Deployment

Environment Variables

Complete reference for all thinnestAI environment variables — database, authentication, LLM providers, voice, Redis, and more.

Environment Variables

thinnestAI is configured entirely through environment variables. This page is the complete reference.

Setup

Copy the example file and edit it:

cp .env.example .env

For Docker deployments, the .env file is loaded automatically. For GCP, use Secret Manager for sensitive values (see GCP Deployment).

Required Variables

These must be set for thinnestAI to start:

# PostgreSQL connection string
PG_DB_URL=postgresql://user:password@localhost:5432/agno

# Encryption key for sensitive data (must be exactly 32 characters)
ENCRYPTION_KEY=your-32-character-encryption-key

Database

VariableRequiredDescriptionExample
PG_DB_URLYesPostgreSQL connection stringpostgresql://user:pass@host:5432/agno
DB_POOL_SIZENoConnection pool size (default: 10)20
DB_MAX_OVERFLOWNoMax overflow connections (default: 20)30
DB_POOL_TIMEOUTNoPool timeout in seconds (default: 30)60

Cloud SQL (GCP)

When using Cloud SQL, the connection string uses a Unix socket:

PG_DB_URL=postgresql://postgres:PASSWORD@/agno?host=/cloudsql/PROJECT:REGION:INSTANCE

Authentication

VariableRequiredDescriptionExample
AUTH0_DOMAINYesAuth0 tenant domainyour-tenant.auth0.com
AUTH0_AUDIENCEYesAuth0 API audience identifierhttps://api.thinnest.ai
AUTH0_CLIENT_IDNoAuth0 client ID (for OAuth flows)abc123def456
AUTH0_CLIENT_SECRETNoAuth0 client secretsecret_value
AUTH0_DOMAIN=your-tenant.auth0.com
AUTH0_AUDIENCE=https://api.thinnest.ai
AUTH0_CLIENT_ID=your_client_id
AUTH0_CLIENT_SECRET=your_client_secret

LLM Providers

Configure one or more LLM providers. You only need the providers your agents use.

OpenAI

VariableRequiredDescriptionExample
OPENAI_API_KEYIf using OpenAIOpenAI API keysk-...
OPENAI_ORG_IDNoOpenAI organization IDorg-...
OPENAI_API_KEY=sk-your-openai-api-key
OPENAI_ORG_ID=org-your-org-id

Google AI (Gemini)

VariableRequiredDescriptionExample
GOOGLE_API_KEYIf using GeminiGoogle AI API keyAIza...
GOOGLE_API_KEY=AIzaSy-your-google-api-key

Anthropic (Claude)

VariableRequiredDescriptionExample
ANTHROPIC_API_KEYIf using ClaudeAnthropic API keysk-ant-...
ANTHROPIC_API_KEY=sk-ant-your-anthropic-key

OpenRouter

VariableRequiredDescriptionExample
OPENROUTER_API_KEYIf using OpenRouterOpenRouter API keysk-or-...
OPENROUTER_API_KEY=sk-or-your-openrouter-key

Voice & Telephony

Twilio

VariableRequiredDescriptionExample
TWILIO_ACCOUNT_SIDIf using voiceTwilio account SIDAC...
TWILIO_AUTH_TOKENIf using voiceTwilio auth tokentoken_value
TWILIO_PHONE_NUMBERNoDefault Twilio phone number+14155551234
TWILIO_ACCOUNT_SID=ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
TWILIO_AUTH_TOKEN=your_twilio_auth_token
TWILIO_PHONE_NUMBER=+14155551234

Vobiz (SIP)

VariableRequiredDescriptionExample
VOBIZ_API_URLIf using VobizVobiz API endpointhttps://api.vobiz.com
VOBIZ_API_KEYIf using VobizVobiz API keykey_value
VOBIZ_SIP_DOMAINIf using VobizSIP domainsip.vobiz.com
VOBIZ_SIP_USERNAMEIf using VobizSIP usernameusername
VOBIZ_SIP_PASSWORDIf using VobizSIP passwordpassword
VOBIZ_API_URL=https://api.vobiz.com
VOBIZ_API_KEY=your_vobiz_api_key
VOBIZ_SIP_DOMAIN=sip.vobiz.com
VOBIZ_SIP_USERNAME=your_sip_username
VOBIZ_SIP_PASSWORD=your_sip_password

Redis

VariableRequiredDescriptionExample
REDIS_URLYesRedis connection URLredis://localhost:6379
REDIS_PASSWORDNoRedis password (if auth enabled)password
REDIS_URL=redis://localhost:6379
REDIS_PASSWORD=your_redis_password

Email

VariableRequiredDescriptionExample
SMTP_HOSTIf sending emailSMTP server hostnamesmtp.gmail.com
SMTP_PORTIf sending emailSMTP port587
SMTP_USERNAMEIf sending emailSMTP usernamenoreply@yourdomain.com
SMTP_PASSWORDIf sending emailSMTP password or app passwordpassword
SMTP_FROM_EMAILIf sending emailSender email addressnoreply@yourdomain.com
SMTP_FROM_NAMENoSender display namethinnestAI
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=noreply@yourdomain.com
SMTP_PASSWORD=your_smtp_password
SMTP_FROM_EMAIL=noreply@yourdomain.com
SMTP_FROM_NAME=thinnestAI

