ibexharness
DocsBlogReleasesRoadmap
GitHub
ibexharness

Documentation

Docker Compose (dev)Kubernetes (production)Environment variables
Deployment›Environment variables
Deployment

Environment variables

Integrator-focused env vars for proxy, auth, Postgres, and Redis in Phase 1 local and staging deployments.

IBEX services load configuration from environment variables at startup via packages/config. Missing required values fail fast with a clear message — there are no checked-in .env files, only .env.example per service.

Full registry

Operators and platform engineers should also read docs/ENVIRONMENT_VARIABLES.md in the repository for ClickHouse, MinIO, Python services, and production profiles.

Conventions

  • Prefix IBEX_ for project-wide settings; POSTGRES_ / REDIS_ for infrastructure.
  • Secrets (DSNs, Redis passwords) never belong in git — inject via your secret manager.
  • Precedence: process env → .env file (local only) → documented defaults.

Proxy (Phase 1)

ParameterTypeDescription
IBEX_AUTH_GRPC_ADDRRequiredstring (host:port)
Auth gRPC target for ValidateToken and ValidateAgent.
Default: 127.0.0.1:9091
REDIS_URLstring (URL)
Redis for rate limiting and proxy /ready. Empty uses Noop limiter (no RPM enforcement).
Default: (empty)
IBEX_PORTinteger
HTTP listen port for /health, /ready, /metrics, and /v1/* routes.
Default: 8080
IBEX_AUTH_VALIDATE_TIMEOUTduration
Per-request auth gRPC budget. Use 2s locally; production target is 50ms.
Default: 50ms (code); 2s in .env.example
IBEX_RATE_LIMIT_DEFAULT_RPMinteger
Default org requests-per-minute when Redis is available.
Default: 60
IBEX_MAX_REQUEST_BODY_BYTESinteger
Max chat POST body size (see ADR-0013).
Default: 1048576
IBEX_ERROR_DOCS_BASEstring (URL)
Optional base for error envelope docs_url fields.
Default: (omit in dev)

Copy services/proxy/.env.example and services/auth/.env.example before running services.

Auth (Phase 1)

ParameterTypeDescription
POSTGRES_DSNRequiredstring (postgres://…)
Postgres for tokens and agents. Compose: postgres://ibex:ibex@localhost:5432/ibex
IBEX_PORTinteger
HTTP port for /health, /ready, and /metrics.
Default: 8081
IBEX_GRPC_PORTinteger
gRPC listen port for AuthService (internal only).
Default: 9091
POSTGRES_TEST_DSNstring
Integration tests on compose test port 5433.
Default: postgres://ibex:ibex@localhost:5433/ibex_test?sslmode=disable

The proxy never reads POSTGRES_DSN in Phase 1 — identity access is gRPC-only. Run make db-migrate after compose is healthy.

Redis

ParameterTypeDescription
REDIS_URLstring (URL)
Primary connection string, e.g. redis://localhost:6379/0.
Default: redis://localhost:6379/0
REDIS_CONNECT_TIMEOUT_MSinteger
Connection timeout on the critical path.
Default: 200
REDIS_TLS_ENABLEDboolean
Enable TLS for managed Redis in staging/production.
Default: false

Fail-open rate limiting

When Redis is unreachable, the proxy rate limiter fails open (requests proceed). Readiness still reports Redis as a critical check — see Proxy health.

Local .env layout

bash
cp services/proxy/.env.example services/proxy/.env
cp services/auth/.env.example services/auth/.env

Was this page helpful?

Edit on GitHub

Last updated on

PreviousKubernetes (production)NextOperations

On this page

  • Conventions
  • Proxy (Phase 1)
  • Auth (Phase 1)
  • Redis
  • Local .env layout
0%