-
Notifications
You must be signed in to change notification settings - Fork 736
Expand file tree
/
Copy path.env.example
More file actions
400 lines (334 loc) · 10.7 KB
/
.env.example
File metadata and controls
400 lines (334 loc) · 10.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
# OpenSRE example environment
#
# Fast path:
# 1. Set `LLM_PROVIDER` and the matching API key below.
# 2. Run `opensre onboard` for guided local setup.
# 3. Configure one integration with `opensre integrations setup <service>`.
# 4. Verify with `opensre health` and `opensre integrations verify <service>`.
#
# `~/.config/opensre/integrations.json` is the preferred local integration store.
# The env vars below are still supported as fallback/direct configuration.
# --- Most important ---------------------------------------------------------
# Provider used for LLM calls. Common values: anthropic, openai, openrouter,
# gemini, nvidia, minimax, bedrock, ollama, codex, claude-code, opencode, kimi,
# copilot.
LLM_PROVIDER=anthropic
# Codex CLI works for `opensre investigate` after `codex login`.
# Leave CODEX_MODEL empty to use the CLI's currently configured model.
CODEX_MODEL=
CODEX_BIN=
# Claude Code CLI works for `opensre investigate` after `claude login` or setting ANTHROPIC_API_KEY.
# Install: npm i -g @anthropic-ai/claude-code
# Leave CLAUDE_CODE_MODEL empty to use the CLI's currently configured model.
CLAUDE_CODE_MODEL=
CLAUDE_CODE_BIN=
# Gemini CLI works for `opensre investigate` after `gemini` auth setup.
# Install: npm i -g @google/gemini-cli
# Leave GEMINI_CLI_MODEL empty to use the CLI's configured default model.
GEMINI_CLI_MODEL=
GEMINI_CLI_BIN=
# OpenCode CLI works for `opensre investigate` after `opencode auth login`.
# Leave OPENCODE_MODEL empty to use the CLI's currently configured model
OPENCODE_MODEL=
OPENCODE_BIN=
# Cursor Agent CLI
# Leave CURSOR_MODEL empty to use the CLI's currently configured model.
CURSOR_MODEL=
CURSOR_BIN=
# Kimi Code CLI works for `opensre investigate` after `kimi login`.
# Leave KIMI_MODEL empty to use the CLI's currently configured model.
KIMI_MODEL=
KIMI_BIN=
KIMI_API_KEY=
# KIMI_SHARE_DIR=~/.kimi
# GitHub Copilot CLI works for `opensre investigate` after running `copilot`
# and authenticating with the interactive `/login` slash command.
# Install: npm i -g @github/copilot
# Leave COPILOT_MODEL empty to use the CLI's currently configured model.
COPILOT_MODEL=
COPILOT_BIN=
# Optional auth fallbacks (only used when no stored Copilot CLI login exists):
# COPILOT_GITHUB_TOKEN=
# GH_TOKEN=
# GITHUB_TOKEN=
# Optional config dir override (default: ~/.copilot):
# COPILOT_HOME=
# Set the key for the provider you choose above.
ANTHROPIC_API_KEY=
ANTHROPIC_REASONING_MODEL=
ANTHROPIC_TOOLCALL_MODEL=
OPENAI_API_KEY=
OPENAI_REASONING_MODEL=
