Skip to content
XeroML XeroML

Configuration Reference

All XeroML configuration is done via environment variables. This page documents the available variables for self-hosted deployments.

Required

VariableDescription
NEXTAUTH_URLThe canonical URL of your XeroML instance (e.g., https://xeroml.yourdomain.com)
NEXTAUTH_SECRETRandom secret for session encryption. Generate with: openssl rand -hex 32
SALTRandom secret for hashing. Generate with: openssl rand -hex 32
DATABASE_URLPostgreSQL connection string: postgresql://user:pass@host:5432/xeroml

Database

VariableDefaultDescription
DATABASE_URLPostgreSQL connection string
DIRECT_URLSame as DATABASE_URLDirect connection URL (required for migrations)
SHADOW_DATABASE_URLShadow database for migrations in some environments

ClickHouse (Optional)

ClickHouse is required for large-scale trace storage. Without it, traces are stored in PostgreSQL (limited to ~1M traces).

VariableDefaultDescription
CLICKHOUSE_URLClickHouse connection URL
CLICKHOUSE_USERdefaultClickHouse username
CLICKHOUSE_PASSWORDClickHouse password

Redis

VariableDefaultDescription
REDIS_CONNECTION_STRINGRedis connection URL (redis://host:6379)
REDIS_TLS_ENABLEDfalseEnable TLS for Redis connection

Storage

VariableDefaultDescription
LANGFUSE_S3_MEDIA_UPLOAD_ENABLEDfalseEnable S3-compatible blob storage
S3_BUCKET_NAMEBucket name
S3_ENDPOINTS3 endpoint URL (for non-AWS providers)
S3_REGIONus-east-1AWS region
S3_ACCESS_KEYAccess key ID
S3_SECRET_KEYSecret access key

Authentication

VariableDefaultDescription
AUTH_DISABLE_USERNAME_PASSWORDfalseDisable email/password login
AUTH_GOOGLE_CLIENT_IDGoogle OAuth client ID
AUTH_GOOGLE_CLIENT_SECRETGoogle OAuth client secret
AUTH_GITHUB_CLIENT_IDGitHub OAuth client ID
AUTH_GITHUB_CLIENT_SECRETGitHub OAuth client secret
AUTH_OKTA_CLIENT_IDOkta OIDC client ID
AUTH_OKTA_CLIENT_SECRETOkta OIDC client secret
AUTH_OKTA_ISSUEROkta issuer URL

Email

VariableDefaultDescription
SMTP_HOSTSMTP server hostname
SMTP_PORT587SMTP port
SMTP_USERSMTP username
SMTP_PASSWORDSMTP password
EMAIL_FROMSender address for transactional emails

Telemetry

VariableDefaultDescription
XEROML_ENABLE_EXPERIMENTAL_FEATURESfalseEnable features in active development
XEROML_DISABLE_EXPENSIVE_POSTGRES_QUERIESfalseOptimize for high trace volume on PostgreSQL-only setups
XEROML_LOG_LEVELinfoLog verbosity: debug, info, warn, error

Security

VariableDefaultDescription
ALLOWED_ORIGINSComma-separated list of allowed CORS origins
HTTP_PROXYOutbound HTTP proxy for LLM API calls from evaluators
HTTPS_PROXYOutbound HTTPS proxy
NO_PROXYHosts to bypass proxy