Environment variable index
A consolidated catalogue of environment variables consumed by Delphi services. Each row carries a source badge (where the value comes from) and an optional scope badge.
Source legend
env— set in.envfiles or compose; the canonical local override.SSM— AWS SSM Parameter Store; expanded into env at boot.Secrets Manager— AWS Secrets Manager; expanded into env or files at boot.Code default— value baked in code if nothing overrides it.TelWeb · Team/TelWeb · Admin/TelWeb · Platform— DB-backed setting changed via TelWeb UI.DB row—PlatformSettingor domain table (not exposed in TelWeb UI).Redis (runtime)— ephemeral runtime cache.
Voice and SIP
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
JANUS_WS_PORT | env | all | 8188 (local) / 443 (prod) | Janus WebSocket port; required for WebRTC bridging. |
TELPHI_MEDIA_HOST | env | all | host.docker.internal / TelPhi private IP | TelSys → TelPhi media plane host. |
TELPHI_MEDIA_PORT | env | all | 12001 | TelSys → TelPhi media plane port. |
TELPHI_MEDIA_SCHEME | env | all | ws | Scheme for TelPhi media WebSocket. |
TELPHI_MEDIA_PATH | env | all | /media | Path for TelPhi media WebSocket. |
RTPENGINE_HOST | env | all | 10.30.0.10 (local) | RTPEngine control endpoint. |
RTPENGINE_NG_PORT | env | all | 22222 | RTPEngine ng control port. |
KAMAILIO_SIP_DOMAIN | SSM | prod | — | Public SIP domain Kamailio serves. |
REFER_TARGET_HOST | env | all | — | Kamailio REFER_SBC_HOST (TelPro). Defaults to DOMAIN_TELPRO. Align with TelPhi transfer REFER configuration. |
COTURN_SHARED_SECRET | Secrets Manager | prod | — | Shared secret for TURN credentials. |
SIP_100REL_MODE | env | all | off | TelSys PJSIP 100rel mode: off (default) | peer_supported | yes | required — PRACK / reliable provisional responses toward TelPro. Synonyms accepted (e.g. no→off, on→yes). See Voice operations. |
SIP_CAPTURE_ENABLE_PJSIP_LOGGER | env | all | 1 | Enables detailed TelSys PJSIP SIP message logging for SIP ladder and log-to-span diagnostics. |
Database and Redis
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
DATABASE_URL | Secrets Manager | all | — | Postgres connection string. Keep `ssl*` query params out of the URL; TLS policy comes from `DATABASE_SSL_MODE` and the CA file (see [Internal encryption](/platform/security/internal-encryption)). |
DATABASE_SSL_MODE | SSM | all | disable (local) | Client SSL policy: `disable` | `require` | `verify-ca` | `verify-full`. |
DATABASE_SSL_CA_BUNDLE_B64 | Secrets Manager | prod | — | Base64 PEM CA bundle for Postgres TLS verification; decoded to `./tls/database-ca.crt` and mounted at `/etc/ssl/database/ca.crt`. Use the CA that signs PgBouncer’s cert (or the RDS/Aurora global CA when connecting straight to AWS). |
DATABASE_SSL_CA_FILE | env | all | /etc/ssl/database/ca.crt | In-container path to the decoded Postgres CA bundle. |
MIGRATION_DATABASE_URL | Secrets Manager | prod | — | Privileged direct Postgres connection used only by the one-shot voiceai-db-migrate container. |
DATABASE_SECRET_ARN | env | prod | — | Optional AWS Secrets Manager secret ARN for runtime database credential refresh. |
DATABASE_SECRET_REGION | env | prod | AWS_REGION | AWS region for DATABASE_SECRET_ARN when it differs from the deployment region. |
REDIS_URL | Secrets Manager | all | — | Redis connection string; rediss:// when TLS is enabled. |
REDIS_TLS_CA_BUNDLE_B64 | Secrets Manager | prod | — | Base64 PEM CA bundle for Redis TLS; decoded to `./tls/redis-ca.crt` and mounted at `/etc/ssl/redis/ca.crt`. Often empty when relying on the system trust store (e.g. ElastiCache). |
REDIS_TLS_CA_FILE | env | all | /etc/ssl/redis/ca.crt | In-container path to the decoded Redis CA bundle. |
AWS and infrastructure
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
AWS_REGION | env | all | eu-central-1 | AWS region for SSM / Secrets Manager / S3 calls. |
HTTP_PROXY | env | prod | — | Forward proxy for outbound HTTP, including AWS and LLM provider paths. |
HTTPS_PROXY | env | prod | — | Forward proxy for outbound HTTPS. |
NO_PROXY | env | prod | — | Hosts to bypass the proxy. |
SSM_PARAM_PREFIX | env | all | /delphi/<env>/ | Prefix under which Delphi SSM params live. |
S3_CONFIG_BUCKET | env | prod | — | S3 bucket where the deployment config bundles live; consumed by fetch-config on every host. |
Observability
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
OTEL_EXPORTER_OTLP_ENDPOINT | env | all | 10.0.1.10:4317 (prod) | OTLP collector endpoint. |
OTEL_SERVICE_NAME | env | all | — | Service identifier in spans / logs. |
SIGNOZ_URL | env | all | https://signoz.<env>.delphi/ | URL TelWeb queries for the Debug tab. |
SIGNOZ_API_TOKEN | Secrets Manager | prod | — | API token for SigNoz Logs / Traces queries. |