OPENAI_TOOLCALL_MODEL=
# OpenRouter supports many hosted models behind one API key.
OPENROUTER_API_KEY=
OPENROUTER_REASONING_MODEL=
OPENROUTER_TOOLCALL_MODEL=
# Gemini uses the OpenAI-compatible endpoint in this project.
GEMINI_API_KEY=
GEMINI_REASONING_MODEL=
GEMINI_TOOLCALL_MODEL=
# NVIDIA NIM / hosted inference.
NVIDIA_API_KEY=
NVIDIA_REASONING_MODEL=
NVIDIA_TOOLCALL_MODEL=
# Amazon Bedrock — set `LLM_PROVIDER=bedrock` above. Uses the same AWS credential
# chain as the AWS integration block below (region, keys, or IAM role). No LLM API key.
BEDROCK_REASONING_MODEL=
BEDROCK_TOOLCALL_MODEL=
# --- First integrations to set up ------------------------------------------
# For a first real RCA run, one of Grafana / Datadog / Honeycomb / Coralogix
# is usually enough. Prefer `opensre integrations setup <service>` when local.
# Grafana
# For `make grafana-local-up`, use `http://localhost:3000` and any placeholder
# token such as `local`.
GRAFANA_READ_TOKEN=
GRAFANA_INSTANCE_URL=
GRAFANA_LOKI_DATASOURCE_UID=
GRAFANA_TEMPO_DATASOURCE_UID=
# Optional multi-instance override. When set, this takes precedence over the
# single-instance Grafana vars above.
# GRAFANA_INSTANCES='[
# {"name":"prod","tags":{"env":"prod"},"endpoint":"https://prod.grafana.net","api_key":"..."}
# ]'
GRAFANA_INSTANCES=
# Argo CD (read-only REST API integration)
# Use exactly one auth method: ARGOCD_AUTH_TOKEN/ARGOCD_TOKEN or username/password.
ARGOCD_BASE_URL=
ARGOCD_AUTH_TOKEN=
ARGOCD_TOKEN=
ARGOCD_USERNAME=
ARGOCD_PASSWORD=
ARGOCD_PROJECT=
ARGOCD_APP_NAMESPACE=
ARGOCD_VERIFY_SSL=true
# Multi-instance Argo CD (optional). When set, takes precedence over the
# single-instance ARGOCD_* vars above. See docs/multi-instance-integrations.mdx.
# ARGOCD_INSTANCES='[{"name":"prod","base_url":"https://argocd.example.com","bearer_token":"***","project":"default"}]'
ARGOCD_INSTANCES=
# Helm 3 (read-only CLI — list/status/history/get values/get manifest)
# Requires OSRE_HELM_INTEGRATION=1 (or true/yes) to activate from env.
OSRE_HELM_INTEGRATION=
HELM_PATH=helm
HELM_KUBE_CONTEXT=
HELM_KUBECONFIG=
HELM_NAMESPACE=
# Optional: cap manifest size from helm get manifest (integer, min 1024; default 600000).
# HELM_MANIFEST_MAX_CHARS=
# Datadog
DD_API_KEY=
DD_APP_KEY=
DD_SITE=datadoghq.com
# Optional multi-instance override.
# DD_INSTANCES='[{"name":"prod","api_key":"...","app_key":"...","site":"datadoghq.com"}]'
DD_INSTANCES=
# Honeycomb
# `HONEYCOMB_DATASET` can be a dataset slug or `__all__`.
HONEYCOMB_API_KEY=
HONEYCOMB_DATASET=__all__
HONEYCOMB_API_URL=https://api.honeycomb.io
# Optional multi-instance override.
# HONEYCOMB_INSTANCES='[{"name":"prod","api_key":"...","dataset":"__all__"}]'
HONEYCOMB_INSTANCES=
# Coralogix
CORALOGIX_API_KEY=
CORALOGIX_API_URL=https://api.coralogix.com
CORALOGIX_APPLICATION_NAME=
