Environment Variables Reference¶
Complete reference for all environment variables used in Aegis.
Overview¶
Environment variables are defined in /home/agent/projects/aegis-core/.env and loaded by Docker Compose.
Security: Never commit .env to version control. Use .env.example for templates.
Database Variables¶
POSTGRES_HOST¶
PostgreSQL database host.
Type: string
Default: host.docker.internal
Format: Hostname or IP address
Used by: Dashboard, Scheduler
Example:
POSTGRES_PORT¶
PostgreSQL database port.
Type: integer
Default: 5432
Used by: Dashboard, Scheduler
Example:
POSTGRES_USER¶
PostgreSQL username.
Type: string
Default: agent
Used by: Dashboard, Scheduler
Example:
POSTGRES_PASSWORD¶
PostgreSQL password.
Type: string
Default: agent
Used by: Dashboard, Scheduler
Security: Change in production
Example:
POSTGRES_DB¶
PostgreSQL database name.
Type: string
Default: aegis
Used by: Dashboard, Scheduler
Example:
LLM API Keys¶
ZAI_API_KEY¶
Primary Z.ai API key for GLM-4.7.
Type: string (format: {id}.{secret})
Required: Yes
Used by: Dashboard, Scheduler
Rate Limit: ~8 req/min
Example:
Getting a Key: Sign up at https://z.ai
ZAI_API_KEY_FALLBACK¶
Fallback Z.ai API key.
Type: string
Required: No
Used by: Dashboard (automatic failover)
Example:
ZAI_BASE_URL¶
Z.ai API base URL.
Type: string (URL)
Default: https://api.z.ai/api/anthropic/v1
Used by: Dashboard
Example:
ZAI_ANTHROPIC_BASE¶
Z.ai Anthropic-compatible endpoint.
Type: string (URL)
Default: https://api.z.ai/api/anthropic
Used by: Dashboard
Example:
PERPLEXITY_API_KEY¶
Perplexity API key for deep research.
Type: string
Required: No (only for deep briefings)
Used by: Intel deep briefing generation
Example:
Getting a Key: https://www.perplexity.ai/settings/api
CLAUDE_CODE_OAUTH_TOKEN¶
Claude Code OAuth token.
Type: string
Required: No
Used by: Claude Code integration
Example:
Communication Services¶
GITHUB_TOKEN¶
GitHub Personal Access Token.
Type: string (format: github_pat_...)
Required: Yes (for GitHub operations)
Used by: Dashboard, MCP GitHub server
Scopes: repo, read:org, read:user
Example:
GITHUB_TOKEN=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
Creating a Token:
1. Go to GitHub Settings → Developer settings → Personal access tokens
2. Generate new token (classic)
3. Select scopes: repo, read:org, read:user
4. Copy token
TELEGRAM_BOT_TOKEN¶
Telegram bot token.
Type: string (format: {id}:{token})
Required: Yes (for Telegram alerts)
Used by: Dashboard, MCP Telegram server
Example:
Creating a Bot:
1. Message @BotFather on Telegram
2. Send /newbot
3. Follow prompts
4. Copy token
TELEGRAM_CHAT_ID¶
Telegram chat ID for alerts.
Type: integer (as string)
Required: Yes (for Telegram alerts)
Used by: Dashboard
Example:
Finding Chat ID:
1. Message your bot
2. Visit https://api.telegram.org/bot{TOKEN}/getUpdates
3. Look for chat.id in response
VONAGE_API_KEY¶
Vonage API key.
Type: string
Required: Yes (for WhatsApp)
Used by: Dashboard
Example:
VONAGE_API_SECRET¶
Vonage API secret.
Type: string
Required: Yes (for WhatsApp)
Used by: Dashboard
Example:
VONAGE_APPLICATION_ID¶
Vonage application ID.
Type: string (UUID)
Required: Yes (for WhatsApp)
Used by: Dashboard
Example:
VONAGE_WHATSAPP_NUMBER¶
WhatsApp Business Account number.
Type: string (digits only, no +)
Required: Yes (for WhatsApp)
Used by: Dashboard
Example:
VONAGE_PRIVATE_KEY_B64¶
Base64-encoded Vonage private key.
Type: string (base64)
Required: Yes (for WhatsApp)
Used by: Dashboard
Format: Base64-encoded PEM private key
Example:
Encoding Key:
VONAGE_SIGNATURE_SECRET¶
Vonage webhook signature secret.
