Skip to main content
Aurora uses environment variables for configuration. Copy .env.example to .env and configure the variables below.

Quick Start

For local development: 
make init  # Auto-generates secrets
# Add your OPENROUTER_API_KEY (get from https://openrouter.ai/keys)
make prod-prebuilt  # or: make prod-local to build from source

Core Configuration

AURORA_ENV
string
default:"dev"
Environment mode: dev, staging, or prod

Database

PostgreSQL database configuration (required).
POSTGRES_USER
string
default:"aurora"
required
PostgreSQL username
POSTGRES_PASSWORD
string
required
PostgreSQL password. Auto-generated by make init.
POSTGRES_DB
string
default:"aurora_db"
PostgreSQL database name
POSTGRES_HOST
string
default:"postgres"
PostgreSQL host (Docker service name or hostname)
POSTGRES_PORT
number
default:"5432"
PostgreSQL port

Redis

Redis is used for Celery task queue and caching.
REDIS_URL
string
default:"redis://redis:6379/0"
Redis connection URL

Object Storage

S3-compatible object storage configuration. See Storage Configuration for details.
STORAGE_BUCKET
string
default:"aurora-storage"
required
S3 bucket name
STORAGE_ENDPOINT_URL
string
default:"http://seaweedfs-filer:8333"
S3 endpoint URL. Default uses SeaweedFS (included in docker-compose).For AWS S3, omit this variable. For other providers (Cloudflare R2, MinIO, etc.), set the endpoint URL.
STORAGE_ACCESS_KEY
string
default:"admin"
required
S3 access key ID
STORAGE_SECRET_KEY
string
default:"admin"
required
S3 secret access key
STORAGE_REGION
string
default:"us-east-1"
S3 region
STORAGE_USE_SSL
boolean
default:"false"
Enable SSL/TLS for storage connections
STORAGE_VERIFY_SSL
boolean
default:"false"
Verify SSL certificates. Set to true in production for security.
STORAGE_CACHE_ENABLED
boolean
default:"true"
Enable Redis caching for storage file listings
STORAGE_CACHE_TTL
number
default:"60"
Cache TTL in seconds

URLs & Networking

FRONTEND_URL
string
default:"http://localhost:3000"
Frontend URL (for internal use)
BACKEND_URL
string
default:"http://aurora-server:5080"
Backend URL (for internal container-to-container communication)
NEXT_PUBLIC_BACKEND_URL
string
default:"http://localhost:5080"
Backend URL accessible from the browser. Injected at container startup.
NEXT_PUBLIC_WEBSOCKET_URL
string
default:"ws://localhost:5006"
WebSocket URL for chatbot. Injected at container startup.
CHATBOT_INTERNAL_URL
string
default:"http://chatbot:5007"
Internal chatbot service URL
NEXT_PUBLIC_* variables are injected at container startup, not baked at build time. To change them:
  1. Update .env
  2. Recreate the frontend container: docker compose -f docker-compose.prod-local.yml up -d frontend

Authentication & Security

FLASK_SECRET_KEY
string
required
Flask session secret key. Auto-generated by make init.
FLASK_PORT
number
default:"5080"
Flask API port
AUTH_SECRET
string
required
Auth.js secret key. Auto-generated by make init.
VAULT_TOKEN
string
required
HashiCorp Vault root token. Auto-generated by make init.See Vault Secrets for details.
VAULT_ADDR
string
default:"http://vault:8200"
Vault server address
VAULT_KV_MOUNT
string
default:"aurora"
Vault KV v2 engine mount point
VAULT_KV_BASE_PATH
string
default:"users"
Base path for user secrets in Vault

LLM & AI Services

At least one LLM provider API key is required. See LLM Providers for details.
OPENROUTER_API_KEY
string
OpenRouter API key (recommended). Get from https://openrouter.ai/keysSupports multiple models from various providers through a single API.
OPENAI_API_KEY
string
OpenAI API key. Get from https://platform.openai.com/api-keys
ANTHROPIC_API_KEY
string
Anthropic API key. Get from https://console.anthropic.com/
GOOGLE_AI_API_KEY
string
Google AI (Gemini) API key. Get from https://aistudio.google.com/app/apikey
LLM_PROVIDER_MODE
string
default:"openrouter"
Default LLM provider: openrouter, openai, anthropic, or google
AGENT_RECURSION_LIMIT
number
default:"240"
Maximum recursion depth for agent workflows
SEARXNG_URL
string
default:"http://searxng:8080"
SearxNG internal URL
SEARXNG_BASE_URL
string
default:"http://localhost:8082"
SearxNG public URL
SEARXNG_SECRET
string
SearxNG secret key. Auto-generated by make init.

