Skip to main content
VectorDB uses environment variables for API keys, connection strings, and deployment-specific settings. This reference documents all supported environment variables.

Why environment variables?

Environment variables provide several benefits:
  • Security: Keep credentials out of version control
  • Flexibility: Change settings per environment without code changes
  • Portability: Deploy the same config across dev, staging, and production
  • CI/CD integration: Inject secrets from vault systems

Variable syntax in configurations

VectorDB supports two environment variable patterns in YAML: 
api_key: "${PINECONE_API_KEY}"
# Returns empty string if not set

Vector database credentials

Pinecone

PINECONE_API_KEY
string
required
API key for Pinecone authentication. Get from Pinecone console.Example:
export PINECONE_API_KEY="pc-abcd1234..."
Usage in config:
pinecone:
  api_key: "${PINECONE_API_KEY}"

Weaviate

WEAVIATE_URL
string
required
Weaviate cluster URL including protocol and port.Example:
export WEAVIATE_URL="https://my-cluster.weaviate.network"
Usage in config:
weaviate:
  cluster_url: "${WEAVIATE_URL}"
WEAVIATE_API_KEY
string
required
API key for Weaviate authentication.Example:
export WEAVIATE_API_KEY="weaviate-api-key-abc123"
Usage in config:
weaviate:
  api_key: "${WEAVIATE_API_KEY}"

Milvus

MILVUS_URI
string
required
Milvus connection URI including protocol, host, and port.Example:
export MILVUS_URI="http://localhost:19530"
# or for cloud deployment:
export MILVUS_URI="https://milvus-prod.example.com:19530"
Usage in config:
milvus:
  uri: "${MILVUS_URI:-http://localhost:19530}"
MILVUS_TOKEN
string
Authentication token for Milvus (required for managed instances).Example:
export MILVUS_TOKEN="milvus-token-xyz789"
Usage in config:
milvus:
  token: "${MILVUS_TOKEN:-}"

Qdrant

QDRANT_URL
string
required
Qdrant server URL including protocol, host, and port.Example:
export QDRANT_URL="http://localhost:6333"
# or for cloud:
export QDRANT_URL="https://qdrant-prod.example.com:6333"
Usage in config:
qdrant:
  url: "${QDRANT_URL:-http://localhost:6333}"
QDRANT_API_KEY
string
API key for Qdrant authentication (required for cloud deployments).Example:
export QDRANT_API_KEY="qdrant-key-abc123"
Usage in config:
qdrant:
  api_key: "${QDRANT_API_KEY:-}"
QDRANT_HOST
string
Alternative: Qdrant host (used with QDRANT_PORT).Example:
export QDRANT_HOST="localhost"
export QDRANT_PORT="6333"
QDRANT_PORT
string
Qdrant port number (used with QDRANT_HOST).Default: 6333

Chroma

CHROMA_HOST
string
Chroma server host for client/server mode.Example:
export CHROMA_HOST="localhost"
Usage in config:
chroma:
  host: "${CHROMA_HOST:-localhost}"
CHROMA_PORT
string
Chroma server port.Example:
export CHROMA_PORT="8000"
Default: 8000
CHROMA_PERSIST_DIR
string
Directory for Chroma local persistence.Example:
export CHROMA_PERSIST_DIR="./chroma_data"
Usage in config:
chroma:
  path: "${CHROMA_PERSIST_DIR:-./chroma_data}"

LLM API keys

Groq

GROQ_API_KEY
string
required
API key for Groq LLM services. Get from Groq console.Example:
export GROQ_API_KEY="gsk_abc123..."
Usage in config:
rag:
  api_key: "${GROQ_API_KEY}"
  model: "llama-3.3-70b-versatile"

OpenAI

OPENAI_API_KEY
string
required
API key for OpenAI services.Example:
export OPENAI_API_KEY="sk-proj-..."
Usage in config:
rag:
  provider: "openai"
  api_key: "${OPENAI_API_KEY}"
  model: "gpt-4-turbo-preview"

Cohere

COHERE_API_KEY
string
API key for Cohere reranking services.Example:
export COHERE_API_KEY="cohere-key-xyz"
Usage in config:
reranker:
  type: "cohere"
  cohere_api_key: "${COHERE_API_KEY}"

Application settings

LOG_LEVEL
string
Logging level for the application.Values: DEBUG, INFO, WARNING, ERROR, CRITICALExample:
export LOG_LEVEL="WARNING"
Default: INFOUsage in config:
logging:
  level: "${LOG_LEVEL:-INFO}"
ENVIRONMENT
string
Deployment environment identifier.Values: development, staging, productionExample:
export ENVIRONMENT="production"
Usage in code:
import os
env = os.getenv("ENVIRONMENT", "development")
config_path = f"configs/{env}.yaml"
ENABLE_TELEMETRY
boolean
Enable telemetry and metrics collection.Example:
export ENABLE_TELEMETRY="true"
Default: false
MAX_RETRIES
integer
Maximum retry attempts for failed operations.Example:
export MAX_RETRIES="3"
Default: 3
TIMEOUT_SECONDS
integer
Default timeout for API requests in seconds.Example:
export TIMEOUT_SECONDS="30"
Default: 30

Setting environment variables

Local development (.env file)

Create a .env file in your project root:
.env
# Vector Databases
PINECONE_API_KEY=pc-dev-xxxx
WEAVIATE_URL=http://localhost:8080
WEAVIATE_API_KEY=dev-key
MILVUS_URI=http://localhost:19530
QDRANT_URL=http://localhost:6333
CHROMA_PERSIST_DIR=./chroma_data