Type: string
Required: No (optional, for webhook verification)
Used by: Dashboard
Example:
Note: If not set, webhook signature verification is disabled.
DISCORD_ALERTS_CHANNEL¶
Discord channel ID for alerts.
Type: string (integer as string)
Required: No
Used by: Dashboard
Example:
DISCORD_JOURNAL_CHANNEL¶
Discord channel ID for journal entries.
Type: string (integer as string)
Required: No
Used by: Dashboard
Example:
Payment Services¶
STRIPE_PUBLISHABLE_KEY¶
Stripe publishable key (client-side).
Type: string (format: pk_live_... or pk_test_...)
Required: Yes (for payments)
Used by: Dashboard (frontend)
Example:
STRIPE_PUBLISHABLE_KEY=pk_live_51Sk71uGXYX2yjS5iby5kHGDRcmIU6v4ArsrJhRA4x6VcT1HiTX6TiBLYB9ab7vDDzmWjk5TjeJu2g4tb38RojmU700l6pCMSCn
STRIPE_SECRET_KEY¶
Stripe secret key (server-side).
Type: string (format: sk_live_... or sk_test_...)
Required: Yes (for payments)
Used by: Dashboard (backend)
Security: Never expose publicly
Example:
STRIPE_SECRET_KEY=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
STRIPE_WEBHOOK_SECRET¶
Stripe webhook signing secret.
Type: string (format: whsec_...)
Required: Yes (for webhooks)
Used by: Dashboard
Example:
Finding Secret: 1. Go to Stripe Dashboard → Developers → Webhooks 2. Click on your webhook endpoint 3. Click "Reveal" under "Signing secret"
STRIPE_PRICE_DEVELOPER¶
Stripe price ID for Developer tier.
Type: string (format: price_...)
Required: No
Used by: Dashboard
Example:
STRIPE_PRICE_PRO¶
Stripe price ID for Pro tier.
Type: string
Required: No
Used by: Dashboard
STRIPE_PRICE_ENTERPRISE¶
Stripe price ID for Enterprise tier.
Type: string
Required: No
Used by: Dashboard
STRIPE_PRICE_STARTER¶
Stripe price ID for Starter tier.
Type: string
Required: No
Used by: Dashboard
STRIPE_PRICE_RESEARCH_PRO¶
Stripe price ID for Research Pro tier.
Type: string
Required: No
Used by: Dashboard
RESEND_API_KEY¶
Resend API key for transactional emails.
Type: string (format: re_...)
Required: Yes (for email)
Used by: Dashboard (Intel digests, notifications)
Example:
Getting a Key: https://resend.com/api-keys
Service Configuration¶
AEGIS_BASE_URL¶
Base URL for Aegis dashboard.
Type: string (URL)
Default: https://aegisagent.ai
Used by: Dashboard (webhooks, redirects)
Example:
AEGIS_EMAIL_USER_ID¶
Email address for Aegis workspace.
Type: string (email)
Default: aegis@richardbankole.com
Used by: Dashboard (email triage)
Example:
PLAYWRIGHT_URL¶
Playwright screenshot API URL.
Type: string (URL)
Default: http://playwright:3000
Used by: Scheduler (visual monitoring)
Example:
OLLAMA_HOST¶
Ollama API host for local models.
Type: string (URL)
Default: http://host.docker.internal:11434
Used by: Dashboard, Scheduler
Example:
OLLAMA_BASE_URL¶
Alternative to OLLAMA_HOST.
Type: string (URL)
Default: http://host.docker.internal:11434
Used by: Dashboard
FALKORDB_HOST¶
FalkorDB (knowledge graph) host.
Type: string
Default: host.docker.internal
Used by: Dashboard (Graphiti client)
Example:
FALKORDB_PORT¶
FalkorDB port.
Type: integer
Default: 6379
Used by: Dashboard
Example:
SMTP Configuration¶
SMTP_HOST¶
SMTP server host.
Type: string
Default: smtp.resend.com
Used by: Dashboard (email digests)
Example:
SMTP_PORT¶
SMTP server port.
Type: integer
Default: 587
Used by: Dashboard
Example:
SMTP_USER¶
SMTP username.
Type: string
Default: ${RESEND_API_KEY}
Used by: Dashboard
Example:
Note: For Resend, use API key as username.
SMTP_PASSWORD¶
SMTP password.
