Environment Variables

Overview

The CS Interview Assistant uses environment variables for configuration, API keys, and sensitive credentials. All environment variables should be defined in a .env file in the backend root directory.

Quick Start

Create a .env file in the backend/ directory:

cd backend
touch .env

Add your configuration (see sections below for all variables).

Never commit .env files to version control. The .env file should be listed in .gitignore.

Required Variables

These variables must be set for the application to function properly.

Mistral AI Configuration

MISTRAL_API_KEY

string

required

Your Mistral AI API key for accessing language models.How to obtain:

Sign up at Mistral AI Console
Navigate to API Keys section
Create a new API key
Copy the key to your .env file

Example:

MISTRAL_API_KEY=your_mistral_api_key_here

Used in: backend/app.py:612-617, RAG system, adaptive interview controller

The application will fail to start if MISTRAL_API_KEY is not set, as it’s required for core AI features including RAG, mock interviews, and coding exercises.

Security Variables

These variables control authentication and session management. While defaults are provided, you must change them in production.

Flask Session Management

SECRET_KEY

string

required

Flask secret key for session encryption and security.Default: 'your-secret-key-here' (development only)Production requirement: Generate a secure random keyExample:

SECRET_KEY=09d25e094faa6ca2556c818166b7a9563b93f7099f6f0f4caa6cf63b88e8d3e7

Generate secure key:

python -c "import secrets; print(secrets.token_hex(32))"

Defined in: backend/config.py:16, backend/app.py:137

Using the default SECRET_KEY in production is a critical security vulnerability. Always generate a unique, random key.

JWT Authentication

JWT_SECRET_KEY

string

required

Secret key for signing JSON Web Tokens (JWT) used for API authentication.Default: 'your-jwt-secret-key-here' (development only)Production requirement: Generate a different key from SECRET_KEYExample:

JWT_SECRET_KEY=a8f5f167f44f4964e6c998dee827110c

Generate secure key:

python -c "import secrets; print(secrets.token_hex(32))"

Defined in: backend/config.py:25, backend/app.py:154Token expiration: 24 hours (configured in config.py:26)

AI Model Configuration

Mistral Model Selection

MISTRAL_MODEL

string

default:"mistral-large-latest"

Specifies which Mistral model to use for AI operations.Available models:

mistral-large-latest - Most capable, recommended for production
mistral-medium-latest - Balanced performance and cost
mistral-small-latest - Faster, lower cost
open-mistral-7b - Open source model

Example:

MISTRAL_MODEL=mistral-large-latest

Defined in: backend/config.py:29, backend/app.py:610Impact: Affects quality of interview questions, code analysis, and RAG responses

The default mistral-large-latest model provides the best results for technical interviews. Consider smaller models only if cost optimization is critical.

Optional Variables

These variables enable additional features but are not required for basic operation.

Speech-to-Text Services

ASSEMBLYAI_API_KEY

string

AssemblyAI API key for real-time speech transcription during voice interviews.When to use: Enable this for production-quality real-time transcriptionFallback: If not set, the system uses a mock transcription service (no actual transcription)How to obtain:

Sign up at AssemblyAI
Get your API key from the dashboard

Example:

ASSEMBLYAI_API_KEY=your_assemblyai_key_here

Used in: backend/assemblyai_websocket_stream.py

Without ASSEMBLYAI_API_KEY, voice interview features will use a mock transcription service that collects audio but doesn’t transcribe it. This is useful for development but not for production.

Database Configuration

Default SQLite Configuration

By default, the application uses SQLite with no additional configuration needed:

# Automatically configured in config.py:17
SQLALCHEMY_DATABASE_URI = 'sqlite:///interview_prep.db'

Database location: instance/interview_prep.db (created automatically)

PostgreSQL Configuration (Production)

For production deployments, use PostgreSQL by setting:

DATABASE_URL

string

PostgreSQL connection string (production environments only).Format:

DATABASE_URL=postgresql://username:password@host:port/database

Example:

DATABASE_URL=postgresql://interview_user:secure_password@localhost:5432/interview_db

To enable: Modify backend/config.py:17 to use this variable:

SQLALCHEMY_DATABASE_URI = os.getenv('DATABASE_URL', 'sqlite:///interview_prep.db')

File Upload Configuration

These settings are configured in config.py but can be overridden via environment variables if needed.

UPLOAD_FOLDER

string

default:"uploads"

Directory for storing uploaded files (resumes, audio recordings).Defined in: backend/config.py:21

MAX_CONTENT_LENGTH

integer

default:"16777216"

Maximum file upload size in bytes (default: 16MB).Defined in: backend/config.py:22

RAG System Paths

These paths are configured in config.py and typically don’t need environment variable overrides:

# FAISS index locations (config.py:33-36)
RAG_DIRS = [
    PROJECT_ROOT / "data" / "processed" / "faiss_mistral",
    Path("data") / "processed" / "faiss_mistral"
]

# Configuration files (config.py:39-41)
CONFIG_DIR = PROJECT_ROOT / "config"
TOPIC_RULES_FILE = CONFIG_DIR / "topic_rules.json"
TAXONOMY_FILE = CONFIG_DIR / "taxonomy.json"

Complete .env Template

Here’s a complete .env file template with all available variables:

# ==========================================
# REQUIRED: AI Configuration
# ==========================================
MISTRAL_API_KEY=your_mistral_api_key_here

# ==========================================
# REQUIRED: Security (Change in Production!)
# ==========================================
SECRET_KEY=your-secret-key-here
JWT_SECRET_KEY=your-jwt-secret-key-here

# ==========================================
# OPTIONAL: AI Model Selection
# ==========================================
MISTRAL_MODEL=mistral-large-latest

# ==========================================
# OPTIONAL: Speech-to-Text
# ==========================================
# ASSEMBLYAI_API_KEY=your_assemblyai_key_here

# ==========================================
# OPTIONAL: Production Database
# ==========================================
# DATABASE_URL=postgresql://user:password@localhost:5432/interview_db

# ==========================================
# OPTIONAL: File Upload Configuration
# ==========================================
# UPLOAD_FOLDER=uploads
# MAX_CONTENT_LENGTH=16777216

Security Best Practices

1. Never Commit Secrets

# Add to .gitignore
.env
.env.local
.env.*.local
*.env

2. Use Different Keys for Each Environment

Maintain separate .env files for development, staging, and production:

.env.development
.env.staging
.env.production

3. Rotate Keys Regularly

In production:

Rotate SECRET_KEY and JWT_SECRET_KEY every 90 days
Rotate MISTRAL_API_KEY if compromised
Update all active sessions after key rotation

4. Use Environment Variable Management

For production deployments, consider using:

Docker Secrets for containerized deployments
AWS Secrets Manager or Azure Key Vault for cloud deployments
HashiCorp Vault for enterprise environments

5. Restrict File Permissions

chmod 600 .env  # Only owner can read/write

Loading Environment Variables

The application automatically loads environment variables using python-dotenv:

# backend/config.py:11
from dotenv import load_dotenv
load_dotenv()

Variables are loaded in this order (later sources override earlier ones):

System environment variables
.env file in backend directory
Default values in code

Verification

Verify your environment configuration:

# Check if .env file exists
ls -la backend/.env

# Test environment loading (without exposing secrets)
python -c "from dotenv import load_dotenv; import os; load_dotenv(); print('MISTRAL_API_KEY:', 'SET' if os.getenv('MISTRAL_API_KEY') else 'NOT SET')"

Troubleshooting