# LLM APIs
GROQ_API_KEY=gsk_dev_xxxx
OPENAI_API_KEY=sk-dev-xxxx

# Application
LOG_LEVEL=INFO
ENVIRONMENT=development
Load with python-dotenv: 
from dotenv import load_dotenv
import os

load_dotenv()

api_key = os.getenv("PINECONE_API_KEY")

Shell export

export PINECONE_API_KEY="pc-prod-xxxx"
export GROQ_API_KEY="gsk_prod_xxxx"
export LOG_LEVEL="WARNING"

Docker

docker run \
  -e PINECONE_API_KEY="pc-prod-xxxx" \
  -e GROQ_API_KEY="gsk_prod_xxxx" \
  -e LOG_LEVEL="WARNING" \
  my-vectordb-app
Or use an env file: 
docker run --env-file .env.production my-vectordb-app

Docker Compose

docker-compose.yml
services:
  vectordb:
    image: my-vectordb-app
    env_file:
      - .env.production
    environment:
      - ENVIRONMENT=production
      - LOG_LEVEL=WARNING

Kubernetes secrets

secrets.yaml
apiVersion: v1
kind: Secret
metadata:
  name: vectordb-secrets
type: Opaque
stringData:
  pinecone-api-key: "pc-prod-xxxx"
  groq-api-key: "gsk_prod_xxxx"
  weaviate-api-key: "weaviate-prod-key"
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: vectordb-app
spec:
  template:
    spec:
      containers:
      - name: app
        image: my-vectordb-app
        env:
        - name: PINECONE_API_KEY
          valueFrom:
            secretKeyRef:
              name: vectordb-secrets
              key: pinecone-api-key
        - name: GROQ_API_KEY
          valueFrom:
            secretKeyRef:
              name: vectordb-secrets
              key: groq-api-key
        - name: LOG_LEVEL
          value: "WARNING"

GitHub Actions

.github/workflows/test.yml
name: Test

on: [push]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Run tests
        env:
          PINECONE_API_KEY: ${{ secrets.PINECONE_API_KEY }}
          GROQ_API_KEY: ${{ secrets.GROQ_API_KEY }}
          LOG_LEVEL: INFO
        run: |
          pytest tests/

Environment-specific configuration pattern

Organize variables by environment: 
PINECONE_API_KEY=pc-dev-xxxx
GROQ_API_KEY=gsk_dev_xxxx
LOG_LEVEL=DEBUG
ENVIRONMENT=development
MILVUS_URI=http://localhost:19530
QDRANT_URL=http://localhost:6333
Load environment-specific file: 
import os
from dotenv import load_dotenv

env = os.getenv("ENVIRONMENT", "development")
load_dotenv(f".env.{env}")

Security best practices

Add environment files to .gitignore:
.gitignore
.env
.env.*
!.env.example
Provide an example file with placeholders:
.env.example
PINECONE_API_KEY=your-pinecone-api-key
GROQ_API_KEY=your-groq-api-key
MILVUS_URI=http://localhost:19530
LOG_LEVEL=INFO
For production, use dedicated secret management:
  • AWS Secrets Manager or Parameter Store
  • Google Cloud Secret Manager
  • Azure Key Vault
  • HashiCorp Vault
  • Kubernetes Secrets
Example with AWS Secrets Manager:
import boto3
import json

def get_secret(secret_name):
    client = boto3.client('secretsmanager')
    response = client.get_secret_value(SecretId=secret_name)
    return json.loads(response['SecretString'])

secrets = get_secret('vectordb/production')
os.environ['PINECONE_API_KEY'] = secrets['pinecone_api_key']
os.environ['GROQ_API_KEY'] = secrets['groq_api_key']
  • Set up automatic key rotation (monthly or quarterly)
  • Monitor for leaked credentials using tools like GitGuardian
  • Revoke old keys after rotation
  • Test new credentials before revoking old ones
Check that required variables are set at startup:
import os
import sys

required_vars = [
    "PINECONE_API_KEY",
    "GROQ_API_KEY",
]

missing = [var for var in required_vars if not os.getenv(var)]

if missing:
    print(f"Error: Missing required environment variables: {missing}")
    sys.exit(1)

Troubleshooting

Symptom: Configuration shows ${VAR_NAME} literal instead of value.Solutions:
  • Ensure variable is exported: export VAR_NAME=value
  • Check variable name spelling matches exactly
  • Verify .env file is loaded if using python-dotenv
  • Use default syntax: ${VAR_NAME:-default} to see if default appears
Symptom: Variable resolves to empty string.Solutions:
  • Variable is set but empty: export VAR_NAME=
  • Use echo $VAR_NAME to verify shell environment
  • Check for typos in variable name
  • Ensure export happens before running Python
Symptom: Production uses development credentials.Solutions:
  • Set ENVIRONMENT variable before loading config
  • Use explicit env file path: load_dotenv('.env.production')
  • Check which env file was loaded in logs
  • Verify Kubernetes/Docker env injection

Next steps

Configuration reference

See how to use these variables in YAML configs

Production deployment

Learn production secrets management patterns

Building RAG pipelines

Use environment variables in your first pipeline

Benchmarking

Set up evaluation environments

Build docs developers (and LLMs) love

Get started for freeTalk to us