AI Features

RCA_OPTIMIZE_COSTS
boolean
default:"false"
Enable cost optimization for root cause analysis
GEMINI_DISABLE_THINKING
boolean
default:"false"
Disable “thinking” mode for Gemini models

Cloud Provider Integrations

Optional cloud provider credentials for resource discovery and management.

Google Cloud Platform

CLIENT_ID
string
GCP OAuth client ID
CLIENT_SECRET
string
GCP OAuth client secret

Amazon Web Services

AWS_ACCESS_KEY_ID
string
AWS access key ID
AWS_SECRET_ACCESS_KEY
string
AWS secret access key
AWS_DEFAULT_REGION
string
default:"us-east-1"
AWS default region

Cloud Provider Cache

Applies to all cloud providers (GCP, AWS, Azure).
AURORA_SETUP_CACHE_ENABLED
boolean
default:"true"
Enable caching for cloud provider API responses
AURORA_SETUP_CACHE_TTL
number
default:"3600"
Cache TTL in seconds (1 hour)
AURORA_VERIFY_CLI_IDENTITY
boolean
default:"false"
Verify CLI identity for cloud provider connections
AURORA_CACHE_TOKEN_IN_REDIS
boolean
default:"false"
Cache cloud provider tokens in Redis

Third-Party Integrations

Optional integrations with external services.

GitHub OAuth

GH_OAUTH_CLIENT_ID
string
GitHub OAuth client ID
GH_OAUTH_CLIENT_SECRET
string
GitHub OAuth client secret

Slack

NEXT_PUBLIC_ENABLE_SLACK
boolean
default:"false"
Enable Slack integration
SLACK_CLIENT_ID
string
Slack OAuth client ID
SLACK_CLIENT_SECRET
string
Slack OAuth client secret
SLACK_SIGNING_SECRET
string
Slack signing secret

PagerDuty

NEXT_PUBLIC_ENABLE_PAGERDUTY_OAUTH
boolean
default:"false"
Enable PagerDuty OAuth integration
PAGERDUTY_CLIENT_ID
string
PagerDuty OAuth client ID
PAGERDUTY_CLIENT_SECRET
string
PagerDuty OAuth client secret

Bitbucket

NEXT_PUBLIC_ENABLE_BITBUCKET
boolean
default:"false"
Enable Bitbucket integration
BB_OAUTH_CLIENT_ID
string
Bitbucket OAuth client ID
BB_OAUTH_CLIENT_SECRET
string
Bitbucket OAuth client secret

OVH (Multi-Region)

NEXT_PUBLIC_ENABLE_OVH
boolean
default:"false"
Enable OVH integration
OVH_EU_CLIENT_ID
string
OVH Europe client ID
OVH_EU_CLIENT_SECRET
string
OVH Europe client secret
OVH_CA_CLIENT_ID
string
OVH Canada client ID
OVH_CA_CLIENT_SECRET
string
OVH Canada client secret
OVH_US_CLIENT_ID
string
OVH US client ID
OVH_US_CLIENT_SECRET
string
OVH US client secret

Scaleway

NEXT_PUBLIC_ENABLE_SCALEWAY
boolean
default:"false"
Enable Scaleway integration

Confluence

NEXT_PUBLIC_ENABLE_CONFLUENCE
boolean
default:"false"
Enable Confluence integration
CONFLUENCE_CLIENT_ID
string
Confluence OAuth client ID
CONFLUENCE_CLIENT_SECRET
string
Confluence OAuth client secret

Dynatrace

NEXT_PUBLIC_ENABLE_DYNATRACE
boolean
default:"false"
Enable Dynatrace integration

BigPanda

NEXT_PUBLIC_ENABLE_BIGPANDA
boolean
default:"false"
Enable BigPanda integration

ThousandEyes

NEXT_PUBLIC_ENABLE_THOUSANDEYES
boolean
default:"false"
Enable ThousandEyes integration

Email (SMTP)

