Skip to main content

Environment Variables Reference

This page lists all service environment variables. Docker mode sets them in docker-compose.yml; Kubernetes mode injects them via Helm values or ConfigMaps.

Workspace Manager

Core

VariableDefaultDescription
PORT3001API listen port
HOST0.0.0.0Listen host
NODE_ENVdevelopmentRuntime environment
DEBUGtrueDebug mode
DEPLOYMENT_ENVdocker / kubernetesDeployment mode; determines workspace provisioner

Database

VariableDefaultDescription
DATABASE_URLpostgresql://postgres:postgres@postgres:5432/aileronPostgreSQL connection string

Redis / Celery

VariableDefaultDescription
REDIS_URLredis://redis:6379Redis URL
CELERY_BROKER_URLredis://redis:6379/0Celery broker (uses DB 0)
CELERY_RESULT_BACKENDredis://redis:6379/1Celery result backend (uses DB 1)
CELERY_TASK_SERIALIZERjsonTask serializer
CELERY_RESULT_SERIALIZERjsonResult serializer
CELERY_ACCEPT_CONTENTjsonAccepted content types

Authentication (JWT)

VariableDefaultDescription
SECRET_KEY(dev default)JWT signing secret. Must be changed in production.
ACCESS_TOKEN_EXPIRE_MINUTES180Access token expiry (minutes)
REFRESH_TOKEN_EXPIRE_DAYS7Refresh token expiry (days)

Keycloak (OAuth2/OIDC)

VariableDefaultDescription
KEYCLOAK_SERVER_URLhttp://aileron-keycloak-dev:8080Keycloak internal URL
KEYCLOAK_REALMaileronKeycloak realm name
KEYCLOAK_CLIENT_IDaileron-frontendOAuth2 client ID
KEYCLOAK_CLIENT_SECRET(empty)OAuth2 client secret (not needed for public clients)
KEYCLOAK_JWKS_CACHE_TTL3600JWKS cache TTL (seconds)

Docker Mode Only

VariableDefaultDescription
DOCKER_HOSTunix:///var/run/docker.sockDocker daemon socket
DOCKER_NETWORKaileron-network-devDocker network name
WORKSPACE_RUNTIME_URLhttp://workspace-runtime:3002Runtime internal URL
HOST_PROJECT_ROOT.Project root on host
HOST_WORKSPACE_RUNTIME_DIR./workspace-runtimeRuntime directory on host
HOST_WORKSPACE_MANAGER_DIR./workspace-managerManager directory on host
HOST_WORKSPACES_DIR./data/workspace-dataWorkspace data directory

Claude API

VariableDefaultDescription
ANTHROPIC_BASE_URL(empty)Claude API base URL (for custom proxy)
ANTHROPIC_AUTH_TOKEN(empty)Claude API token

Workspace Runtime

Core

VariableDefaultDescription
PORT3002API listen port
NODE_ENVdevelopmentRuntime environment
ENVdevelopmentApplication environment
WORKSPACE_IDdefault-workspaceWorkspace ID
WORKSPACE_MANAGER_URLhttp://workspace-manager:3001Manager internal URL
DEPLOYMENT_ENVdocker / kubernetesDeployment mode

Database

VariableDefaultDescription
DATABASE_URLpostgresql://postgres:postgres@postgres:5432/aileronPostgreSQL connection string

Redis & Request Tracing

VariableDefaultDescription
REDIS_URLredis://redis:6379Redis URL
REDIS_HOSTredisRedis host
REDIS_PORT6379Redis port
REDIS_DB0Redis DB index
ENABLE_REDIStrueEnable Redis
REDIS_MAX_CONNECTIONS20Max connection pool size
REDIS_SOCKET_TIMEOUT30Socket timeout (seconds)
REDIS_RETRY_ATTEMPTS3Retry attempts
REQUEST_TTL_SECONDS3600Request TTL
CLEANUP_INTERVAL_SECONDS300Cleanup interval

Internal Authentication

VariableDefaultDescription
INTERNAL_API_TOKENdev-internal-tokenService-to-service auth token

SSH

VariableDefaultDescription
SSH_PORT22SSH listen port
SSH_HOST_KEY_PATH/etc/ssh/ssh_host_rsa_keySSH host key path

Git

VariableDefaultDescription
GIT_USER_NAMEDeveloperGit user name
GIT_USER_EMAILdeveloper@workspace.localGit user email

Terminal Service

VariableDefaultDescription
TERMINAL_PORT3004Terminal WebSocket port
LOG_LEVELdebugLog level
MAX_TABS_PER_WORKSPACE10Max terminal tabs per workspace
SESSION_TIMEOUT300Session timeout (seconds)
PTY_BUFFER_SIZE1024PTY buffer size

Claude API

VariableDefaultDescription
ANTHROPIC_BASE_URL(empty)Claude API base URL
ANTHROPIC_AUTH_TOKEN(empty)Claude API token

Keycloak (OAuth2/OIDC)

VariableDefaultDescription
KEYCLOAK_SERVER_URLhttp://aileron-keycloak-dev:8080Keycloak internal URL
KEYCLOAK_REALMaileronRealm name
KEYCLOAK_CLIENT_IDaileron-webOAuth2 client ID
KEYCLOAK_JWKS_URL(auto-composed)JWKS endpoint URL
KEYCLOAK_JWKS_CACHE_TTL3600JWKS cache TTL (seconds)

