Environment Variables Reference

Prisme.ai services can be configured through various environment variables. This reference provides a comprehensive list of available configuration options for your deployment.

Configuration Methods

Docker Setup

In a Docker deployment, configure these variables in the root docker-compose.yml file. See the Docker Compose documentation for more details.

Developer Setup

In a development environment, create a services/*/.env file containing key/value pairs:

WORKSPACES_STORAGE_TYPE=S3_LIKE
WORKSPACES_STORAGE_S3_LIKE_BUCKET_NAME=someBucketName
...

To run a service directly from its Docker image, add an env_file option to its services/*/docker-compose.yml file:

console:
  entrypoint: npm start --prefix services/console
  restart: on-failure
  image: registry.gitlab.com/prisme.ai/prisme.ai/prisme.ai-console:latest
  ports:
    - "3000:3000"
  env_file: ./.env

Note 1: Default values may differ depending on the selected start mode (Docker or Developer), especially URL-related variables.

Note 2: Relative paths start from the executing service directory.

Variable Categories

Domains & URLs

Configure the URLs and domains used by Prisme.ai services.

Name	Service	Description	Default Value
GATEWAY_API_HOST	api-gateway, workspaces, events	api-gateway internal URL for internal requests (i.e., contact fetching, public JWKS)	http://localhost:3001/v2
API_URL	console, pages, api-gateway, runtime	api-gateway public URL	http://studio.local.prisme.ai:3001/v2
CONSOLE_URL	api-gateway, console, pages, runtime	Studio URL, used for emails, auth redirections & runtime variable `{{global.studioUrl}}`	http://studio.local.prisme.ai:3000
PAGES_HOST	api-gateway, console, pages, runtime	Pages base domain starting with a ’.’, workspace slug will be prefixed as a subdomain. Used for pages builder, pages sign-in redirection from api gateway, & runtime variable `{{global.pagesUrl}}`	.pages.local.prisme.ai:3100

Databases & Storage

Redis Configuration

Name	Service	Description	Default Value
BROKER_HOST	All services	Redis broker URL (must be the same across services)	redis://localhost:6379/0
BROKER_PASSWORD	All services	Redis broker password
BROKER_NAMESPACE	All services	Optional namespace to segment events when database instance is shared by multiple platforms
BROKER_TOPIC_MAXLEN	All services	Redis streams max length before getting truncated (Capped Streams)	10000
BROKER_EMIT_MAXLEN	All services	Maximum size (in bytes) of emitted events	100000
SESSIONS_STORAGE_HOST	api-gateway	Redis URL for sessions storage	redis://localhost:6379/0
SESSIONS_STORAGE_PASSWORD	api-gateway	Redis password for sessions storage
CONTEXTS_CACHE_HOST	runtime	Redis URL for contexts persistence	redis://localhost:6379/0
CONTEXTS_CACHE_PASSWORD	runtime	Redis password for contexts persistence
EVENTS_TOPICS_CACHE_HOST	events	Redis URL for event userTopics persistence	BROKER_HOST variable
EVENTS_TOPICS_CACHE_PASSWORD	events	Redis password for event userTopics persistence

MongoDB Configuration

Name	Service	Description	Default Value
PERMISSIONS_STORAGE_HOST	All services	MongoDB URL for permissions storage (must be the same for both workspaces & events)	mongodb://localhost:27017/permissions
USERS_STORAGE_HOST	api-gateway	MongoDB URL for users storage	mongodb://localhost:27017/users

Elasticsearch Configuration

Name	Service	Description	Default Value
EVENTS_STORAGE_ES_HOST	events	Elasticsearch URL for events persistence	http://localhost:9200
EVENTS_STORAGE_ES_USER	events	Elasticsearch user for events persistence
EVENTS_STORAGE_ES_PASSWORD	events	Elasticsearch password for events persistence
EVENTS_STORAGE_ES_BULK_REFRESH	events	Enable Elastic “refresh” option when bulk inserting events (might cause overhead)	no

Storage Configuration

Prisme.ai supports multiple storage backends for workspaces and uploads. Available storage types are:

FILESYSTEM: Local file system storage
S3_LIKE: Amazon S3 or compatible services (MinIO, etc.)
AZURE_BLOB: Azure Blob Storage
GCS : Google Cloud Storage

