Environment variable index
A consolidated catalogue of environment variables consumed by Delphi services. Each row carries a source badge (where the value comes from) and an optional scope badge.
Source legend
env— set in.envfiles or compose; the canonical local override.SSM— AWS SSM Parameter Store; expanded into env at boot.Secrets Manager— AWS Secrets Manager; expanded into env or files at boot.Code default— value baked in code if nothing overrides it.TelWeb · Team/TelWeb · Admin/TelWeb · Platform— DB-backed setting changed via TelWeb UI.DB row—PlatformSettingor domain table (not exposed in TelWeb UI).Redis (runtime)— ephemeral runtime cache.
Voice and SIP
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
JANUS_WS_PORT | env | all | 8188 (local) / 443 (prod) | Janus WebSocket port; required for WebRTC bridging. |
TELPHI_MEDIA_HOST | env | all | host.docker.internal / TelPhi private IP | TelSys → TelPhi media plane host. |
TELPHI_MEDIA_PORT | env | all | 12001 | TelSys → TelPhi media plane port. |
TELPHI_MEDIA_SCHEME | env | all | ws | Scheme for TelPhi media WebSocket. |
TELPHI_MEDIA_PATH | env | all | /media | Path for TelPhi media WebSocket. |
RTPENGINE_HOST | env | all | 10.30.0.10 (local) | RTPEngine control endpoint. |
RTPENGINE_NG_PORT | env | all | 22222 | RTPEngine ng control port. |
KAMAILIO_SIP_DOMAIN | SSM | prod | — | Public SIP domain Kamailio serves. |
REFER_TARGET_HOST | env | all | — | Kamailio REFER_SBC_HOST (TelPro). Defaults to DOMAIN_TELPRO. Align with TelPhi transfer REFER configuration. |
COTURN_SHARED_SECRET | Secrets Manager | prod | — | Shared secret for TURN credentials. |
SIP_100REL_MODE | env | all | off | TelSys PJSIP 100rel mode: off (default) | peer_supported | yes | required — PRACK / reliable provisional responses toward TelPro. Synonyms accepted (e.g. no→off, on→yes). See Voice operations. |
VAIASTERISKCONSOLELOGFORMAT | env | all | json | TelSys/Asterisk console log format. Use json for structured logging and log-to-span parsing; default/plain text is mainly for ad-hoc troubleshooting. |
TELSYS_LOG_LEVEL | env | all | info | Pino-aligned TelSys/Asterisk log level: trace | debug | info | warn | error | fatal. SIP capture remains available independently. |
TELPRO_LOG_LEVEL | env | all | LOG_LEVEL | Pino-aligned TelPro/Kamailio log level. Replaces generated DEBUG_LEVEL overrides. |
RTPENGINE_LOG_LEVEL | env | all | LOG_LEVEL | Pino-aligned RTPEngine log level, mapped to RTPEngine syslog verbosity. Replaces RTP_LOG_LEVEL. |
WEBRTC_LOG_LEVEL | env | all | LOG_LEVEL | Pino-aligned Janus WebRTC log level, mapped to Janus verbosity. Replaces JANUS_*LOG_LEVEL overrides. |
SIP_CAPTURE_ENABLE_PJSIP_LOGGER | env | all | 1 | Enables detailed TelSys PJSIP SIP message logging for SIP ladder and log-to-span diagnostics. |
Database and Redis
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
DATABASE_URL | Secrets Manager | all | — | Postgres connection string. Keep `ssl*` query params out of the URL; TLS policy comes from `DATABASE_SSL_MODE` and the CA file (see [Internal encryption](https://docs.delphi.ki-kombinat.com/platform/security/internal-encryption)). |
DATABASE_SSL_MODE | SSM | all | disable (local) | Client SSL policy: `disable` | `require` | `verify-ca` | `verify-full`. |
DATABASE_SSL_CA_BUNDLE_B64 | Secrets Manager | prod | — | Base64 PEM CA bundle for Postgres TLS verification; decoded to `./tls/database-ca.crt` and mounted at `/etc/ssl/database/ca.crt`. Use the CA that signs PgBouncer’s cert (or the RDS/Aurora global CA when connecting straight to AWS). |
DATABASE_SSL_CA_FILE | env | all | /etc/ssl/database/ca.crt | In-container path to the decoded Postgres CA bundle. |
MIGRATION_DATABASE_URL | Secrets Manager | prod | — | Privileged direct Postgres URL for the Ops db-migrate one-shot only (DDL / migrations / delphi-setup). Separate from runtime DATABASE_URL. See Database credentials. |
