the automations of an instance of the MailSender app). Useful if you want to publish your app without compromising a secret. |
None |
PORT | workspaces | Listening port number | 3002 |
UPLOADS_ALLOWED_MIMETYPES | workspaces | Allowed upload MIME types, comma-separated | image/*,text/*,video/*,audio/*,application/* |
UPLOADS_FORBIDDEN_MIMETYPES | workspaces | Forbidden upload MIME types, comma-separated (do not support wildcards) | |
UPLOADS_DEFAULT_VISIBILITY | workspaces | If not explicitly set in API request, default uploads visibility | public |