Workspaces Storage

Name	Service	Description	Default Value
WORKSPACES_STORAGE_TYPE	runtime & workspaces	Storage driver type (FILESYSTEM, S3_LIKE, AZURE_BLOB or GCS)	FILESYSTEM
WORKSPACES_STORAGE_FILESYSTEM_DIRPATH	runtime & workspaces	Directory path for filesystem storage	../../data/models/

S3-Compatible Storage for Workspaces

Name	Service	Description	Default Value
WORKSPACES_STORAGE_S3_LIKE_ACCESS_KEY	runtime & workspaces	S3 access key
WORKSPACES_STORAGE_S3_LIKE_SECRET_KEY	runtime & workspaces	S3 secret key
WORKSPACES_STORAGE_S3_LIKE_ENDPOINT	runtime & workspaces	S3 endpoint
WORKSPACES_STORAGE_S3_LIKE_BUCKET_NAME	runtime & workspaces	S3 bucket name
WORKSPACES_STORAGE_S3_LIKE_REGION	runtime & workspaces	S3 region
STORAGE_S3_LIKE_MAX_RETRIES	runtime & workspaces	Maximum retries on rate-limited S3 requests	5

Azure Blob Storage for Workspaces

Name	Service	Description	Default Value
WORKSPACES_STORAGE_AZURE_BLOB_CONTAINER	runtime & workspaces	Azure Blob container name	models
WORKSPACES_STORAGE_AZURE_BLOB_CONNECTION_STRING	runtime & workspaces	Azure Blob connection string

GCS Storage for Workspaces

Name	Service	Description	Default Value
WORKSPACES_STORAGE_GCS_BUCKET	runtime & workspaces	GCS bucket name (required)
WORKSPACES_STORAGE_GCS_KEYFILEPATH	runtime & workspaces	Service account configuration filepath	`GOOGLE_APPLICATION_CREDENTIALS` environment variable
WORKSPACES_STORAGE_GCS_PROJECTID	runtime & workspaces	GCS project id, only required when using apiKey
WORKSPACES_STORAGE_GCS_APIKEY	runtime & workspaces	Api key
STORAGE_GCS_MAX_RETRIES	runtime & workspaces	Maximum retries on rate-limited GCS requests	5

If WORKSPACES_STORAGE_GCS_KEYFILEPATH or GOOGLE_APPLICATION_CREDENTIALS is provided, only WORKSPACES_STORAGE_GCS_BUCKET is required.

File Uploads Storage

Name	Service	Description	Default Value
UPLOADS_STORAGE_TYPE	runtime & workspaces	Storage driver type (FILESYSTEM, S3_LIKE, AZURE_BLOB or GCS)	FILESYSTEM
UPLOADS_STORAGE_FILESYSTEM_DIRPATH	runtime & workspaces	Directory path for filesystem storage	../../data/models/

S3-Compatible Storage for uploads

Name	Service	Description	Default Value
UPLOADS_STORAGE_S3_LIKE_ACCESS_KEY	runtime & workspaces	S3 access key
UPLOADS_STORAGE_S3_LIKE_SECRET_KEY	runtime & workspaces	S3 secret key
UPLOADS_STORAGE_S3_LIKE_ENDPOINT	runtime & workspaces	S3 endpoint
UPLOADS_STORAGE_S3_LIKE_BUCKET_NAME	runtime & workspaces	S3 bucket name
UPLOADS_STORAGE_S3_LIKE_REGION	runtime & workspaces	S3 region
STORAGE_S3_LIKE_MAX_RETRIES	runtime & workspaces	Maximum retries on rate-limited S3 requests	5
UPLOADS_STORAGE_S3_LIKE_BASE_URL	runtime & workspaces	Base download URL (if omitted, workspaces API will be used as proxy)

Azure Blob Storage for uploads

Name	Service	Description	Default Value
UPLOADS_STORAGE_AZURE_BLOB_CONTAINER	runtime & workspaces	Azure Blob container name	models
UPLOADS_STORAGE_AZURE_BLOB_CONNECTION_STRING	runtime & workspaces	Azure Blob connection string
UPLOADS_STORAGE_AZURE_BLOB_BASE_URL	runtime & workspaces	Base download URL (if omitted, workspaces API will be used as proxy)

GCS Storage for uploads

Name	Service	Description	Default Value
UPLOADS_STORAGE_GCS_BUCKET	runtime & workspaces	GCS bucket name (required)
UPLOADS_STORAGE_GCS_KEYFILEPATH	runtime & workspaces	Service account configuration filepath	`GOOGLE_APPLICATION_CREDENTIALS` environment variable
UPLOADS_STORAGE_GCS_PROJECTID	runtime & workspaces	GCS project id, only required when using apiKey
UPLOADS_STORAGE_GCS_APIKEY	runtime & workspaces	Api key
STORAGE_GCS_MAX_RETRIES	runtime & workspaces	Maximum retries on rate-limited GCS requests	5
UPLOADS_STORAGE_GCS_BASE_URL	runtime & workspaces	Base download URL (if omitted, workspaces API will be used as proxy)

If UPLOADS_STORAGE_GCS_KEYFILEPATH or GOOGLE_APPLICATION_CREDENTIALS is provided, only UPLOADS_STORAGE_GCS_BUCKET is required.

