Skip to content

Configure Service Environment

Caracal services load configuration from environment variables and *_FILE secret variants. Use file-backed secrets in rc and stable modes.

CARACAL_MODE selects one of two security postures, not three:

  • dev — the only relaxed posture. Permits local conveniences (open metrics, INSECURE_* overrides, generated/relaxed settings) for development on a single host. Never use it for anything reachable by others.
  • Published (rc and stable) — the production posture. Both are security-identical and fail-closed: valid HMAC keys are required, Gateway fail-open settings are denied, and incomplete service configuration is rejected before readiness succeeds.

The difference between rc and stable is maturity, not security. rc is a release-candidate build that enforces the full production trust boundary but may be functionally unstable; run stable for production workloads and reserve rc for staging or pre-release validation.

ModePostureUse for
devRelaxed (single-host only)Local development
rcPublished — fail-closed, may be functionally unstableStaging / pre-release validation
stablePublished — fail-closedProduction

Published modes require valid HMAC keys, deny unsafe Gateway fail-open settings, and reject incomplete service configuration before readiness succeeds.

VariableModeUsed byMeaning
CARACAL_MODEallAll servicesdev, rc, or stable.
PORTallHTTP servicesFixed service port: API 3000, STS 8080, Gateway 8081, Audit 9090, Coordinator 4000, Web Console BFF 3002. Control runs in-process in API.
HOSTallTypeScript servicesBind host; defaults to 0.0.0.0 in published modes.
LOG_LEVELallServicesLog verbosity.
DATABASE_URL / DATABASE_URL_FILEallAPI, STS, Gateway, Audit, CoordinatorPostgres connection for product, policy, audit, and delegation state.
REDIS_URL / REDIS_URL_FILEallAPI, STS, Gateway, Audit, CoordinatorRedis connection.
STREAMS_HMAC_KEY / STREAMS_HMAC_KEY_FILErc+stableAPI, STS, Gateway, CoordinatorSigns Redis stream messages.
AUDIT_HMAC_KEY / AUDIT_HMAC_KEY_FILErc+stableAPI, STS, Gateway, Audit, ControlSigns or verifies audit events.
METRICS_BEARER / METRICS_BEARER_FILErc+stableSTS, Gateway, API, Audit, CoordinatorMetrics endpoint bearer token. Generated as the managed metricsBearer secret by caracal up; in published mode (rc/stable) the metrics endpoints fail closed (401) without it.
ServiceVariables
APICARACAL_ADMIN_TOKEN, ZONE_KEK, GATEWAY_STS_HMAC_KEY, STS_URL, API_BODY_LIMIT_BYTES, API_V1_RATE_LIMIT_PER_MIN, API_READY_OUTBOX_DEAD_MAX, TRUST_PROXY, CARACAL_CONTROL_ENABLED, AUDIT_HMAC_KEY, API_OPERATOR_*
STSISSUER_URL, ZONE_KEK, ZONE_KEK_PROVIDER, GATEWAY_STS_HMAC_KEY, STS_ADMIN_TOKEN, MAX_GRANT_TTL_SECONDS, OPA_POLL_SECONDS, AUDIT_REPLAY_DIR
GatewaySTS_URL, GATEWAY_STS_HMAC_KEY, UPSTREAM_HOST_ALLOWLIST, TLS_CERT_FILE, TLS_KEY_FILE, MAX_REQUEST_BYTES, JTI_FAIL_OPEN, AUDIT_REPLAY_DIR
AuditAUDIT_ADMIN_TOKEN, AUDIT_RETENTION_DAYS, AUDIT_MAX_DELIVERIES, AUDIT_CLAIM_IDLE_SECS, AUDIT_TAMPER_ROLLING_HOURS, AUDIT_EXPORT_S3_*, readiness thresholds
CoordinatorISSUER_URL, STS_URL, AGENT_COORDINATOR_SCOPE, CARACAL_COORDINATOR_TOKEN, sweep intervals, retention windows, rate limits
Web Console (BFF)CARACAL_AUTH_DATABASE_URL, CARACAL_AUTH_SECRET, CARACAL_AUTH_DATABASE_SSL, CARACAL_AUTH_SECURE_COOKIES, CARACAL_AUTH_URL, CARACAL_WEB_ORIGIN, CARACAL_WEB_ROOT, CARACAL_AUTH_AUTO_MIGRATE, CARACAL_API_URL, CARACAL_COORDINATOR_URL, CARACAL_ADMIN_TOKEN, CARACAL_COORDINATOR_TOKEN, PORT, HOST, LOG_LEVEL
ControlSTS_JWKS_URL, STS_ISSUER_URL, CONTROL_AUDIENCE, CONTROL_REDIS_URL, CONTROL_API_TOKEN, CARACAL_API_URL, rate and replay controls

