Environment variables

Complete .env reference for a self-hosted Future AGI instance

In this page

Every setting the stack reads at boot comes from a single .env file in the repo root. This page is the complete reference, grouped by what each variable does. The stack boots fine with the shipped defaults. The only thing you must change before sharing the instance is the CHANGEME secrets.

cp .env.example .env
📝
TL;DR

Doing a local trial? Skip to Installation. The defaults work as-is. Come back here when you’re ready to set secrets, add LLM provider keys, or turn on email.

Required Secrets

Replace every CHANGEME in this group before anyone else can reach the instance. Generate each value with the command shown.

VariableGenerate withUsed by
SECRET_KEYopenssl rand -hex 32Django sessions, CSRF, password reset
PG_PASSWORDopenssl rand -base64 24PostgreSQL auth
MINIO_ROOT_PASSWORDopenssl rand -base64 24MinIO object storage auth
AGENTCC_INTERNAL_API_KEYopenssl rand -hex 32Backend and gateway shared secret

Warning

PG_PASSWORD is written to the Postgres volume on first boot only. If you change it after the volume exists, authentication fails. See the fix in Troubleshooting. Set it before your first docker compose up.

Database Credentials

VariableDefaultNotes
PG_USERfutureagiPostgreSQL username
PG_PASSWORDCHANGEMEMust change
PG_DBfutureagiPostgreSQL database name
MINIO_ROOT_USERfutureagiMinIO username
MINIO_ROOT_PASSWORDCHANGEMEMust change
CH_USE_REPLICATED_ENGINESfalsetrue only for multi-node ClickHouse

Ports

Every service port is configurable. The full table (defaults, what each binds to, and exposure scope) lives in Requirements, so you can plan firewall rules in one place.

Backend Runtime

VariableDefaultDescription
ENV_TYPEdevelopmentOne of development, staging, or prod. Prod mode disables debug output and enables check --deploy
FAST_STARTUPfalseSkip migrations on restart (dev only). Always false in production
GRANIAN_WORKERS1ASGI worker processes. Set to your CPU count in production
GRANIAN_THREADS2Threads per worker
ENABLE_GRPCtrueEnable the gRPC endpoint
ENABLE_HTTPtrueEnable the HTTP/REST endpoint

Temporal Worker

VariableDefaultDescription
TEMPORAL_NAMESPACEdefaultTemporal namespace
TEMPORAL_ALL_QUEUEStrueSingle worker polls all queues. Set false and use the dev overlay for per-queue workers
TEMPORAL_MAX_CONCURRENT_ACTIVITIES50Max concurrent activity tasks
TEMPORAL_MAX_CONCURRENT_WORKFLOW_TASKS50Max concurrent workflow tasks

Tuning guidance lives in System configuration.

LLM Gateway

VariableDefaultDescription
AGENTCC_INTERNAL_API_KEYCHANGEMEMust change. The backend authenticates gateway calls with this shared secret

Setting a key here is only half the job. The gateway also needs a config.yaml listing the providers it may route to. See System configuration.

LLM Provider Keys

Set a key for each provider you’ll use and leave the rest blank. These are read by the gateway via ${VAR} interpolation in config.yaml.

VariableProvider
OPENAI_API_KEYOpenAI
ANTHROPIC_API_KEYAnthropic
GOOGLE_API_KEYGoogle Gemini
AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY / AWS_REGIONAWS Bedrock + S3

Email (Mailgun)

Email delivery powers self-service sign-up and password reset. Without it, you create users from the Django shell during Installation. Set these to turn on the email flow:

VariableDescription
MAILGUN_API_KEYMailgun private API key
MAILGUN_SENDER_DOMAINVerified Mailgun sending domain
DEFAULT_FROM_EMAILFrom: address for outbound email
SERVER_EMAILFrom: address for Django admin error email

Frontend Build-Time

Warning

These are baked into the JavaScript bundle at Vite build time. Changing them requires a rebuild: docker compose build frontend.

VariableDefaultDescription
VITE_HOST_APIhttp://localhost:8000Backend URL as seen by the browser. In production, use your public backend URL
VITE_ENVIRONMENTdevelopmentFrontend analytics and feature flags

Optional

VariableDefaultDescription
RECAPTCHA_ENABLEDfalseEnable reCAPTCHA on registration
RECAPTCHA_SECRET_KEY(none)reCAPTCHA v2/v3 server-side key
VITE_GOOGLE_SITE_KEY(none)reCAPTCHA client-side key (requires a frontend rebuild)
FUTURE_AGI_CLOUD_API_KEY(none)Enterprise-tier Cloud features only. Leave blank for the open-source build
FUTURE_AGI_CLOUD_API_URLhttps://api.futureagi.comDo not change

Dive deeper

Was this page helpful?

Questions & Discussion