Environment Variables

Note

This page is currently maintained by hand. In a later phase it syncs directly from the backend repo so it can’t drift from the code.

Required

Var	What it does
ENGRAM_PUBLIC_URL	The HTTPS URL where users reach Engram. Used for OAuth redirects, MCP discovery, email links.
SECRET_KEY_BASE	Phoenix cookie/session signing. Generate with openssl rand -base64 48.
ENCRYPTION_MASTER_KEY	Wraps per-user DEKs. Losing this = data loss. 32+ bytes base64. Full encryption-related env reference under Encryption below.
DATABASE_URL	Postgres connection string.
STORAGE_BACKEND	s3 (the only supported value as of v0.5.19 / PR #62; the legacy database BYTEA adapter has been removed). Default s3.

Embedding provider

Var	What it does
EMBED_BACKEND	ollama or voyage. Default voyage (set to ollama for self-host without a Voyage account).
EMBED_MODEL	Override the default model. For Ollama, defaults to nomic-embed-text (768 dims).
EMBED_DIMS	Override the embedding dimension count. Match your model.
VOYAGE_API_KEY	Required when EMBED_BACKEND=voyage. Get one from voyageai.com.
DOC_EMBED_MODEL / QUERY_EMBED_MODEL	Optional asymmetric retrieval — different models for documents vs queries (Voyage-specific).

Storage (when STORAGE_BACKEND=s3)

Var	What it does
STORAGE_ENDPOINT	S3 endpoint URL. http://minio:9000 for default MinIO.
STORAGE_REGION	S3 region. Required for AWS, ignored by MinIO.
STORAGE_BUCKET	Bucket name for attachments.
STORAGE_ACCESS_KEY_ID	S3 access key.
STORAGE_SECRET_ACCESS_KEY	S3 secret.

Qdrant

Var	What it does
QDRANT_URL	Qdrant HTTP endpoint. Default: http://qdrant:6333.
QDRANT_API_KEY	API key if Qdrant has auth on.

Limits

Var	Default	What it does
MAX_NOTE_SIZE_BYTES	1048576 (1 MiB)	Per-note size cap
MAX_ATTACHMENT_SIZE_BYTES	26214400 (25 MiB)	Per-attachment size cap
RATE_LIMIT_PER_MINUTE	600	Per-user request limit

Auth (self-host)

Var	What it does
AUTH_PROVIDER	local for self-host. (Cloud uses clerk.)
OAUTH_ALLOWED_REDIRECT_HOSTS	Comma-separated list of redirect hostnames allowed during MCP OAuth.

Observability

Var	What it does
LOG_LEVEL	info, warn, error. Default info.
SENTRY_DSN	If set, errors stream to Sentry.
PROMEX_ENABLED	true to expose /metrics for Prometheus scrape.

Encryption

ENCRYPTION_MASTER_KEY is listed under Required above — the rest of the encryption-related env lives here.

Var	What it does
ENCRYPTION_MASTER_KEY_PREVIOUS	Rescue lane during master-key rotation. Unset after rotation completes.
ENCRYPTION_MASTER_KEY_VERSION	Default 1. Bump during rotation (see Encryption Setup).
DEK_CACHE_TTL_MS	DEK cache TTL in ms. Default 3600000 (1 hour).
KEY_PROVIDER	local (default) or aws_kms. AWS KMS provider is operator-only today; see backend repo.
BOOT_CANARY_ENABLED	false disables the boot canary check. Leave default unless you know why.

Phoenix host / scheme

Var	What it does
PHX_HOST	Public hostname (e.g. engram.example.com). Used for URL generation.
PHX_SCHEME	https in prod, http in dev.
PHX_PORT	Default 443 in prod.
PHX_SERVER	Set to enable the HTTP server in prod.exs releases.

Billing (cloud only)

PADDLE_API_KEY, PADDLE_NOTIFICATION_SECRET, PADDLE_CLIENT_TOKEN, PADDLE_STARTER_PRICE_ID, PADDLE_PRO_PRICE_ID, PADDLE_ENV — all unset on self-host. When PADDLE_API_KEY is missing the billing plumbing short-circuits cleanly (no onboarding gate, no subscription checks).

Note

The Phase 3 docs-sync work (planned) will pull this list directly from backend/config/runtime.exs so it can’t drift from code.