Environment Variables Reference
Runtime environment variables used by the AuroraSOC codebase.
Core application
| Variable | Default | Description |
|---|---|---|
ENVIRONMENT | development | Runtime environment: development, staging, production |
DEBUG | false | Enable debug mode with verbose logging and auto-reload |
LOG_LEVEL | INFO | Logging level: DEBUG, INFO, WARNING, ERROR |
SYSTEM_MODE | dry_run | Runtime guardrail mode: dry_run or real |
LLM provider
| Variable | Default | Description |
|---|---|---|
LLM_BACKEND | vllm | Inference backend: vllm or ollama |
VLLM_MODEL | granite-soc-specialist | vLLM specialist model |
VLLM_ORCHESTRATOR_MODEL | granite-soc-specialist | vLLM orchestrator model |
VLLM_BASE_URL | http://vllm:8000/v1 | vLLM instance URL |
OLLAMA_MODEL | granite4:8b | Ollama specialist model |
OLLAMA_ORCHESTRATOR_MODEL | granite4:8b | Ollama orchestrator model. Keep equal to OLLAMA_MODEL for single-model local deployments. |
OLLAMA_BASE_URL | http://ollama:11434 | Ollama instance URL |
Local single-model controls
| Variable | Default | Description |
|---|---|---|
GRANITE_SINGLE_MODEL_MODE | true | Forces all agents to resolve to the same model tag |
GRANITE_USE_SHARED_MODEL_POOL | true | Reuses ChatModel instances for identical backend/model/provider tuples |
GRANITE_MAX_CONCURRENT_REQUESTS | 1 | Recommended local inference concurrency. Keep at 1 on 8 GB VRAM. |
GRANITE_INFERENCE_TIMEOUT_SECONDS | 180 | Per-request timeout for local LLM inference |
PostgreSQL
| Variable | Default | Description |
|---|---|---|
PG_HOST | postgres | PostgreSQL hostname |
PG_PORT | 5432 | PostgreSQL port |
PG_USER | aurorasoc | Database user |
PG_PASSWORD | Required in compose | Database password |
PG_DATABASE | aurorasoc | Database name |
PG_POOL_SIZE | 20 | SQLAlchemy connection pool size |
PG_MAX_OVERFLOW | 10 | Extra connections beyond pool size |
PG_SSLMODE | prefer | SSL mode: disable, prefer, require, verify-ca, verify-full |
Redis
| Variable | Default | Description |
|---|---|---|
REDIS_URL | redis://redis:6379 | Direct connection URL |
NATS JetStream
| Variable | Default | Description |
|---|---|---|
NATS_URL | nats://localhost:4222 | NATS server URL |
NATS_STREAM_NAME | AURORA | JetStream stream name |
NATS_CONNECT_TIMEOUT_SECONDS | 5.0 | Initial NATS connection deadline |
MQTT
| Variable | Default | Description |
|---|---|---|
MQTT_HOST | mosquitto | MQTT broker hostname |
MQTT_PORT | 8883 | MQTT broker port (mTLS-first) |
MQTT_USERNAME | None | MQTT username (optional) |
MQTT_PASSWORD | None | MQTT password (optional) |
MQTT_TOPIC_PREFIX | aurora | MQTT topic prefix |
HashiCorp Vault
| Variable | Default | Description |
|---|---|---|
VAULT_ADDR | http://vault:8200 | Vault server URL |
VAULT_TOKEN | None | Vault access token |
VAULT_KV_MOUNT | secret | KV-v2 secrets mount path |
VAULT_PKI_MOUNT | pki_iot | PKI mount path |
Authentication
| Variable | Default | Description |
|---|---|---|
JWT_SECRET_KEY | Required, 32+ chars | JWT signing secret |
JWT_EXPIRY_HOURS | 24 | Token lifetime in hours |
API_SERVICE_KEY | Required | Bootstrap API key for service auth |
Approval policy
| Variable | Default | Description |
|---|---|---|
APPROVAL_EXPIRES_MINUTES | 30 | Default expiration for human approval requests |
APPROVAL_WAIT_TIMEOUT_SECONDS | 300 | Default wait timeout for approval polling |
APPROVAL_POLL_INTERVAL_SECONDS | 5 | Poll interval for approval decision checks |
Observability
| Variable | Default | Description |
|---|---|---|
OTEL_EXPORTER_ENDPOINT | http://otel-collector:4317 | OTLP gRPC endpoint |
OTEL_SERVICE_NAME | aurorasoc | Service name in traces |
OTEL_PROMETHEUS_PORT | 9090 | Prometheus metrics port |
Agent deployment
| Variable | Default | Description |
|---|---|---|
A2A_DISCOVERY_MODE | compose | Agent service discovery: compose or k8s |
A2A_CLIENT_HOST | None | Global override for all A2A target hostnames |
ENABLED_AGENTS | all | Comma-separated specialist agent names, or all |
Fleet runtime orchestrator
| Variable | Default | Description |
|---|---|---|
FLEET_RUNTIME_ORCHESTRATOR | compose | Runtime backend: compose, noop, or k8s |
FLEET_COMPOSE_BIN | Auto-detected | Path to docker or podman binary |
FLEET_COMPOSE_PROJECT | aurorasoc | Docker Compose project name |
FLEET_COMPOSE_PROJECT_DIRECTORY | . | Directory containing the Compose file |
FLEET_COMPOSE_FILE | infra/compose/docker-compose.yml | Path to Compose file |
FLEET_AUTOSCALER_ENABLED | false | Enable fleet autoscaling |
FLEET_AUTOSCALER_INTERVAL_SECONDS | 20 | Autoscaler evaluation interval |
FLEET_RECONCILE_INTERVAL_SECONDS | 15 | Fleet reconciler loop interval |
FLEET_PROBE_INTERVAL_SECONDS | 30 | Agent health probe interval |
FLEET_CONTAINER_LABEL_PREFIX | aurorasoc.fleet | Prefix for container labels used in fleet discovery |
Suricata IDS/IPS
| Variable | Default | Description |
|---|---|---|
SURICATA_MODE | replay | Ingest mode: replay (PCAP) or live (af-packet) |
SURICATA_HOME_NET | [10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,127.0.0.1/32] | CIDRs considered internal by Suricata |
SURICATA_EXTERNAL_NET | !$HOME_NET | Inverse address group for external traffic |
SURICATA_CAPTURE_INTERFACE | None | NIC used in live mode |
SURICATA_INTERFACE | None | Alternative NIC name, overrides SURICATA_CAPTURE_INTERFACE |
SURICATA_PCAP_FILE | /pcaps/sample.pcap | PCAP path inside container (replay mode) |
GPU and vLLM tuning
| Variable | Default | Description |
|---|---|---|
VLLM_GPU_MEMORY_UTIL | 0.90 | Fraction of GPU VRAM for KV-cache. Reduce if OOM. |
VLLM_MAX_MODEL_LEN | 8192 | Maximum sequence length. Lower uses less VRAM. |
CUDA_VISIBLE_DEVICES | Unset | GPU index for vLLM container. Unset uses all GPUs. |
To validate all loaded settings, start the API with DEBUG=true:
DEBUG=true python -m aurorasoc.api.main
Settings are printed at INFO level during startup.