DATABASE_SECRET_ARN | env | prod | — | Optional Secrets Manager ARN for runtime DB credential refresh on long-running Node services (day-2 rotation of the CRUD user, not the migration user). See Database credentials. |
DATABASE_SECRET_REGION | env | prod | AWS_REGION | AWS region for DATABASE_SECRET_ARN when it differs from the deployment region. |
REDIS_URL | Secrets Manager | all | — | Redis connection string; rediss:// when TLS is enabled. |
REDIS_TLS_CA_BUNDLE_B64 | Secrets Manager | prod | — | Base64 PEM CA bundle for Redis TLS; decoded to `./tls/redis-ca.crt` and mounted at `/etc/ssl/redis/ca.crt`. Often empty when relying on the system trust store (e.g. ElastiCache). |
REDIS_TLS_CA_FILE | env | all | /etc/ssl/redis/ca.crt | In-container path to the decoded Redis CA bundle. |
AWS and infrastructure
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
AWS_REGION | env | all | eu-central-1 | AWS region for SSM / Secrets Manager / S3 calls. |
ENVIRONMENT | env | all | delphi | Deployment identifier used for generated config, instance labels, and default team Secrets Manager paths. |
NEXT_PUBLIC_ENVIRONMENT | env | all | ENVIRONMENT | Client-visible deployment identifier used by TelWeb. Keep it equal to ENVIRONMENT for team variable paths. |
HTTP_PROXY | env | prod | — | Forward proxy for outbound HTTP, including AWS and LLM provider paths. |
HTTPS_PROXY | env | prod | — | Forward proxy for outbound HTTPS. |
NO_PROXY | env | prod | — | Hosts to bypass the proxy. |
SSM_PARAM_PREFIX | env | all | /delphi/<env>/ | Prefix under which Delphi SSM params live. |
S3_CONFIG_BUCKET | env | prod | — | S3 bucket where the deployment config bundles live; consumed by fetch-config on every host. Bundles include `.config-manifest.json` for checksum verification. |
CONFIG_BASE_PATH | env | prod | /opt/services | Optional base path used by fetch-config when promoting verified config bundles on a host. |
Observability
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
OTEL_EXPORTER_OTLP_ENDPOINT | env | all | 10.0.1.10:4317 (prod) | OTLP collector endpoint. |
OTEL_SERVICE_NAME | env | all | — | Service identifier in spans / logs. |
OTEL_ENABLED | env | web | true | Enables TelWeb OpenTelemetry instrumentation in generated Web service config. |
SIGNOZ_URL | env | all | https://signoz.<env>.delphi/ | URL TelWeb queries for the Debug tab. |
SIGNOZ_API_TOKEN | Secrets Manager | prod | — | API token for SigNoz Logs / Traces queries. |
SIGNOZ_OTLP_ENDPOINT | env | dev | — | Optional OTLP endpoint override for local or tunneled SigNoz collection. |
LOG_TO_SPAN_OTLP_ENDPOINT | env | all | localhost:4318 | OTLP HTTP endpoint used by the TelPro log-to-span sidecar to send SIP ladder spans through the local collector. |
LOG_TO_SPAN_EXPORT_LOGS | env | all | false | When true, exports parsed SIP capture logs as OTLP logs in addition to spans. Keep false unless the collector/parser path is sized for the volume. |
ENABLE_PII_LOGGING | env | all | false | When not true, enables PII redaction: OTel collector transform/pii (and transform/pii_traces on Voice) scrubs logs/traces before SigNoz export; TelPhi redacts transcript + caller number on DB persist; TelAPI redacts browser-action transcripts. SIP ladder logs (event=sip_message) stay unmasked. Does not control transcript retention — full text is still written to S3 when app Recording is on. Production: keep false except short support sessions. Staging/dev: may set true for debugging. See Monitoring in SigNoz — PII redaction and Conversations — Recording and transcript retention. |
MSISDN_UNMASKED_DIGITS | env | all | 4 | Trailing phone-number digits kept when masking MSISDNs in collector logs/traces, TelPhi DB writes, and callerNumber attributes (for example ***3456). Must match on voiceai-telphi, telapi, and voiceai-otel-collector on each host. |
Service log levels
All values use the Pino labels trace, debug, info, warn, error, and fatal. Service-specific variables override the global LOG_LEVEL for that service.
