Ctrl AI

Environment Variables

Complete reference for all Ctrl AI environment variables.

Required

VariableDescription
DATABASE_URLPostgreSQL connection string
AUTH_SECRETRandom secret for session signing. Generate with openssl rand -hex 32

LLM Providers

At least one LLM provider key is required.

VariableDescription
GEMINI_API_KEYGoogle Gemini API key (default for parse/evaluate/prose roles)
ANTHROPIC_API_KEYAnthropic Claude API key (default for unit generation)
OPENAI_API_KEYOpenAI API key (optional)
OPENROUTER_API_KEYOpenRouter API key (access all models via single key)

Self-Hosted LLM Override

VariableDefaultDescription
LLM_PROVIDERgeminiLLM backend: gemini, openai, ollama
LLM_BASE_URLBase URL for OpenAI-compatible or Ollama endpoint
LLM_API_KEYAPI key for OpenAI-compatible provider
LLM_MODELModel name override (e.g., llama3, gpt-4o)

Authentication Providers

VariableDescription
AUTH_GITHUB_IDGitHub OAuth app client ID
AUTH_GITHUB_SECRETGitHub OAuth app client secret
AUTH_GOOGLE_IDGoogle OAuth client ID
AUTH_GOOGLE_SECRETGoogle OAuth client secret
AUTH_LINKEDIN_IDLinkedIn OAuth client ID
AUTH_LINKEDIN_SECRETLinkedIn OAuth client secret
AUTH_RESEND_KEYResend API key for email magic links

Enterprise SSO

VariableDescription
SSO_ISSUER_URLOIDC issuer URL (Okta, Azure AD, Google Workspace)
SSO_CLIENT_IDOIDC client ID
SSO_CLIENT_SECRETOIDC client secret

Email (optional)

VariableDefaultDescription
RESEND_API_KEYResend API key for transactional email
SMTP_HOSTSMTP server hostname (alternative to Resend)
SMTP_PORT587SMTP server port
SMTP_USERSMTP username
SMTP_PASSSMTP password
SMTP_FROMCtrl AI <noreply@ctrlai.local>Sender address

Security (optional)

VariableDescription
ENCRYPTION_KEYAES-256-GCM key for encrypting PII/PHI at rest

Infrastructure (optional)

VariableDescription
UPSTASH_REDIS_REST_URLUpstash Redis URL for rate limiting
UPSTASH_REDIS_REST_TOKENUpstash Redis auth token
CRON_SECRETShared secret for internal cron HTTP calls

Billing (optional)

VariableDescription
STRIPE_SECRET_KEYStripe secret key
STRIPE_WEBHOOK_SECRETStripe webhook signing secret

Storage (optional)

VariableDefaultDescription
S3_ENDPOINTCloudflare R2Custom S3-compatible endpoint
S3_PUBLIC_URLhttps://cdn.ctrlai.comPublic URL for uploaded files
R2_ACCOUNT_IDCloudflare R2 account ID
R2_ACCESS_KEY_IDS3-compatible access key
R2_SECRET_ACCESS_KEYS3-compatible secret key
R2_BUCKET_NAMEctrlaiStorage bucket name

Self-Hosted Deployment

Deploy Ctrl AI on your own infrastructure with Docker.

LLM Configuration

Configure AI model providers, BYOK, and role-based model selection.

On this page

RequiredLLM ProvidersSelf-Hosted LLM OverrideAuthentication ProvidersEnterprise SSOEmail (optional)Security (optional)Infrastructure (optional)Billing (optional)Storage (optional)