Application Settings

VariableRequiredDescriptionExample
ENVIRONMENTNoDeployment environmentdevelopment, production
DEV_MODENoEnable development featurestrue, false
ALLOWED_ORIGINSNoCORS allowed origins (comma-separated)http://localhost:3000,https://app.yourdomain.com
LOG_LEVELNoLogging verbosityDEBUG, INFO, WARNING, ERROR
PORTNoServer port (default: 8000 dev, 8080 prod)8000
ENVIRONMENT=production
DEV_MODE=false
ALLOWED_ORIGINS=https://app.yourdomain.com
LOG_LEVEL=INFO
PORT=8080

Encryption & Security

VariableRequiredDescriptionExample
ENCRYPTION_KEYYes32-character key for encrypting sensitive dataabcdefghijklmnopqrstuvwxyz123456
JWT_SECRETNoJWT signing secret (uses Auth0 by default)secret_value
ENCRYPTION_KEY=abcdefghijklmnopqrstuvwxyz123456

Generate a secure encryption key:

python -c "import secrets; print(secrets.token_urlsafe(24)[:32])"

Monitoring & Observability

VariableRequiredDescriptionExample
OTEL_EXPORTER_OTLP_ENDPOINTNoOpenTelemetry collector endpointhttp://localhost:4318
OTEL_SERVICE_NAMENoService name for tracesthinnestai-backend
OTEL_ENABLEDNoEnable OpenTelemetrytrue
OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
OTEL_SERVICE_NAME=thinnestai-backend
OTEL_ENABLED=true

Google OAuth (Agent Tools)

These enable Gmail, Google Calendar, and Google Sheets tools for agents.

VariableRequiredDescriptionExample
GOOGLE_OAUTH_CLIENT_IDIf using Google toolsGoogle OAuth client IDxxx.apps.googleusercontent.com
GOOGLE_OAUTH_CLIENT_SECRETIf using Google toolsGoogle OAuth client secretGOCSPX-...
GOOGLE_OAUTH_REDIRECT_URIIf using Google toolsOAuth redirect URIhttps://api.yourdomain.com/api/oauth/google/callback
GOOGLE_OAUTH_CLIENT_ID=your-client-id.apps.googleusercontent.com
GOOGLE_OAUTH_CLIENT_SECRET=GOCSPX-your-client-secret
GOOGLE_OAUTH_REDIRECT_URI=https://api.yourdomain.com/api/oauth/google/callback

Billing

VariableRequiredDescriptionExample
STRIPE_SECRET_KEYIf using paymentsStripe secret keysk_live_...
STRIPE_WEBHOOK_SECRETIf using paymentsStripe webhook signing secretwhsec_...
WELCOME_TOKENSNoFree tokens for new accounts1.00
STRIPE_SECRET_KEY=sk_live_your_stripe_key
STRIPE_WEBHOOK_SECRET=whsec_your_webhook_secret
WELCOME_TOKENS=1.00

GCP-Specific

VariableRequiredDescriptionExample
GCP_PROJECT_IDIf on GCPGCP project IDmy-project-123
GCP_REGIONIf on GCPGCP regionus-central1
CLOUD_SQL_CONNECTION_NAMEIf on GCPCloud SQL instance connectionproject:region:instance
GCS_BUCKET_NAMENoGoogle Cloud Storage bucketthinnestai-uploads
GCP_PROJECT_ID=my-project-123
GCP_REGION=us-central1
CLOUD_SQL_CONNECTION_NAME=my-project-123:us-central1:thinnestai-db
GCS_BUCKET_NAME=thinnestai-uploads

Example .env File

Here's a complete example for local development:

# Database
PG_DB_URL=postgresql://agno:password@localhost:5432/agno

# Redis
REDIS_URL=redis://localhost:6379

# Security
ENCRYPTION_KEY=abcdefghijklmnopqrstuvwxyz123456

# Auth
AUTH0_DOMAIN=your-tenant.auth0.com
AUTH0_AUDIENCE=https://api.thinnest.ai

# LLM Providers (configure at least one)
OPENAI_API_KEY=sk-your-openai-key
GOOGLE_API_KEY=AIzaSy-your-google-key
ANTHROPIC_API_KEY=sk-ant-your-anthropic-key

# Application
ENVIRONMENT=development
DEV_MODE=true
ALLOWED_ORIGINS=http://localhost:3000
LOG_LEVEL=DEBUG

# Email (optional)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=noreply@yourdomain.com
SMTP_PASSWORD=your_app_password
SMTP_FROM_EMAIL=noreply@yourdomain.com

# Voice (optional)
TWILIO_ACCOUNT_SID=ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
TWILIO_AUTH_TOKEN=your_twilio_auth_token

Next Steps

On this page

Environment VariablesSetupRequired VariablesDatabaseCloud SQL (GCP)AuthenticationLLM ProvidersOpenAIGoogle AI (Gemini)Anthropic (Claude)OpenRouterVoice & TelephonyTwilioVobiz (SIP)RedisEmailApplication SettingsEncryption & SecurityMonitoring & ObservabilityGoogle OAuth (Agent Tools)BillingGCP-SpecificExample .env FileNext Steps