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
LOG_LEVEL | env | all | info | Global fallback log level when a service-specific override is unset. |
TELPHI_LOG_LEVEL | env | voice | LOG_LEVEL | TelPhi conversation engine log level. |
TELAPI_LOG_LEVEL | env | api | LOG_LEVEL | TelAPI HTTP/WebSocket service log level. |
TELWEB_LOG_LEVEL | env | web | LOG_LEVEL | TelWeb server-side log level. |
TASKER_LOG_LEVEL | env | ops | LOG_LEVEL | Tasker worker and scheduler log level. |
SCALER_LOG_LEVEL | env | ops | LOG_LEVEL | Scaler decision-loop log level. |
AUDIOPROC_LOG_LEVEL | env | voice | LOG_LEVEL | AudioProc log level. Pino labels are mapped to Python logging levels. |
Feature flags
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
FEATURE_AI_FLOW_BUILDER | env | all | true | AI Flow Builder UI + runtime. |
FEATURE_QA_SCORING | env | all | true | QA scoring jobs and tab. |
FEATURE_AUDIO_PREPROCESSING | env | all | true | AudioProc container in the voice stack. |
FEATURE_TTS_MEDIA_CACHE | env | all | true | TTS cache lookups and writes. |
FEATURE_REGISTRATION | env | all | false | Public registration flow. |
FEATURE_SUBSCRIPTIONS | env | all | false | Subscription / billing guards. |
FEATURE_SMS | env | all | false | SMS dispatch (Vonage). |
FEATURE_WEBRTC | env | all | true | Janus + TURN WebRTC stack. When false, browser SDK session/runtime/endpoint TelAPI surfaces are not registered. |
FEATURE_API_ACCESS | env | all | true | External REST/SDK access and related TelWeb API surfaces. When false, deployments keep health/webhooks but hide API keys, API Server Config, and SDK session/runtime routes. |
FEATURE_ADDITIONAL_PROVIDERS | env | all | true | Additional provider catalogue entries beyond the core set, including Gemini Live, Inworld, Grok, Pythia, and TOBi where available. |
FEATURE_SUBSCRIPTION_MANAGEMENT | env | all | false | Self-service subscription UI, custom deals, and related billing administration surfaces. |
FEATURE_ALGOLIA_ASK_AI | env | all | false | Optional TelWeb Ask AI docs assistant. |
TelWeb public UI
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
LEGAL_BANNER_HTML | env | all | — | Trusted operator-provided HTML shown as a legal notice on unauthenticated/public TelWeb pages. Takes precedence over LEGAL_BANNER_TEXT. |
LEGAL_BANNER_TEXT | env | all | — | Plain-text legal notice shown on unauthenticated/public TelWeb pages when LEGAL_BANNER_HTML is unset. |
Sessions and passwords
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
SESSION_TIMEOUT | env | all | 1800000 | Main session timeout used for server cookies and client idle logout. |
MAX_CONCURRENT_SESSIONS | env | all | 2 in prod; unlimited outside prod | Maximum active sessions allowed for one user. Positive integers set a cap; 0 or negative disables the cap. Verify the Web bundle exposes this var before overriding. |
SESSION_HEARTBEAT_TTL | env | all | SESSION_TIMEOUT | TTL in milliseconds for session heartbeat records used by concurrent-session enforcement. Must stay between 60000 and SESSION_TIMEOUT. |