Notes on uploads bucket:

By default, the driver stores all uploads inside the same bucket for both public and private files. This bucket must allow public access and enable object-level ACLs, letting the driver selectively set objects as public or private.

If these options are restricted in your environment, you can configure two separate buckets for public/private objects:

Both buckets can maintain default settings (which prohibit public access and disable object-level ACLs)
The public bucket should be served through a CDN allowed to access all objects (or any more restrictive pattern you prefer)

In this setup, UPLOADS_STORAGE_S3_* variables configure the private bucket, while UPLOADS_PUBLIC_STORAGE_S3_* variables configure the public bucket.

You can provide separate credentials for the public bucket or simply set these two variables to use the same credentials:

UPLOADS_PUBLIC_STORAGE_S3_LIKE_BUCKET_NAME="your public uploads bucket name"
UPLOADS_PUBLIC_STORAGE_S3_LIKE_BASE_URL="your CDN public base URL"

Equivalent variables exist for GCS :

UPLOADS_PUBLIC_STORAGE_GCS_BUCKET="your public uploads bucket name"
UPLOADS_PUBLIC_STORAGE_GCS_BASE_URL="your CDN public base URL"

To avoid public buckets without creating a second bucket behind CloudFront, you can force all file download requests to go through the Prisme.ai API by not providing the UPLOADS_STORAGE_*_BASE_URL environment variable.

Authentication & Security

OIDC Configuration

Name	Service	Description	Default Value
OIDC_PROVIDER_URL	api-gateway, pages, console, runtime	OIDC Authorization public server URL (rarely needs changing)	API_URL without base path
OIDC_INTERNAL_PROVIDER_URL	api-gateway	OIDC Authorization internal server URL (rarely needs changing)	By precedence: GATEWAY_API_HOST, OIDC_PROVIDER_URL, or API_URL
OIDC_STUDIO_CLIENT_ID	api-gateway, console	Studio OIDC client ID	local-client-id
OIDC_STUDIO_CLIENT_SECRET	api-gateway	Studio OIDC client secret (known only by api-gateway)	local-client-id
OIDC_CLIENT_REGISTRATION_TOKEN	api-gateway	Access token required for OIDC clients registration API	local-client-id
OIDC_WELL_KNOWN_URL	api-gateway	OIDC provider configuration discovery URL (only for external providers)
JWKS_URL	api-gateway	Endpoint for retrieving JWKS as part of the JWKS strategy	OIDC_INTERNAL_PROVIDER_URL/oidc/jwks

Session & Token Configuration

Name	Service	Description	Default Value
SESSION_COOKIES_MAX_AGE	api-gateway	Auth server session cookies expiration (in seconds)	2592000 (1 month)
ACCESS_TOKENS_MAX_AGE	api-gateway	Session expiration for both anonymous & authenticated sessions (in seconds)	2592000 (1 month)
SESSION_COOKIES_SIGN_SECRET	api-gateway	Session cookies signing secret
SOCKETIO_COOKIE_MAX_AGE	events	Socket.io cookie maxAge	Default from ‘cookie’ NodeJS module

Security Settings

Name	Service	Description	Default Value
CORS_ADDITIONAL_ALLOWED_ORIGINS	api-gateway	Additional allowed CORS origins (beyond STUDIO_URL, PAGES_HOST, and workspace custom domains)
CSP_HEADER	console, pages	Content Security Policy header for frontend services (if undefined, no CSP header is returned)
PASSWORD_VALIDATION_REGEXP	api-gateway	Password validation regular expression	`.{8,32}`
ACCOUNT_VALIDATION_METHOD	api-gateway	Account validation method on signup: “auto”, “email”, or “manual”	email