The caracal-web image runs the session-guarded backend-for-frontend and serves the built SPA from the same origin. It holds server-side control-plane tokens and proxies browser requests to the internal API and Coordinator; those tokens are never exposed to the browser.

VariableRequiredDefaultMeaning
CARACAL_AUTH_DATABASE_URL / CARACAL_AUTH_DATABASE_URL_FILEyesnonePostgres connection for the dedicated Better Auth session store. Helm and Compose use the separate caracal_auth database through the authDatabaseUrl secret key.
CARACAL_AUTH_SECRET / CARACAL_AUTH_SECRET_FILEyesnoneBetter Auth signing secret. caracal web provisions it for local development; production deployments must provide a high-entropy secret.
CARACAL_AUTH_DATABASE_SSLnorequire in production, disable in developmentPostgres TLS mode: disable, require, or no-verify. An explicit value always wins.
CARACAL_AUTH_SECURE_COOKIESnoenabled in production and for https:// base URLsForces the session cookie Secure attribute.
CARACAL_AUTH_URLproduction yeshttp://localhost:<PORT>Public HTTPS origin browsers load. In the packaged same-origin deployment this is also the trusted browser origin.
CARACAL_WEB_ORIGINnohttp://localhost:3001 plus CARACAL_AUTH_URL originComma-separated extra trusted browser origins for split deployments.
CARACAL_WEB_ROOTnounsetFilesystem path of the built SPA the BFF serves. The production image sets /app/auth/web; leave unset for a pure BFF in a split deployment.
CARACAL_AUTH_AUTO_MIGRATEnofalse in production, true in developmentRuns Better Auth schema provisioning on boot. Keep it false for multi-replica deployments and run node dist/migrate.js once from the BFF image.
CARACAL_API_URLyeshttp://localhost:3000 behavior is only suitable for local single-host useInternal API endpoint proxied by the BFF.
CARACAL_COORDINATOR_URLyeshttp://localhost:4000 behavior is only suitable for local single-host useInternal Coordinator endpoint proxied by the BFF.
CARACAL_ADMIN_TOKEN / CARACAL_ADMIN_TOKEN_FILEyesnoneServer-side API token held by the BFF.
CARACAL_COORDINATOR_TOKEN / CARACAL_COORDINATOR_TOKEN_FILEyesnoneServer-side Coordinator token held by the BFF.
PORTno3002BFF listen port. Prefer PORT; CARACAL_AUTH_PORT is a legacy fallback.
HOSTno0.0.0.0 in production, 127.0.0.1 in developmentBFF bind host.
LOG_LEVELnoinfoBFF log verbosity.

The API service runs the Control plane in-process and powers the Caracal Operator console capability. Control is off until enabled, and the Operator runs without natural-language assistance until at least one AI provider is configured. Provider keys are read from the API service environment and never returned to the browser.