SIGNOZ_OTLP_ENDPOINT | env | dev | — | Optional OTLP endpoint override for local or tunneled SigNoz collection. |
ENABLE_PII_LOGGING | env | all | false | When not true, enables PII redaction: OTel collector transform/pii (and transform/pii_traces on Voice) scrubs logs/traces before SigNoz export; TelPhi redacts transcript + caller number on DB persist; TelAPI redacts browser-action transcripts. SIP ladder logs (event=sip_message) stay unmasked. Production: keep false except short support sessions. Staging/dev: may set true for debugging. See Monitoring in SigNoz — PII redaction. |
MSISDN_UNMASKED_DIGITS | env | all | 4 | Trailing phone-number digits kept when masking MSISDNs in collector logs/traces, TelPhi DB writes, and callerNumber attributes (for example ***3456). Must match on voiceai-telphi, telapi, and voiceai-otel-collector on each host. |
Feature flags
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
FEATURE_AI_FLOW_BUILDER | env | all | true | AI Flow Builder UI + runtime. |
FEATURE_QA_SCORING | env | all | true | QA scoring jobs and tab. |
FEATURE_AUDIO_PREPROCESSING | env | all | true | AudioProc container in the voice stack. |
FEATURE_TTS_MEDIA_CACHE | env | all | true | TTS cache lookups and writes. |
FEATURE_REGISTRATION | env | all | false | Public registration flow. |
FEATURE_SUBSCRIPTIONS | env | all | false | Subscription / billing guards. |
FEATURE_SMS | env | all | false | SMS dispatch (Vonage). |
FEATURE_WEBRTC | env | all | true | Janus + TURN WebRTC stack. When false, browser SDK session/runtime/endpoint TelAPI surfaces are not registered. |
FEATURE_API_ACCESS | env | all | true | External API key access. |
FEATURE_ADDITIONAL_PROVIDERS | env | all | true | Non-default AI providers (Azure, Pythia, TOBi). |
FEATURE_SUBSCRIPTION_MANAGEMENT | env | all | false | Self-service subscription UI. |
FEATURE_ALGOLIA_ASK_AI | env | all | false | Optional TelWeb Ask AI docs assistant. |
TelWeb public UI
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
LEGAL_BANNER_HTML | env | all | — | Trusted operator-provided HTML shown as a legal notice on unauthenticated/public TelWeb pages. Takes precedence over LEGAL_BANNER_TEXT. |
LEGAL_BANNER_TEXT | env | all | — | Plain-text legal notice shown on unauthenticated/public TelWeb pages when LEGAL_BANNER_HTML is unset. |
Sessions and passwords
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
SESSION_TIMEOUT | env | all | 1800000 | Main session timeout used for server cookies and client idle logout. |
MAX_CONCURRENT_SESSIONS | env | all | 2 in prod; unlimited outside prod | Maximum active sessions allowed for one user. Positive integers set a cap; 0 or negative disables the cap. Verify the Web bundle exposes this var before overriding. |
SESSION_HEARTBEAT_TTL | env | all | SESSION_TIMEOUT | TTL in milliseconds for session heartbeat records used by concurrent-session enforcement. Must stay between 60000 and SESSION_TIMEOUT. |
LOGIN_MAX_ATTEMPTS_CREDENTIALS | env | all | 5 | Failed credentials-login attempts before an account is locked. Set to 3 to enforce a three-attempt policy; verify the Web bundle exposes this var before overriding. |
LOGIN_LOCKOUT_MINUTES_CREDENTIALS | env | all | 30 | Credentials-login counting window and displayed lockout duration. Locked accounts stay locked until reset-password unlocks them. |
LOGIN_MAX_ATTEMPTS_AZURE_AD | env | all | 10 | Failed Microsoft Entra ID attempts before an account is locked when that provider is enabled. |
LOGIN_LOCKOUT_MINUTES_AZURE_AD | env | all | 60 | Microsoft Entra ID lockout window reported to users and audit events. |
PASSWORD_MAX_AGE_DAYS | env | all | 90 | Password age after which users must change their password. Set on TelWeb and Tasker (must match). |
PASSWORD_WARNING_DAYS | env | all | 10 | Days before password expiry when users see warnings and Tasker sends reminder emails. Set on TelWeb and Tasker (must match). |
Billing
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
STRIPE_SECRET_KEY | Secrets Manager | prod | — | Stripe API key for checkout / subscriptions. |
STRIPE_WEBHOOK_SECRET | Secrets Manager | prod | — | Verifies inbound Stripe webhook signatures. |
BILLING_DEFAULT_PLAN | TelWeb · Platform | all | — | Default plan assigned on registration; mutable in TelWeb. |
Removed or deprecated (v0.9.13-patch3)
| Variable | Removed from | Replacement |
|---|---|---|
RATE_LIMIT_MAX | TelAPI | Admin Settings → API Server Config → API Rate Limit Max |
RATE_LIMIT_WINDOW_MS | TelAPI | Admin Settings → API Server Config → API Rate Limit Window (ms) |
TelAPI also dropped the rateLimitPerApiKey database flag — limits are always per client IP by route tier.