Service-Specific Configuration

API Gateway

Name	Service	Description	Default Value
PORT	api-gateway	Listening port number	3001
GATEWAY_CONFIG_PATH	api-gateway	Path to gateway.config.yml	../../gateway.config.yml
AUTH_PROVIDERS_CONFIG	api-gateway	Path to authProviders.config.yml	../../authProviders.config.yml
INTERNAL_API_KEY	api-gateway, workspaces	API key for internal services to access events /sys/cleanup API
WORKSPACES_API_URL	api-gateway	prismeai-workspaces internal URL	http://workspaces:3002
EVENTS_API_URL	api-gateway	prismeai-events internal URL	http://events:3004
RUNTIME_API_URL	api-gateway	prismeai-runtime internal URL	http://runtime:3003
X_FORWARDED_HEADERS	api-gateway	Add X-Forwarded-* headers on proxied requests	yes
SUPER_ADMIN_EMAILS	api-gateway	Comma-separated list of user emails with access to all workspaces (e.g., “admin@example.com,user@company.com”)	None

Console

Name	Service	Description	Default Value
PORT	console	Listening port number	3000
WEBSOCKETS_DEFAULT_TRANSPORTS	console, pages	Default Socket.io transport methods	polling,websocket

Events Service

Name	Service	Description	Default Value
PORT	events	Listening port number	3004
EVENTS_BUFFER_FLUSH_AT	events	Persist events in data lake after this many events	128
EVENTS_BUFFER_HIGH_WATERMARK	events	Stop listening for new events when this many are waiting to be persisted	256
EVENTS_BUFFER_FLUSH_EVERY	events	Persist events every N milliseconds, even if EVENTS_BUFFER_FLUSH_AT not reached	5000
EVENTS_RETENTION_DAYS	events	Days events are kept in data lake before removal	180
EVENTS_CLEANUP_WORKSPACE_INACTIVITY_DAYS	events	Delete workspace events if inactive for more than N days & with fewer than EVENTS_CLEANUP_WORKSPACE_MAX_EVENTS	15
EVENTS_CLEANUP_WORKSPACE_MAX_EVENTS	events	Delete workspace events if inactive for more than EVENTS_CLEANUP_WORKSPACE_INACTIVITY_DAYS & with fewer than N events	100
EVENTS_SCHEDULED_DELETION_DAYS	events	Days events are kept in data lake after workspace deletion	90

Runtime Service

Name	Service	Description	Default Value
PORT	runtime	Listening port number	3003
MAXIMUM_SUCCESSIVE_CALLS	runtime	Maximum automation executions for the same correlation ID	20
CONTEXT_RUN_EXPIRE_TIME	runtime	Run context expiration time in seconds	60
CONTEXT_UNAUTHENTICATED_SESSION_EXPIRE_TIME	runtime	Session context expiration time in seconds for unauthenticated sessions	3600 (1 hour)
ADDITIONALGLOBAL_VARS*	runtime	Additional variables available from global context (e.g., ADDITIONAL_GLOBAL_VARS_apiUrl becomes `{{global.apiUrl}}`)	None
WORKSPACECONFIG`{{workspaceSlug}}`_`{{variableName}}`	runtime	Variables available for specific workspaces	None
APPCONFIG`{{appSlug}}`_`{{variableName}}`	runtime	Variables available for specific apps	None
FETCH_FORBIDDEN_HOSTS	runtime	Comma-separated list of forbidden hostnames in fetch instruction
FETCH_MAX_RETRIES	runtime	Maximum fetch retries	3
FETCH_RETRY_CODES	runtime	Error codes that trigger fetch retries	ECONNRESET,UND_ERR_SOCKET,EPIPE,EHOSTUNREACH,ENETUNREACH
FETCH_RETRY_STATUS	runtime	Response status codes that trigger fetch retries	429,503,502

Workspaces Service

Name	Service	Description	Default Value
PORT	workspaces	Listening port number	3002
UPLOADS_ALLOWED_MIMETYPES	workspaces	Comma-separated list of allowed upload MIME types	image/,text/,video/,audio/,application/*
UPLOADS_FORBIDDEN_MIMETYPES	workspaces	Comma-separated list of forbidden upload MIME types (no wildcards)
UPLOADS_DEFAULT_VISIBILITY	workspaces	Default upload visibility if not specified in API request	public
UPLOADS_MAX_SIZE	workspaces, api-gateway, runtime	Maximum upload size in bytes	10000000 (10MB)
IMPORT_BATCH_SIZE	workspaces	Maximum parallel save requests during imports	50

