Background

Keep is highly configurable through environment variables. This allows you to customize various aspects of both the backend and frontend components without modifying the code. Environment variables can be set in your deployment environment, such as in your Kubernetes configuration, Docker Compose file, or directly on your host system.

Backend Environment Variables

General

General configuration variables control the core behavior of the Keep server. These settings determine fundamental aspects such as the server’s host, port, and whether certain components like the scheduler and consumer are enabled.

Env varPurposeRequiredDefault ValueValid options
KEEP_HOSTSpecifies the host for the Keep serverNo”0.0.0.0”Valid hostname or IP address
PORTSpecifies the port on which the backend server runsNo8080Any valid port number
SCHEDULEREnables or disables the workflow schedulerNo”true""true” or “false”
CONSUMEREnables or disables the consumerNo”true""true” or “false”
KEEP_VERSIONSpecifies the Keep versionNo”unknown”Valid version string
KEEP_API_URLSpecifies the Keep API URLNoConstructed from HOST and PORTValid URL
KEEP_STORE_RAW_ALERTSEnables storing of raw alertsNo”false""true” or “false”
TENANT_CONFIGURATION_RELOAD_TIMETime in minutes to reload tenant configurationsNo5Positive integer

Logging and Environment

Logging and environment configuration determines how Keep generates and formats log output. These settings are crucial for debugging, monitoring, and understanding the behavior of your Keep instance in different environments.

Env varPurposeRequiredDefault ValueValid options
LOG_LEVELSets the logging level for the applicationNo”INFO""DEBUG”, “INFO”, “WARNING”, “ERROR”, “CRITICAL”
ENVIRONMENTSpecifies the environment the application is running inNo”production""development”, “staging”, “production”
LOG_FORMATSpecifies the log formatNo”open_telemetry""open_telemetry”, “dev_terminal”
LOG_AUTH_PAYLOADEnables logging of authentication payloadNo”false""true” or “false”

Database

Database configuration is crucial for Keep’s data persistence. Keep supports various database backends through SQLAlchemy, allowing flexibility in choosing and configuring your preferred database system.

Env varPurposeRequiredDefault ValueValid options
DATABASE_CONNECTION_STRINGSpecifies the database connection URLYesNoneValid SQLAlchemy connection string
DATABASE_POOL_SIZESets the database connection pool sizeNo5Positive integer
DATABASE_MAX_OVERFLOWSets the maximum overflow for the connection poolNo10Positive integer
DATABASE_ECHOEnables SQLAlchemy echo mode for debuggingNoFalseBoolean (True/False)
DB_CONNECTION_NAMESpecifies the Cloud SQL connection nameNo”keephq-sandbox:us-central1:keep”Valid Cloud SQL connection string
DB_SERVICE_ACCOUNTService account for database impersonationNoNoneValid service account email
SKIP_DB_CREATIONSkips database creation and migrationsNo”false""true” or “false”

Resource Provisioning

Resource provisioning settings control how Keep sets up initial resources. This configuration is particularly important for automating the setup process and ensuring that necessary resources are available when Keep starts.

To elaborate on resource provisioning and its configuration, please see provisioning docs.
Env varPurposeRequiredDefault ValueValid options
PROVISION_RESOURCESEnables or disables resource provisioningNo”true""true” or “false”

Authentication

Authentication configuration determines how Keep verifies user identities and manages access control. These settings are essential for securing your Keep instance and integrating with various authentication providers.

For specific authentication type configuration, please see authentication docs.
Env varPurposeRequiredDefault ValueValid options
AUTH_TYPESpecifies the authentication typeNo”noauth""auth0”, “keycloak”, “db”, “noauth”, “oauth2proxy”
KEEP_JWT_SECRETSecret key for JWT token generation and validation (DB auth only)YesNoneAny strong secret string
KEEP_DEFAULT_USERNAMEDefault username for the admin user (DB auth only)No”keep”Any valid username string
KEEP_DEFAULT_PASSWORDDefault password for the admin user (DB auth only)No”keep”Any strong password string
KEEP_FORCE_RESET_DEFAULT_PASSWORDForces reset of default user passwordNo”false""true” or “false”
KEEP_DEFAULT_API_KEYSComma-separated list of default API keys to provisionNo""Format: “name:role:secret,name:role:secret”

Secrets Management

Secrets Management configuration specifies how Keep handles sensitive information. This is crucial for securely storing and accessing confidential data such as API keys and integrations credentials.