CORALOGIX_SUBSYSTEM_NAME=
# Optional multi-instance override.
# CORALOGIX_INSTANCES='[{"name":"prod","api_key":"...","base_url":"https://api.coralogix.com"}]'
CORALOGIX_INSTANCES=
# SigNoz (Query API — logs, metrics, traces)
# Local Docker stack: http://localhost:8080 (see infra/scripts/signoz/)
# API key: Settings → Service Accounts → Keys
SIGNOZ_URL=
SIGNOZ_API_KEY=
# AWS
AWS_REGION=us-east-1
AWS_ROLE_ARN=
AWS_EXTERNAL_ID=
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_SESSION_TOKEN=
# Optional multi-instance override.
# AWS_INSTANCES='[
# {"name":"prod","tags":{"account":"prod"},"role_arn":"arn:aws:iam::111:role/opensre"}
# ]'
AWS_INSTANCES=
# GitHub MCP
GITHUB_MCP_URL=
GITHUB_MCP_MODE=streamable-http
GITHUB_MCP_COMMAND=
GITHUB_MCP_ARGS=
GITHUB_MCP_AUTH_TOKEN=
GITHUB_MCP_TOOLSETS=repos,issues,pull_requests,actions,search
# Optional: 5-500, default 50.
# OPENSRE_GITHUB_MCP_REPO_PROBE_LIMIT=
# Sentry
# Runtime error monitoring for OpenSRE itself uses the project Sentry DSN constant.
# Optional: override for operator-side DSN rotation without rebuilding.
# OPENSRE_SENTRY_DSN=
SENTRY_ERROR_SAMPLE_RATE=1.0
SENTRY_TRACES_SAMPLE_RATE=1.0
OPENSRE_SENTRY_DISABLED=0
OPENSRE_SENTRY_LOGGING_DISABLED=0
# Tag value attached to Sentry events to identify how this process is deployed.
# Common values: railway, ec2, vercel, local. Defaults to "local" when unset.
# OPENSRE_DEPLOYMENT_METHOD=local
# Interactive-shell prompt logging (for local eval mining + PostHog LLM analytics).
# Set OPENSRE_PROMPT_LOG_DISABLED=1 to disable prompt/response logging entirely.
OPENSRE_PROMPT_LOG_DISABLED=0
# Disable only local JSONL prompt log file.
OPENSRE_PROMPT_LOG_LOCAL_DISABLED=0
# Force prompt/response redaction before local or PostHog sinks.
OPENSRE_PROMPT_LOG_REDACT=0
# Optional override for local prompt log path (default ~/.config/opensre/prompt_log.jsonl).
# OPENSRE_PROMPT_LOG_PATH=
# Sentry investigation integration
SENTRY_URL=https://sentry.io
SENTRY_ORG_SLUG=
SENTRY_PROJECT_SLUG=
SENTRY_AUTH_TOKEN=
# Slack delivery and Slack-thread investigation context
SLACK_WEBHOOK_URL=
SLACK_BOT_TOKEN=
# --- Additional RCA integrations -------------------------------------------
# Alertmanager
ALERTMANAGER_URL=
ALERTMANAGER_BEARER_TOKEN=
ALERTMANAGER_USERNAME=
ALERTMANAGER_PASSWORD=
# MongoDB
MONGODB_CONNECTION_STRING=
MONGODB_DATABASE=
MONGODB_AUTH_SOURCE=admin
MONGODB_TLS=true
# MongoDB Atlas
MONGODB_ATLAS_PUBLIC_KEY=
MONGODB_ATLAS_PRIVATE_KEY=
MONGODB_ATLAS_PROJECT_ID=
MONGODB_ATLAS_BASE_URL=https://cloud.mongodb.com/api/atlas/v2
# PostgreSQL
POSTGRESQL_HOST=
POSTGRESQL_PORT=5432
POSTGRESQL_DATABASE=
POSTGRESQL_USERNAME=postgres
POSTGRESQL_PASSWORD=
POSTGRESQL_SSL_MODE=prefer
# MySQL
MYSQL_HOST=
MYSQL_PORT=3306
MYSQL_DATABASE=
MYSQL_USERNAME=root
MYSQL_PASSWORD=