Performance & Limits

Rate Limiting

Name	Service	Description	Default Value
RATE_LIMIT_SIGNUP	api-gateway	Maximum signups per IP per minute	1
RATE_LIMIT_ANONYMOUS_LOGIN	api-gateway	Maximum anonymous logins per IP per minute	10
RATE_LIMIT_PRISMEAI_LOGIN	api-gateway	Maximum email/password login attempts per email per minute	5
RATE_LIMIT_PASSWORD_RESET	api-gateway	Maximum password reset requests per IP per minute	1

Integration & APIs

Name	Service	Description	Default Value
OPENAPI_FILEPATH	All services	Path to Swagger file for requests & events validation	../specifications/swagger.yml

Examples

S3 Storage Configuration

# Configure workspace storage with S3
WORKSPACES_STORAGE_TYPE=S3_LIKE
WORKSPACES_STORAGE_S3_LIKE_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
WORKSPACES_STORAGE_S3_LIKE_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
WORKSPACES_STORAGE_S3_LIKE_BUCKET_NAME=prisme-workspaces
WORKSPACES_STORAGE_S3_LIKE_REGION=us-west-1
WORKSPACES_STORAGE_S3_LIKE_BASE_URL=https://prisme-workspaces.s3.us-west-1.amazonaws.com

# Configure uploads with the same credentials but different bucket
UPLOADS_STORAGE_TYPE=S3_LIKE
UPLOADS_STORAGE_S3_LIKE_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
UPLOADS_STORAGE_S3_LIKE_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
UPLOADS_STORAGE_S3_LIKE_BUCKET_NAME=prisme-uploads
UPLOADS_STORAGE_S3_LIKE_REGION=us-west-1
UPLOADS_STORAGE_S3_LIKE_BASE_URL=https://prisme-uploads.s3.us-west-1.amazonaws.com

Authentication and Rate Limiting for Production

# Set a strong password policy
PASSWORD_VALIDATION_REGEXP= "YOUR_REGEX"

# Enable manual account validation
ACCOUNT_VALIDATION_METHOD=manual

# Configure super admins
SUPER_ADMIN_EMAILS=admin@company.com,security@company.com

# Set stricter rate limits
RATE_LIMIT_SIGNUP=1
RATE_LIMIT_ANONYMOUS_LOGIN=5
RATE_LIMIT_PRISMEAI_LOGIN=3
RATE_LIMIT_PASSWORD_RESET=1

Custom Domain Configuration

# Configure custom domain for platform access
CONSOLE_URL=https://studio.company.com
API_URL=https://api.company.com/v2
PAGES_HOST=.apps.company.com

Was this page helpful?

Raise issue

Monitoring Prisme.ai with Prometheus & Grafana Overview

On this page

Configuration Methods
Docker Setup
Developer Setup
Variable Categories
Domains & URLs
Databases & Storage
Redis Configuration
MongoDB Configuration
Elasticsearch Configuration
Storage Configuration
Workspaces Storage
S3-Compatible Storage for Workspaces
Azure Blob Storage for Workspaces
GCS Storage for Workspaces
File Uploads Storage
S3-Compatible Storage for uploads
Azure Blob Storage for uploads
GCS Storage for uploads
Authentication & Security
OIDC Configuration
Session & Token Configuration
Security Settings
Service-Specific Configuration
API Gateway
Console
Events Service
Runtime Service
Workspaces Service
Performance & Limits
Rate Limiting
Integration & APIs
Examples
S3 Storage Configuration
Authentication and Rate Limiting for Production
Custom Domain Configuration

Overview

Cloud Providers

Docker & Kubernetes Deployment

Entreprise Services

AI Products

Operations

​Configuration Methods

​Docker Setup

​Developer Setup

​Variable Categories

​Domains & URLs

​Databases & Storage

​Redis Configuration

​MongoDB Configuration

​Elasticsearch Configuration

​Storage Configuration

​Workspaces Storage

​S3-Compatible Storage for Workspaces

​Azure Blob Storage for Workspaces

​GCS Storage for Workspaces

​File Uploads Storage

​S3-Compatible Storage for uploads

​Azure Blob Storage for uploads

​GCS Storage for uploads

​Authentication & Security

​OIDC Configuration

​Session & Token Configuration

​Security Settings

​Service-Specific Configuration

​API Gateway

​Console

​Events Service

​Runtime Service

​Workspaces Service

​Performance & Limits

​Rate Limiting

​Integration & APIs

​Examples

​S3 Storage Configuration

​Authentication and Rate Limiting for Production

​Custom Domain Configuration