Browser Container Discovery

VariableDefaultDescription
BROWSER_CONTAINER_NAMEworkspace-browser-default-workspaceBrowser container name
BROWSER_CDP_URLhttp://workspace-browser-default-workspace:9223Chrome DevTools Protocol URL
BROWSER_WEBRTC_INTERNAL_URLhttp://workspace-browser-default-workspace:6080WebRTC internal URL

Canvas Container Discovery

VariableDefaultDescription
CANVAS_CONTAINER_NAMEworkspace-canvas-default-workspaceCanvas container name
CANVAS_INTERNAL_URLhttp://workspace-canvas-default-workspace:3003Canvas internal URL
CANVAS_API_URLhttp://workspace-canvas-default-workspace:3013Canvas management API URL

Frontend

VariableDefaultDescription
NODE_ENVdevelopment / productionRuntime environment
DOCKER_ENVtrue / falseWhether running inside Docker
VITE_API_BASE_URLhttp://localhost:3001Manager API URL (browser-side)
VITE_FRONTEND_PUBLIC_URL(empty)Frontend public URL
VITE_KEYCLOAK_SERVER_URLhttp://localhost:8080Keycloak URL (browser-side)
VITE_KEYCLOAK_REALMaileronKeycloak realm
VITE_KEYCLOAK_CLIENT_IDaileron-frontendKeycloak client ID
VITE_WORKSPACE_K8S_ALLOWED_NAMESPACESworkspace-system,defaultAllowed K8s namespaces
VITE_WORKSPACE_K8S_DEFAULT_NAMESPACEworkspace-systemDefault K8s namespace
VITE_ Prefix

All VITE_ variables are bundled into the frontend JavaScript. Never put secrets in these variables.

Keycloak

VariableDefaultDescription
KC_HOSTNAMElocalhostKeycloak hostname
KC_HOSTNAME_URLhttp://localhost:8080Public full URL
KC_HOSTNAME_ADMIN_URLhttp://localhost:8080Admin console URL
KC_HOSTNAME_STRICTfalseStrict hostname check
KC_HOSTNAME_STRICT_HTTPSfalseStrict HTTPS check
KC_HTTP_ENABLEDtrueEnable HTTP
KC_HTTPS_ENABLEDfalseEnable HTTPS
KC_PROXY_HEADERSxforwardedTrusted proxy header type
KC_DBpostgresDatabase type
KC_DB_URLjdbc:postgresql://postgres:5432/keycloakDatabase URL
KC_DB_USERNAMEpostgresDatabase user
KC_DB_PASSWORDpostgresDatabase password
KC_BOOTSTRAP_ADMIN_USERNAMEadminInitial admin user
KC_BOOTSTRAP_ADMIN_PASSWORDadminInitial admin password
KC_HEALTH_ENABLEDtrueEnable health endpoints
KC_METRICS_ENABLEDtrueEnable metrics endpoint

Workspace Browser (neko)

VariableDefaultDescription
WORKSPACE_IDdefault-workspaceWorkspace ID
NEKO_SERVER_BIND:6080neko listen address
NEKO_DESKTOP_SCREEN1440x900@30Desktop resolution and FPS
NEKO_MEMBER_MULTIUSER_USER_PASSWORDnekoRegular user password
NEKO_MEMBER_MULTIUSER_ADMIN_PASSWORDadminAdmin password
NEKO_WEBRTC_ICELITE1Enable ICE Lite mode
NEKO_WEBRTC_UDPMUX52000WebRTC UDP mux port
NEKO_WEBRTC_NAT1TO1127.0.0.1NAT 1:1 mapping IP
NEKO_SESSION_IMPLICIT_HOSTINGtrueAuto-assign host permissions

Workspace Canvas

VariableDefaultDescription
WORKSPACE_IDdefault-workspaceWorkspace ID
PORT3003Canvas renderer port
API_PORT3013Management API port
WORKSPACE_DIR/workspaceWorkspace directory
NODE_ENVdevelopmentRuntime environment

Workspace Operator (Kubernetes only)

VariableDefaultDescription
LOG_LEVELinfoLog level
WORKSPACE_CRD_GROUPplatform.aileron.ioCRD API group
WORKSPACE_CRD_VERSIONv1alpha1CRD API version
WATCH_NAMESPACE(empty)Watch namespace; empty means watch all

Kubernetes ConfigMap Injection

In Kubernetes mode, the platform-config ConfigMap auto-injects these variables:

ConfigMap KeyDescription
PUBLIC_SCHEMEPublic routing scheme
PUBLIC_BASE_DOMAINBase domain
PUBLIC_FRONTEND_URLFull Frontend URL
PUBLIC_WORKSPACE_MANAGER_URLFull Manager URL
PUBLIC_KEYCLOAK_URLFull Keycloak URL
PUBLIC_RUNTIME_HOST_PATTERNRuntime host pattern
PUBLIC_BROWSER_HOST_PATTERNBrowser host pattern
PUBLIC_CANVAS_HOST_PATTERNCanvas host pattern
RUNTIME_PROVISIONERProvisioner type
RUNTIME_K8S_NAMESPACEDefault K8s namespace
RUNTIME_K8S_ALLOWED_NAMESPACESAllowed namespaces
RUNTIME_K8S_SERVICE_TYPEService type
RUNTIME_K8S_IMAGERuntime image
RUNTIME_K8S_BROWSER_IMAGEBrowser image
RUNTIME_K8S_CANVAS_IMAGECanvas image
CILIUM_ENABLEDWhether Cilium is enabled
FIREWALL_DEFAULTS_CONFIGMAP_NAMEFirewall defaults ConfigMap name