MYSQL_SSL_MODE=preferred
# MariaDB
MARIADB_HOST=
MARIADB_PORT=3306
MARIADB_DATABASE=
MARIADB_USERNAME=
MARIADB_PASSWORD=
MARIADB_SSL=true
# RabbitMQ management API
RABBITMQ_HOST=
RABBITMQ_MANAGEMENT_PORT=15672
RABBITMQ_USERNAME=
RABBITMQ_PASSWORD=
RABBITMQ_VHOST=/
RABBITMQ_SSL=false
RABBITMQ_VERIFY_SSL=true
# Better Stack Telemetry
BETTERSTACK_QUERY_ENDPOINT=
BETTERSTACK_USERNAME=
BETTERSTACK_PASSWORD=
BETTERSTACK_SOURCES=
# Kafka
KAFKA_BOOTSTRAP_SERVERS=
KAFKA_SECURITY_PROTOCOL=PLAINTEXT
KAFKA_SASL_MECHANISM=
KAFKA_SASL_USERNAME=
KAFKA_SASL_PASSWORD=
# ClickHouse
CLICKHOUSE_HOST=
CLICKHOUSE_PORT=8123
CLICKHOUSE_DATABASE=default
CLICKHOUSE_USER=default
CLICKHOUSE_PASSWORD=
CLICKHOUSE_SECURE=false
# Bitbucket
BITBUCKET_WORKSPACE=
BITBUCKET_USERNAME=
BITBUCKET_APP_PASSWORD=
# GitLab
GITLAB_BASE_URL=https://gitlab.com/api/v4
GITLAB_MR_WRITEBACK=false
GITLAB_MR_IID=
GITLAB_ACCESS_TOKEN=
GITLAB_PROJECT_ID=
GITLAB_REPO_URL=
# Jira
JIRA_BASE_URL=
JIRA_EMAIL=
JIRA_API_TOKEN=
JIRA_PROJECT_KEY=
# OpsGenie
OPSGENIE_API_KEY=
OPSGENIE_REGION=us
# incident.io
INCIDENT_IO_API_KEY=
INCIDENT_IO_BASE_URL=
# Vercel
VERCEL_API_TOKEN=
VERCEL_TEAM_ID=
# PostHog
POSTHOG_PROJECT_ID=
POSTHOG_PERSONAL_API_KEY=
POSTHOG_BASE_URL=https://us.i.posthog.com
POSTHOG_TIMEOUT_SECONDS=15.0
POSTHOG_BOUNCE_THRESHOLD=0.6
POSTHOG_BOUNCE_WINDOW=24h
# Google Docs export
GOOGLE_CREDENTIALS_FILE=
GOOGLE_DRIVE_FOLDER_ID=
# OpenClaw MCP
OPENCLAW_MCP_MODE=stdio
OPENCLAW_MCP_URL=
OPENCLAW_MCP_COMMAND=openclaw
OPENCLAW_MCP_ARGS=mcp serve
OPENCLAW_MCP_AUTH_TOKEN=
# Discord
DISCORD_BOT_TOKEN=
DISCORD_APPLICATION_ID=
DISCORD_PUBLIC_KEY=
DISCORD_DEFAULT_CHANNEL_ID=
# Telegram
TELEGRAM_BOT_TOKEN=
TELEGRAM_DEFAULT_CHAT_ID=
# WhatsApp (Twilio)
TWILIO_ACCOUNT_SID=
TWILIO_AUTH_TOKEN=
TWILIO_WHATSAPP_FROM=
WHATSAPP_DEFAULT_TO=
# Twilio SMS — shares TWILIO_ACCOUNT_SID / TWILIO_AUTH_TOKEN from the block
# above (do NOT re-declare them; dotenv keeps only the first occurrence).
# Set either TWILIO_SMS_FROM (E.164 number) or TWILIO_SMS_MESSAGING_SERVICE_SID.
TWILIO_SMS_FROM=
# TWILIO_SMS_MESSAGING_SERVICE_SID=
TWILIO_SMS_DEFAULT_TO=
# --- Web app / hosted runtime only -----------------------------------------
# Required only when using the Tracer web app / hosted integration path.
JWT_TOKEN=
TRACER_API_URL=
# Remote server API key for `opensre remote ...` and hosted agent access.
OPENSRE_API_KEY=
# --- Deployment / runtime ---------------------------------------------------
# Required for hosted OpenSRE runtimes that need persistent storage.
DATABASE_URI=
REDIS_URI=
ENV=development
# Reversible masking before external LLM calls. Off by default.
OPENSRE_MASK_ENABLED=false
# Comma-separated kinds to mask. Empty = project defaults.
OPENSRE_MASK_KINDS=
# Example: '{"jira_key": "\\b[A-Z]+-\\d+\\b"}'
OPENSRE_MASK_EXTRA_REGEX=