Env varPurposeRequiredDefault ValueValid options
SECRET_MANAGER_TYPEDefines the type of secret manager to useYes”FILE""FILE”, “GCP”, “K8S”, “VAULT”
SECRET_MANAGER_DIRECTORYDirectory for storing secrets when using file-based secret managementNo”/state”Any valid directory path

OpenTelemetry

OpenTelemetry configuration enables comprehensive observability for Keep. These settings allow you to integrate Keep with various monitoring and tracing systems, enhancing your ability to debug and optimize performance.

Env varPurposeRequiredDefault ValueValid options
OTEL_SERVICE_NAMEOpenTelemetry service nameNo”keep-api”Valid service name string
SERVICE_NAMEAlternative for OTEL_SERVICE_NAMENo”keep-api”Valid service name string
OTEL_EXPORTER_OTLP_ENDPOINTOpenTelemetry collector endpointNoNoneValid URL
OTLP_ENDPOINTAlternative for OTEL_EXPORTER_OTLP_ENDPOINTNoNoneValid URL
OTEL_EXPORTER_OTLP_TRACES_ENDPOINTOpenTelemetry traces endpointNoNoneValid URL
OTEL_EXPORTER_OTLP_LOGS_ENDPOINTOpenTelemetry logs endpointNoNoneValid URL
OTEL_EXPORTER_OTLP_METRICS_ENDPOINTOpenTelemetry metrics endpointNoNoneValid URL
CLOUD_TRACE_ENABLEDEnables Google Cloud Trace exporterNo”false""true” or “false”
METRIC_OTEL_ENABLEDEnables OpenTelemetry metricsNo"""true” or “false”

WebSocket Server (Pusher/Soketi)

WebSocket server configuration controls real-time communication capabilities in Keep. These settings are important for enabling features that require instant updates and notifications.

Env varPurposeRequiredDefault ValueValid options
PUSHER_DISABLEDDisables Pusher integrationNo”false""true” or “false”
PUSHER_HOSTHostname of the Pusher serverNoNoneValid hostname or IP address
PUSHER_PORTPort of the Pusher serverNoNoneAny valid port number
PUSHER_APP_IDPusher application IDYes (if using Pusher)NoneValid Pusher App ID
PUSHER_APP_KEYPusher application keyYes (if using Pusher)NoneValid Pusher App Key
PUSHER_APP_SECRETPusher application secretYes (if using Pusher)NoneValid Pusher App Secret
PUSHER_USE_SSLEnables SSL for Pusher connectionNoFalseBoolean (True/False)
PUSHER_CLUSTERPusher clusterNoNoneValid Pusher cluster name

OpenAPI

OpenAPI configuration is used for integrating with OpenAI services. These settings are important if you’re utilizing OpenAI capabilities within Keep for tasks such as natural language processing or AI-assisted operations.

Env varPurposeRequiredDefault ValueValid options
OPENAI_API_KEYAPI key for OpenAI servicesNoNoneValid OpenAI API key

Posthog

Posthog configuration controls Keep’s integration with the Posthog analytics platform. These settings are useful for tracking usage patterns and gathering insights about how your Keep instance is being used.

Env varPurposeRequiredDefault ValueValid options
POSTHOG_API_KEYAPI key for PostHog analyticsNo”phc_muk9qE3TfZsX3SZ9XxX52kCGJBclrjhkP9JxAQcm1PZ”Valid PostHog API key
POSTHOG_DISABLEDDisables PostHog integrationNo”false""true” or “false”

Ngrok

Ngrok configuration enables secure tunneling to your Keep instance. These settings are particularly useful for development or when you need to expose your local Keep instance to the internet securely.

