Environment Variables

All environment variables across AgentSec components.

Proxy (Required)

Variable	Description
`AGENTSEC_ENCRYPTION_KEY`	64 hex chars (32 bytes). Used for HMAC-SHA256 agent key hashing. Generate with `openssl rand -hex 32`
`TELEGRAM_BOT_TOKEN`	Telegram bot token from @BotFather
`TELEGRAM_CHAT_ID`	Telegram chat ID for approval messages

Variable	Description
`AGENTSEC_AGENT_KEY_{NAME}`	API key for each agent. Name is uppercased with hyphens replaced by underscores. Generate with `openssl rand -hex 32`

Example: Agent research-bot → AGENTSEC_AGENT_KEY_RESEARCH_BOT

Variable	Description
`AGENTSEC_CRED_{NAME}`	Secret value for each credential. Same naming convention as agent keys

Example: Credential twitter-holonym → AGENTSEC_CRED_TWITTER_HOLONYM

Variable	Default	Description
`AGENTSEC_CONFIG`	`./agentsec.yaml`	Path to config file
`AGENTSEC_AUDIT_LOG`	`./audit.jsonl`	Path to audit log file
`AGENTSEC_LISTEN_ADDR`	`0.0.0.0:3100`	Listen address
`AGENTSEC_FORWARD_TIMEOUT_SECS`	`30`	Timeout for upstream API requests (seconds)

Variable	Description
`OAUTH_CRED_{NAME}_CONSUMER_KEY`	OAuth consumer key
`OAUTH_CRED_{NAME}_CONSUMER_SECRET`	OAuth consumer secret
`OAUTH_CRED_{NAME}_ACCESS_TOKEN`	OAuth access token
`OAUTH_CRED_{NAME}_ACCESS_TOKEN_SECRET`	OAuth access token secret

Example: Credential twitter → OAUTH_CRED_TWITTER_CONSUMER_KEY, etc.

The signer auto-discovers credentials by scanning for OAUTH_CRED_*_CONSUMER_KEY env vars at startup.

Variable	Default	Description
`OAUTH_SIGNER_PORT`	`8080`	Signer listen port

For both AGENTSEC_AGENT_KEY_* and AGENTSEC_CRED_*: