Skip to content
Everruns

Environment Variables

API_PREFIX

Optional prefix for all API routes.

PropertyValue
RequiredNo
DefaultEmpty (no prefix)

Example:

Terminal window
# Routes at /api/v1/agents
API_PREFIX=/api

Notes:

  • /health, /swagger-ui, and /api-doc/openapi.json are not affected by this prefix
  • All API routes including auth (/v1/auth/*) are affected by this prefix
  • OAuth callback URLs automatically include this prefix when using defaults
  • Use when running behind a reverse proxy or API gateway that expects a path prefix

CORS_ALLOWED_ORIGINS

Comma-separated list of allowed origins for cross-origin requests. Only needed when the UI is served from a different domain than the API.

PropertyValue
RequiredNo
DefaultNot set (CORS disabled)

Example:

Terminal window
# Allow requests from a different frontend origin
CORS_ALLOWED_ORIGINS=https://app.example.com


# Multiple origins
CORS_ALLOWED_ORIGINS=https://app.example.com,https://admin.example.com

Notes:

  • Not needed for local development (Next.js proxy handles /api/* requests)
  • Not needed in production if using a reverse proxy on the same domain
  • If set, credentials are allowed (Access-Control-Allow-Credentials: true)
  • Wildcard (*) is not supported when using credentials

LLM Provider API Keys

LLM provider API keys (OpenAI, Anthropic, Azure OpenAI) are not configured via environment variables. Instead, they are stored encrypted in the database and managed via the Settings > Providers UI.

PropertyValue
StorageDatabase (encrypted with AES-256-GCM)
ConfigurationSettings > Providers UI or /v1/llm-providers API
Supported ProvidersOpenAI, Anthropic, Azure OpenAI

Required for encryption:

The SECRETS_ENCRYPTION_KEY environment variable must be set for the API and Worker to encrypt/decrypt API keys:

Terminal window
# Generate a new key
python3 -c "import os, base64; print('kek-v1:' + base64.b64encode(os.urandom(32)).decode())"


# Set in environment
SECRETS_ENCRYPTION_KEY=kek-v1:your-generated-key-here

Note: Environment variables like OPENAI_API_KEY or ANTHROPIC_API_KEY are NOT used by the system. All API keys must be configured through the database.

UI API Proxy Architecture

The UI makes all API requests to /api/* paths. These are handled differently in each environment:

Local Development:

  • Next.js rewrites proxy /api/* to http://localhost:9000/*
  • Example: /api/v1/agentshttp://localhost:9000/v1/agents
  • No CORS needed (same-origin)

Production (recommended):

  • Configure your reverse proxy (nginx, Caddy, etc.) to route /api/* to the API server
  • Strip the /api prefix when forwarding
  • Example nginx config: 
    location /api/ {
      proxy_pass http://api-server:9000/;
    }
  • No CORS needed (same-origin)