Env varPurposeRequiredDefault ValueValid options
USE_NGROKEnables ngrok for tunnelingNo”false""true” or “false”
NGROK_AUTH_TOKENAuthentication token for ngrokNoNoneValid ngrok auth token
NGROK_DOMAINCustom domain for ngrokNoNoneValid domain name

Elasticsearch

Elasticsearch configuration controls Keep’s integration with Elasticsearch for advanced search capabilities. These settings are important if you’re using Elasticsearch to enhance Keep’s search functionality and performance.

Env varPurposeRequiredDefault ValueValid options
ELASTIC_ENABLEDEnables Elasticsearch integrationNo”false""true” or “false”
ELASTIC_API_KEYAPI key for ElasticsearchYes (if using Elasticsearch)NoneValid Elasticsearch API key
ELASTIC_HOSTSComma-separated list of Elasticsearch hostsYes (if using Elasticsearch)NoneValid Elasticsearch host URLs
ELASTIC_USERUsername for Elasticsearch basic authNoNoneValid username
ELASTIC_PASSWORDPassword for Elasticsearch basic authNoNoneValid password
ELASTIC_INDEX_SUFFIXSuffix for Elasticsearch index namesYes (for single tenant)NoneAny valid string

Redis

Redis configuration specifies the connection details for Keep’s Redis instance. Redis is used for various caching and queueing purposes, making these settings important for optimizing Keep’s performance and scalability.

Env varPurposeRequiredDefault ValueValid options
REDIS_HOSTRedis server hostnameNo”localhost”Valid hostname or IP address
REDIS_PORTRedis server portNo6379Valid port number
REDIS_USERNAMERedis usernameNoNoneValid username string
REDIS_PASSWORDRedis passwordNoNoneValid password string

ARQ

ARQ (Asynchronous Task Queue) configuration controls Keep’s background task processing. These settings are crucial for managing how Keep handles long-running or scheduled tasks, ensuring efficient resource utilization and responsiveness.

Env varPurposeRequiredDefault ValueValid options
ARQ_BACKGROUND_FUNCTIONSComma-separated list of background functions to runNoNoneValid function names
ARQ_KEEP_RESULTDuration to keep job results (in seconds)No3600Positive integer
ARQ_EXPIRESDefault job expiration time (in seconds)No3600Positive integer
ARQ_EXPIRES_AIAI job expiration time (in seconds)No3600000Positive integer

Frontend Environment Variables

Frontend configuration variables control the behavior and features of Keep’s user interface. These settings are crucial for customizing the frontend’s appearance, functionality, and integration with the backend services.

General

Env varPurposeRequiredDefault ValueValid options
API_URLSpecifies the URL of the Keep backend APIYesNoneValid URL

Authentication

Authentication configuration determines how Keep verifies user identities and manages access control. These settings are essential for securing your Keep instance and integrating with various authentication providers.

Env varPurposeRequiredDefault ValueValid options
AUTH_TYPESpecifies the authentication typeNo”noauth""auth0”, “keycloak”, “db”, “noauth”, “oauth2proxy”
NEXTAUTH_URLURL for NextAuth authenticationYesNoneValid URL
NEXTAUTH_SECRETSecret key for NextAuthYesNoneStrong secret string

Posthog

Env varPurposeRequiredDefault ValueValid options
POSTHOG_KEYPostHog API key for frontend analyticsNoNoneValid PostHog API key
POSTHOG_HOSTPostHog Host for frontend analyticsNoNoneValid PostHog Host

Pusher

Pusher configuration is essential for enabling real-time updates and communication in Keep’s frontend. These settings allow the frontend to establish a WebSocket connection with the Pusher server, facilitating instant updates and notifications.

Env varPurposeRequiredDefault ValueValid options
PUSHER_DISABLEDDisables Pusher integrationNo”false""true” or “false”
PUSHER_HOSTHostname of the Pusher serverNo”localhost”Valid hostname or IP address
PUSHER_PORTPort of the Pusher serverNo6001Valid port number
PUSHER_APP_KEYPusher application keyYes (if Pusher enabled)“keepappkey”Valid Pusher App Key
PUSHER_CLUSTERPusher clusterNoNoneValid Pusher cluster name