SMTP_HOST
string
SMTP server hostname
SMTP_PORT
number
default:"587"
SMTP server port
SMTP_USER
string
SMTP username
SMTP_PASSWORD
string
SMTP password
SMTP_FROM_EMAIL
string
Email sender address
SMTP_FROM_NAME
string
default:"Aurora"
Email sender name

Kubernetes & Pod Isolation

Configuration for running Aurora agents in isolated Kubernetes pods.
ENABLE_POD_ISOLATION
boolean
default:"false"
Enable isolated pod execution for terminal and chatbot agents
TERMINAL_NAMESPACE
string
Kubernetes namespace for terminal pods
TERMINAL_IMAGE
string
Container image for terminal pods
TERMINAL_POD_TTL
number
Time-to-live for terminal pods (seconds)
TERMINAL_RUNTIME_CLASS
string
Runtime class for terminal pods (e.g., gvisor, kata-containers)
CHATBOT_POD_TTL
number
Time-to-live for chatbot pods (seconds)
USE_UNTRUSTED_NODES
boolean
Schedule pods on untrusted nodes (with appropriate taints/tolerations)
NEXT_PUBLIC_KUBECTL_AGENT_CHART_URL
string
Helm chart URL for kubectl agent deployment

Weaviate (Vector Database)

WEAVIATE_HOST
string
default:"weaviate"
Weaviate host (Docker service name or hostname)
WEAVIATE_PORT
number
default:"8080"
Weaviate HTTP port
WEAVIATE_GRPC_PORT
number
default:"50051"
Weaviate gRPC port

Memgraph (Graph Database)

MEMGRAPH_HOST
string
default:"memgraph"
Memgraph host (Docker service name or hostname)
MEMGRAPH_PORT
number
default:"7687"
Memgraph Bolt protocol port
MEMGRAPH_USER
string
default:"aurora"
Memgraph username
MEMGRAPH_PASSWORD
string
default:"CHANGE_ME"
Memgraph password
DISCOVERY_INTERVAL_HOURS
number
default:"1"
Resource discovery interval (hours)

Rate Limiting

RATE_LIMITING_ENABLED
boolean
default:"false"
Enable API rate limiting
RATE_LIMIT_BYPASS_TOKEN
string
Token to bypass rate limits (for testing/admin)
RATE_LIMIT_HEADERS_ENABLED
boolean
default:"true"
Include rate limit headers in API responses

Development

NGROK_URL
string
ngrok tunnel URL for local development (webhooks, OAuth callbacks)

Configuration Examples

Minimal Local Development

# .env
AURORA_ENV=dev

# Database (auto-generated by make init)
POSTGRES_PASSWORD=generated_password

# Auth & Security (auto-generated by make init)
FLASK_SECRET_KEY=generated_secret
AUTH_SECRET=generated_secret
VAULT_TOKEN=generated_token
SEARXNG_SECRET=generated_secret

# LLM Provider (add your key)
OPENROUTER_API_KEY=sk-or-v1-...
LLM_PROVIDER_MODE=openrouter

# All other variables use defaults from .env.example

Production with AWS S3

# .env
AURORA_ENV=prod

# Storage (AWS S3)
STORAGE_BUCKET=my-aurora-bucket
STORAGE_ENDPOINT_URL=  # Omit for AWS S3
STORAGE_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
STORAGE_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
STORAGE_REGION=us-west-2
STORAGE_USE_SSL=true
STORAGE_VERIFY_SSL=true

# LLM Providers
OPENROUTER_API_KEY=sk-or-v1-...
OPENAI_API_KEY=sk-...
LLM_PROVIDER_MODE=openrouter

# URLs (update for your domain)
FRONTEND_URL=https://aurora.example.com
NEXT_PUBLIC_BACKEND_URL=https://api.aurora.example.com
NEXT_PUBLIC_WEBSOCKET_URL=wss://ws.aurora.example.com

Production with Cloudflare R2

# .env
AURORA_ENV=prod

# Storage (Cloudflare R2)
STORAGE_BUCKET=my-aurora-bucket
STORAGE_ENDPOINT_URL=https://<account_id>.r2.cloudflarestorage.com
STORAGE_ACCESS_KEY=<r2_access_key>
STORAGE_SECRET_KEY=<r2_secret_key>
STORAGE_REGION=auto
STORAGE_USE_SSL=true
STORAGE_VERIFY_SSL=true

Build docs developers (and LLMs) love

Get started for freeTalk to us