Environment variable index
A consolidated catalogue of environment variables consumed by Delphi services. Each row carries a source badge (where the value comes from) and an optional scope badge.
Source legend
env— set in.envfiles or compose; the canonical local override.SSM— AWS SSM Parameter Store; expanded into env at boot.Secrets Manager— AWS Secrets Manager; expanded into env or files at boot.Code default— value baked in code if nothing overrides it.TelWeb · Team/TelWeb · Admin/TelWeb · Platform— DB-backed setting changed via TelWeb UI.DB row—PlatformSettingor domain table (not exposed in TelWeb UI).Redis (runtime)— ephemeral runtime cache.
Voice and SIP
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
JANUS_WS_PORT | env | all | 8188 (local) / 443 (prod) | Janus WebSocket port; required for WebRTC bridging. |
TELPHI_MEDIA_HOST | env | all | host.docker.internal / TelPhi private IP | TelSys → TelPhi media plane host. |
TELPHI_MEDIA_PORT | env | all | 12001 | TelSys → TelPhi media plane port. |
TELPHI_MEDIA_SCHEME | env | all | ws | Scheme for TelPhi media WebSocket. |
TELPHI_MEDIA_PATH | env | all | /media | Path for TelPhi media WebSocket. |
RTPENGINE_HOST | env | all | 10.30.0.10 (local) | RTPEngine control endpoint. |
RTPENGINE_NG_PORT | env | all | 22222 | RTPEngine ng control port. |
KAMAILIO_SIP_DOMAIN | SSM | prod | — | Public SIP domain Kamailio serves. |
COTURN_SHARED_SECRET | Secrets Manager | prod | — | Shared secret for TURN credentials. |
Database and Redis
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
DATABASE_URL | Secrets Manager | all | — | Postgres connection string. Keep `ssl*` query params out of the URL; TLS policy comes from `DATABASE_SSL_MODE` and the CA file (see [Internal encryption](/platform/security/internal-encryption)). |
DATABASE_SSL_MODE | SSM | all | disable (local) | Client SSL policy: `disable` | `require` | `verify-ca` | `verify-full`. |
DATABASE_SSL_CA_BUNDLE_B64 | Secrets Manager | prod | — | Base64 PEM CA bundle for Postgres TLS verification; decoded to `./tls/database-ca.crt` and mounted at `/etc/ssl/database/ca.crt`. Use the CA that signs PgBouncer’s cert (or the RDS/Aurora global CA when connecting straight to AWS). |
DATABASE_SSL_CA_FILE | env | all | /etc/ssl/database/ca.crt | In-container path to the decoded Postgres CA bundle. |
REDIS_URL | Secrets Manager | all | — | Redis connection string; rediss:// when TLS is enabled. |
REDIS_TLS_CA_BUNDLE_B64 | Secrets Manager | prod | — | Base64 PEM CA bundle for Redis TLS; decoded to `./tls/redis-ca.crt` and mounted at `/etc/ssl/redis/ca.crt`. Often empty when relying on the system trust store (e.g. ElastiCache). |
REDIS_TLS_CA_FILE | env | all | /etc/ssl/redis/ca.crt | In-container path to the decoded Redis CA bundle. |
AWS and infrastructure
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
AWS_REGION | env | all | eu-central-1 | AWS region for SSM / Secrets Manager / S3 calls. |
HTTP_PROXY | env | prod | — | Forward proxy for outbound HTTP. v0.9.11 hardens AWS / LLM paths to honour it. |
HTTPS_PROXY | env | prod | — | Forward proxy for outbound HTTPS. |
NO_PROXY | env | prod | — | Hosts to bypass the proxy. |
SSM_PARAM_PREFIX | env | all | /delphi/<env>/ | Prefix under which Delphi SSM params live. |
S3_CONFIG_BUCKET | env | prod | — | S3 bucket where the deployment config bundles live; consumed by fetch-config on every host. |
Observability
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
OTEL_EXPORTER_OTLP_ENDPOINT | env | all | 10.0.1.10:4317 (prod) | OTLP collector endpoint. |
OTEL_SERVICE_NAME | env | all | — | Service identifier in spans / logs. |
SIGNOZ_URL | env | all | https://signoz.<env>.delphi/ | URL TelWeb queries for the Debug tab. |
SIGNOZ_API_TOKEN | Secrets Manager | prod | — | API token for SigNoz Logs / Traces queries. |
Feature flags
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
FEATURE_AI_FLOW_BUILDER | env | all | true | AI Flow Builder UI + runtime. |
FEATURE_QA_SCORING | env | all | true | QA scoring jobs and tab. |
FEATURE_AUDIO_PREPROCESSING | env | all | true | AudioProc container in the voice stack. |
FEATURE_TTS_MEDIA_CACHE | env | all | true | TTS cache lookups and writes. |
FEATURE_REGISTRATION | env | all | false | Public registration flow. |
FEATURE_SUBSCRIPTIONS | env | all | false | Subscription / billing guards. |
FEATURE_SMS | env | all | false | SMS dispatch (Vonage). |
FEATURE_WEBRTC | env | all | true | Janus + TURN WebRTC stack. |
FEATURE_API_ACCESS | env | all | true | External API key access. |
FEATURE_ADDITIONAL_PROVIDERS | env | all | true | Non-default AI providers (Azure, Pythia, TOBi). |
FEATURE_SUBSCRIPTION_MANAGEMENT | env | all | false | Self-service subscription UI. |
Billing
| Name | Source | Scope | Default | Description |
|---|---|---|---|---|
STRIPE_SECRET_KEY | Secrets Manager | prod | — | Stripe API key for checkout / subscriptions. |
STRIPE_WEBHOOK_SECRET | Secrets Manager | prod | — | Verifies inbound Stripe webhook signatures. |
BILLING_DEFAULT_PLAN | TelWeb · Platform | all | — | Default plan assigned on registration; mutable in TelWeb. |