Server Configuration
The Obot server is configured via environment variables. The following configuration is available:
| Environment Variable | Description | Default |
|---|---|---|
OPENAI_API_KEY | The foundation of Obot is a large language model that supports function-calling. The default is OpenAI and specifying an OpenAI key here will ensure none of the users need to worry about specifying their own API key. | - |
ANTHROPIC_API_KEY | You can also provide an Anthropic API key in place of or in addition to an OpenAI API key. | - |
GITHUB_AUTH_TOKEN | Obot makes heavy use of repositories hosted on GitHub. Care is taken to cache these and only re-check when necessary. However, rate-limiting can happen. Setting a read-only token here can alleviate many of these issues. No grants are required for either a 'classic' or 'fine-grained' token to access public repos (read-only). If you want to give the token access to private repos, you will need to give it repo (for a 'classic' token) or contents (read-only) and metadata (read-only). | |
OBOT_SERVER_DSN | Obot uses a database backend. By default, it will use a sqlite3 local database when running the plan Obot binary. The Obot container will use an internal PostgreSQL database (not recommended for production). This environment variable allows you to specify another database option. For example, you can use a postgres database with something like OBOT_SERVER_DSN=postgres://user:password@host/database. | - |
OBOT_SERVER_HOSTNAME | Tell Obot what its server URL is so that things like OAuth, LLM proxying, and invoke URLs are handled correctly. | - |
OBOT_SERVER_RETENTION_POLICY_HOURS | The retention policy for the system. Set to 0 to disable retention. This field should just be a number in a string, no h suffix. | 2160 (90 days) |
NAH_THREADINESS | Sets the number of concurrent threads that can run in the Obot controller. | 10 |
OBOT_SERVER_KNOWLEDGE_FILE_WORKERS | Sets the number of workers used by knowledge for processing files. | 5 |
KINM_DB_CONNECTIONS | The number of connections in the database pool for kinm | 5 |
OBOT_SERVER_ENABLE_AUTHENTICATION | Enables authentication for Obot | false |
OBOT_SERVER_ENCRYPTION_PROVIDER | Configures an encryption provider for credentials in Obot. One of aws, gcp, azure, custom, or none | none |
OBOT_SERVER_ENCRYPTION_CONFIG_FILE | The path to a file containing the encryption configuration. Only used when OBOT_SERVER_ENCRYPTION_PROVIDER is custom | - |
OBOT_SERVER_ENCRYPTION_KEY | Sets the key to be used for encryption. Should only be set if OBOT_SERVER_ENCRYPTION_PROVIDER is custom | - |
OBOT_BOOTSTRAP_TOKEN | Sets a bootstrap token. If authentication is enabled, one will be autogenerated for you if this is not set. | - |
OBOT_SERVER_AUTH_OWNER_EMAILS | A comma separated list of email addresses that will have the Owner role in Obot. Email matching is case-insensitive. | - |
OBOT_SERVER_AUTH_ADMIN_EMAILS | A comma separated list of email addresses that will have the Admin role in Obot. Email matching is case-insensitive. | - |
OBOT_SERVER_OTEL_BASE_EXPORT_ENDPOINT | The base export endpoint for OpenTelemetry | - |
OBOT_SERVER_OTEL_SAMPLE_PROB | The sampling probability for OpenTelemetry | 0.1 |
OBOT_SERVER_OTEL_BEARER_TOKEN | The bearer token for authentication with OpenTelemetry | - |
OBOT_SERVER_AUDIT_LOGS_MODE | Configures the storage backend for audit logs in Obot. Can be 'off', 'disk', or 's3' | off |
OBOT_SERVER_AUDIT_LOGS_STORE_S3BUCKET | The name of the S3 bucket to store audit logs in. | - |
OBOT_SERVER_AUDIT_LOGS_STORE_S3ENDPOINT | If config.OBOT_SERVER_AUDIT_LOGS_MODE is 's3' and you are not using AWS S3, this needs to be set to the S3 api endpoint of your provider. | - |
OBOT_SERVER_AUDIT_LOGS_COMPRESS_FILE | Controls whether or not to compress audit log files | true |
OBOT_SERVER_AUDIT_LOGS_USE_PATH_STYLE | Whether to use path style for S3 | - |
OBOT_SERVER_MCPBASE_IMAGE | Deploy MCP servers in the kubernetes cluster or using docker with this base image. | ghcr.io/obot-platform/mcp-images/phat:main |
OBOT_SERVER_MCPRUNTIME_BACKEND | The runtime backend to use for running MCP servers: docker, kubernetes, or local. | kubernetes in the helm chart, docker otherwise |
OBOT_SERVER_MCPCLUSTER_DOMAIN | The cluster domain to use for MCP services. Only matters if OBOT_SERVER_MCPBASE_IMAGE is set. | cluster.local |
OBOT_SERVER_DISALLOW_LOCALHOST_MCP | Disallow MCP servers that try to connect to localhost. | false |
OBOT_SERVER_UPDATE_CHECK_INTERVAL_MINS | The interval in minutes to check for Obot server updates. Set to 0 to disable. | 1440 minutes (1 day) |
Encryption Providers
You can configure optional encryption providers to ensure secrets are encrypted.
Model Providers
You can configure additional models using model providers
Workspace Provider
You can configure external storage for workspace files using a workspace provider