Application secrets and environment settings must be delivered consistently to the backend, worker, scheduler, migration, and MCP workloads that need them. The variables on this page are the on-prem-specific baseline; for the full env reference, see Environment variables.
Required baseline env contract
DATABASE_URL=postgresql://...
REDIS_ENABLED=true
REDIS_URL=redis://...
MULTI_POD_ENABLED=true
FILE_UPLOAD_STORAGE_BACKEND=local
FILE_UPLOAD_LOCAL_IS_SHARED=true
FILE_UPLOAD_LOCAL_DIR=/shared
TABULAR_QUERY_BACKEND=postgresql
TABULAR_POSTGRESQL_SCHEMA=tabular
QDRANT_MODE=server
QDRANT_HOST=qdrant.<namespace>.svc.cluster.local
QDRANT_PORT=6333
LIBREOFFICE_SERVICE_URL=http://aperium-libreoffice.<namespace>.svc.cluster.local:8091
DOCUMENT_PROCESSING_MODE=worker
Substitute <namespace> with the namespace where each in-cluster service is deployed. Each variable above is documented in detail under Database, Multi-pod and Redis, File uploads and shared storage, Tabular query backend, and Vector database (Qdrant).
This deployment shape assumes full allowed-scope tool loading instead of request-time capability selection. Set the following so the backend hydrates the expected tool set on every request (see Tool loading and routing for context):
TOOL_LOADING_CAPABILITY_ROUTING_ENABLED=false
DEFERRED_TOOL_LOADING_ENABLED=true
CONTEXT_MANAGEMENT_ENABLED=true
MAX_TOOLS_PER_REQUEST=50
MAX_TOOL_TOKENS=5000
These values reflect the on-prem requirements contract. They are not necessarily the same defaults the cloud-hosted deployment uses. Treat them as the baseline for this deployment shape rather than as universal defaults.
Where these values are sourced
The values above must be delivered through your approved secret-management flow (Vault, External Secrets, Sealed Secrets, or an equivalent Kubernetes Secret pipeline). Application workloads — backend, document worker, background scheduler, migration job, and the in-cluster MCP services — must all see the relevant subset of this env at boot.