VariableRequiredDefaultMeaning
CARACAL_CONTROL_ENABLEDnofalseEnables the in-process Control plane the Operator executes through.
CONTROL_GATE_FILEnounsetPath to a file that gates Control exposure.
AUDIT_HMAC_KEYrc/stable when Control is enablednoneHex-encoded key (≥32 bytes) for tamper-evident admin audit. Required when CARACAL_CONTROL_ENABLED=true in published modes.
API_OPERATOR_ENABLEDnotrueEnables the Caracal Operator console capability.
API_OPERATOR_AI_PROVIDERSnounsetComma-separated provider ids in failover order. With none set, the Operator runs without natural-language assistance.
API_OPERATOR_AI_<ID>_BASE_URLper providernoneOpenAI-compatible base URL for provider <ID>.
API_OPERATOR_AI_<ID>_MODELper providernoneModel name for provider <ID>.
API_OPERATOR_AI_<ID>_API_KEYhosted providersnoneAPI key for provider <ID>.
API_OPERATOR_AI_<ID>_TIMEOUT_MSno30000Per-request timeout for provider <ID>.
API_OPERATOR_AI_<ID>_CONTEXT_WINDOWno0Context-window hint for provider <ID>; 0 leaves it unset.
API_OPERATOR_AI_MAX_OUTPUT_TOKENSno4096Per-call ceiling on generated tokens.
API_OPERATOR_AI_MAX_CALLS_PER_TURNno12Per-turn budget on model calls.
API_OPERATOR_LLM_PROXY_URLnohttp://litellm:4000/v1Default OpenAI-compatible proxy endpoint.
API_OPERATOR_SELF_GOVERNnofalseLets the Operator self-govern the caracal.sys system zone; requires the Control plane and the sealed control secret.
API_OPERATOR_CONTROL_CLIENT_SECRETnononeSealed control secret for the Operator’s governed execution.
API_OPERATOR_ALLOWED_CAPABILITIESnobuilt-in setOverrides the Operator’s state-changing capability allowlist.
API_OPERATOR_SYSTEM_ZONESnoemptyAdditional zones marked as system zones the Operator must not act in.
API_OPERATOR_AUTOPILOT_ENABLEDnofalseMaster switch; when on, an agent-mode conversation that engages autopilot has every plan auto-approved. The governed execute path still enforces the capability allowlist, least-privilege token, and zone isolation.

These variables belong to caracal run and SDK profile loading, not to service deployment:

VariableMeaning
CARACAL_CONFIGExplicit runtime profile path.
CARACAL_STS_URL or CARACAL_ZONE_URLCloud/custom STS URL override for token exchange.
CARACAL_GATEWAY_URLCloud/custom Gateway URL override for SDK transports.
CARACAL_ZONE_IDZone identifier.
CARACAL_APPLICATION_IDConfidential application ID.
CARACAL_APP_CLIENT_SECRETCloud/custom workload client secret when a file-backed secret is not used.
CARACAL_APP_CLIENT_SECRET_FILECloud/custom workload secret file.
CARACAL_RUN_CREDENTIALSInline JSON credential manifest for resource audiences.
CARACAL_RUN_CREDENTIALS_FILECloud/custom JSON credential manifest.
CARACAL_RESOURCESComma-separated resource_id=upstream_prefix bindings for Gateway routing.
CARACAL_RESOURCES_FILEJSON resource binding file for Gateway routing.

Local dev and stable runtime launches auto-detect credential files from the OS Caracal config directory. Use the explicit file variables only when a deployment mounts secrets somewhere else.

Resource binding files may contain either a flat JSON object such as {"calendar":"https://api.example.com/v1"} or an array of {"resource_id":"calendar","upstream_prefix":"https://api.example.com/v1"} objects. When both resource variables are set, entries in CARACAL_RESOURCES override matching entries from CARACAL_RESOURCES_FILE.

Local dev and stable runtime launches also resolve service URLs automatically. Use explicit service URL variables only when a deployment does not use the local stack defaults.

Before a published deployment becomes ready:

  1. GATEWAY_STS_HMAC_KEY must be hex-encoded and at least 32 bytes for STS and Gateway.
  2. AUDIT_HMAC_KEY must be present for Audit, Gateway, and Control.
  3. Gateway must not run with JTI_FAIL_OPEN=true.
  4. Gateway allows operator-provisioned private upstreams by default; set UPSTREAM_HOST_ALLOWLIST to pin egress to named hosts.
  5. STS caps OPA_POLL_SECONDS at 300.
SymptomCheck
A service starts locally but fails in HelmPublished modes require stricter HMAC, URL, and secret validation.
File secret is ignoredConfirm the variable uses the *_FILE suffix supported by that service.
Wrong port errorUse the fixed port for the service; several services reject arbitrary PORT values.
Runtime workload cannot find configUse Configure Workloads rather than service env vars.

Use Harden Production to confirm published-mode, network, secret, and upstream safety settings.