LOGIN_MAX_ATTEMPTS_CREDENTIALS | env | all | 5 | Failed credentials-login attempts before an account is locked. Set to 3 to enforce a three-attempt policy; verify the Web bundle exposes this var before overriding. |
LOGIN_LOCKOUT_MINUTES_CREDENTIALS | env | all | 30 | Credentials-login counting window and displayed lockout duration. Locked accounts stay locked until reset-password unlocks them. |
LOGIN_MAX_ATTEMPTS_AZURE_AD | env | all | 10 | Failed Microsoft Entra ID attempts before an account is locked when that provider is enabled. |
LOGIN_LOCKOUT_MINUTES_AZURE_AD | env | all | 60 | Microsoft Entra ID lockout window reported to users and audit events. |
PASSWORD_MAX_AGE_DAYS | env | all | 90 | Password age after which users must change their password. Set on TelWeb and Tasker (must match). |
PASSWORD_WARNING_DAYS | env | all | 10 | Days before password expiry when users see warnings and Tasker sends reminder emails. Set on TelWeb and Tasker (must match). |
Scaling and background jobs
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
SCALING_EVALUATION_INTERVAL_MS | env | all | 30000 | How often the Scaler leader evaluates API and Voice scaling rules. |
SCALING_DRAIN_TIMEOUT_MS | env | all | 3600000 | Maximum time in milliseconds a Voice instance may drain active calls during scale-down. |
SCALING_MAX_PARALLEL_BELOW_MIN_SCALE_UPS | env | all | 8 | Maximum replacement instances the Scaler may provision in one evaluation when a group is below minInstances. |
AUDIT_LOG_RETENTION_DAYS | env | all | 180 | Days of AuditLog rows retained by the Tasker audit-log cleanup cron. Must be a positive integer. |
Billing
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
STRIPE_SECRET_KEY | Secrets Manager | prod | — | Stripe API key for checkout / subscriptions. |
STRIPE_WEBHOOK_SECRET | Secrets Manager | prod | — | Verifies inbound Stripe webhook signatures. |
BILLING_DEFAULT_PLAN | TelWeb · Platform | all | — | Default plan assigned on registration; mutable in TelWeb. |
Removed or deprecated
v0.9.14-patch3
| Variable | Replaced in generated configs | Replacement |
|---|---|---|
DEBUG_LEVEL | TelPro / Kamailio | TELPRO_LOG_LEVEL |
RTP_LOG_LEVEL | RTPEngine | RTPENGINE_LOG_LEVEL |
JANUS_LOG_LEVEL | Janus WebRTC | WEBRTC_LOG_LEVEL |
JANUS_DEBUG_LEVEL | Janus WebRTC | WEBRTC_LOG_LEVEL |
JANUS_JSON_LOG_LEVEL | Janus WebRTC | WEBRTC_LOG_LEVEL |
The lower-level variables may still appear in container internals, but generated service configuration now takes the Pino-aligned service variables above.
v0.9.13-patch3
| Variable | Removed from | Replacement |
|---|---|---|
RATE_LIMIT_MAX | TelAPI | Admin Settings → API Server Config → API Rate Limit Max |
RATE_LIMIT_WINDOW_MS | TelAPI | Admin Settings → API Server Config → API Rate Limit Window (ms) |
TelAPI also dropped the rateLimitPerApiKey database flag — limits are always per client IP by route tier.