Type: string
Default: ${RESEND_API_KEY}
Used by: Dashboard
Example:
SMTP_FROM¶
Default sender email address.
Type: string (email)
Default: noreply@aegisagent.ai
Used by: Dashboard
Example:
Admin Secrets¶
INTEL_DIGEST_ADMIN_KEY¶
Admin key for triggering digest sends.
Type: string
Default: change-me-in-production
Used by: Dashboard (digest endpoint)
Security: Change in production
Example:
Generating Secure Key:
Third-Party Services¶
MESHY_API_KEY¶
Meshy API key for 3D model generation.
Type: string (format: msy_...)
Required: No (only for 3D features)
Used by: Dashboard
Example:
Getting a Key: https://www.meshy.ai/
MESHY_WEBHOOK_SECRET¶
Meshy webhook secret for verification.
Type: string
Required: No
Used by: Dashboard
Example:
ANNAS_SECRET_KEY¶
Anna's Archive API secret.
Type: string
Required: No
Used by: MCP Anna's Archive server
Example:
ANNAS_BASE_URL¶
Anna's Archive base URL.
Type: string (URL)
Default: https://annas-archive.li
Used by: MCP Anna's Archive server
ANNAS_DOWNLOAD_PATH¶
Download directory for books.
Type: string (path)
Default: /home/agent/downloads/annas-archive
Used by: MCP Anna's Archive server
Environment-Specific Settings¶
Development¶
# Use test keys
STRIPE_SECRET_KEY=sk_test_...
STRIPE_PUBLISHABLE_KEY=pk_test_...
# Local services
POSTGRES_HOST=localhost
OLLAMA_HOST=http://localhost:11434
Production¶
# Use live keys
STRIPE_SECRET_KEY=sk_live_...
STRIPE_PUBLISHABLE_KEY=pk_live_...
# Docker internal networking
POSTGRES_HOST=host.docker.internal
OLLAMA_HOST=http://host.docker.internal:11434
# Strong admin keys
INTEL_DIGEST_ADMIN_KEY=$(openssl rand -base64 32)
Variable Precedence¶
- Docker Compose
environmentsection (highest) .envfile- System environment variables
- Application defaults (lowest)
Security Best Practices¶
1. Never Commit Secrets¶
2. Use Strong Keys¶
3. Rotate Keys Regularly¶
- API keys: Every 90 days
- Webhook secrets: Every 6 months
- Database passwords: Every year
4. Principle of Least Privilege¶
- GitHub token: Only required scopes
- Database user: Only required permissions
- API keys: Only required services
5. Separate Environments¶
6. Encrypt at Rest¶
Validation¶
Check Required Variables¶
#!/bin/bash
required_vars=(
"POSTGRES_HOST"
"ZAI_API_KEY"
"GITHUB_TOKEN"
"TELEGRAM_BOT_TOKEN"
"STRIPE_SECRET_KEY"
)
for var in "${required_vars[@]}"; do
if [ -z "${!var}" ]; then
echo "ERROR: $var is not set"
exit 1
fi
done
echo "All required variables are set"
Test Database Connection¶
Test API Keys¶
# Z.ai
curl -H "Authorization: Bearer $ZAI_API_KEY" https://api.z.ai/health
# Stripe
curl -u $STRIPE_SECRET_KEY: https://api.stripe.com/v1/balance
# GitHub
curl -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/user
Troubleshooting¶
Variable Not Found¶
Problem: Application can't find environment variable
Solution:
1. Check .env file exists
2. Verify variable name (case-sensitive)
3. Restart Docker container: docker-compose restart
4. Check docker-compose.yml passes variable
Invalid API Key¶
Problem: API returns 401 Unauthorized
Solution: 1. Verify key is correct (copy-paste errors) 2. Check key hasn't expired 3. Verify key has required scopes 4. Test with curl
Database Connection Failed¶
Problem: Can't connect to PostgreSQL
Solution:
1. Check host: Use host.docker.internal from container
2. Verify port: Default is 5432
3. Check credentials match
4. Ensure PostgreSQL is running
Webhook Signature Fails¶
Problem: Webhook returns 401
Solution:
1. Verify STRIPE_WEBHOOK_SECRET matches dashboard
2. Check raw body is used (not parsed JSON)
3. Test with Stripe CLI: stripe listen --forward-to localhost:8080/webhook
See Also¶
- API Reference - REST endpoints
- CLI Reference - Command-line interface
- Configuration Reference - Config files