Skip to main content
All Cognisafe services are configured exclusively via environment variables. No config files need to be edited.

api (FastAPI backend)

VariableRequiredDescription
POSTGRES_URLYesasyncpg connection string. Format: postgresql+asyncpg://user:password@host:5432/dbname
REDIS_URLYesRedis connection string. Format: redis://host:6379
STRIPE_SECRET_KEYYesStripe secret API key (sk_live_... or sk_test_...)
STRIPE_WEBHOOK_SECRETYesStripe webhook signing secret (whsec_...). Required for billing webhooks to be accepted.
STRIPE_PRICE_PROYesStripe Price ID for the Pro tier ($49/mo). Format: price_...
STRIPE_PRICE_TEAMYesStripe Price ID for the Team tier ($199/mo). Format: price_...
INTERNAL_API_SECRETYesA long random secret shared between the api and web services. Used to authenticate internal server-to-server calls. Generate with openssl rand -hex 32.

proxy (Go reverse proxy)

VariableRequiredDescription
UPSTREAM_URLYesThe LLM provider to forward requests to. Default: https://api.openai.com. Change for Mistral (https://api.mistral.ai), Azure, or Ollama.
API_BACKEND_URLYesURL of the api service. The proxy POSTs logs here. Example: http://api:8000 (Docker) or https://api.cognisafe.uk (Railway).
PROXY_API_KEYYesThe API key that clients must send to authenticate with the proxy. Must match a valid Cognisafe project API key.

web (Next.js dashboard)

VariableRequiredDescription
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEYYesClerk publishable key for client-side auth (pk_live_...). Embedded in the browser bundle.
CLERK_SECRET_KEYYesClerk secret key for server-side auth (sk_live_...). Never exposed to the browser.
INTERNAL_API_SECRETYesSame value as the api service. Used by Next.js server-side routes to authenticate calls to the FastAPI backend.
API_URLYesServer-side URL of the api service. Used by Next.js server components and API routes. Example: http://api:8000 (Docker) or https://api.cognisafe.uk (Railway).
NEXT_PUBLIC_API_URLYesClient-side URL of the api service. Embedded in the browser bundle — must be publicly accessible. Example: https://api.cognisafe.uk.

safety_worker (PyRIT scoring worker)

VariableRequiredDescription
POSTGRES_URLYesSame connection string as the api service. The worker writes scored results directly to PostgreSQL.
REDIS_URLYesSame connection string as the api service. The worker reads jobs from the safety_score_jobs queue.
OPENAI_API_KEYNoOpenAI API key used by PyRIT to run LLM-based scorers. If not set, all requests fall back to score_label: "unscored".
SCORER_MODELNoThe OpenAI model used by PyRIT for scoring. Default: gpt-4o-mini. Override to use a different model, e.g., gpt-4o.

Docker Compose shared variables

When using infra/docker-compose.yml, these variables are set in .env at the repo root and shared across services via env_file:
VariableDefaultDescription
POSTGRES_URLpostgresql+asyncpg://postgres:postgres@postgres:5432/cognisafeOverridden per service if needed
REDIS_URLredis://redis:6379
In Docker Compose, service hostnames resolve to container names (e.g., postgres, redis, api). In Railway or Kubernetes, use the actual service URLs provided by your infrastructure.

Generating secrets

# Generate INTERNAL_API_SECRET
openssl rand -hex 32

# Generate a PROXY_API_KEY (if not using the dashboard)
python -c "import secrets; print('csk_' + secrets.token_hex(24))"