web-secrets Kubernetes secret.
| Environment Variable | Description & Example |
|---|---|
AUTH_GOOGLE_CLIENT_SECRET | Secret key obtained from Google Cloud Console for OAuth 2.0 authentication. Used to verify authentication requests from Google. Example: GOCSPX-xxxxxxxxxxxxx |
AUTH_MICROSOFT_CLIENT_ISSUER | The issuer URL for Microsoft Entra ID (formerly Azure AD). This identifies your Microsoft tenant and is used to validate tokens. Example: https://login.microsoftonline.com/your-tenant-id/v2.0 |
AUTH_MICROSOFT_CLIENT_SECRET | Secret key obtained from Microsoft Entra ID app registration. Used to authenticate your application with Microsoft’s OAuth service. Example: your-microsoft-client-secret |
AUTH_SECRET | A randomly generated secret key used for encrypting session tokens and cookies. Should be a long, random string for security. Generate using: openssl rand -base64 32Example: your-random-secret-key-min-32-chars |
AUTH_URL | The base URL of your application where OAuth callbacks will be sent. This must match the callback URLs configured in your OAuth providers. Example: https://your-domain.com |
AUTH_XERO_CLIENT_SECRET | Secret key obtained from Xero Developer portal for OAuth 2.0 authentication. Required if integrating with Xero accounting software. Example: your-xero-client-secret |
BUCKET_KEY | Used for programmatic access to encrypt objects path. Example: AKIAIOSFODNN7EXAMPLE |
BUCKET_NAME | The name of the S3-compatible bucket where application files, uploads, and assets will be stored. Example: hyko-production-storage |
POSTGRES_URL | Full PostgreSQL connection string including credentials, host, port, and database name. Used by the application to connect to the database. Example: postgresql://hyko:[email protected]:5432/hyko |
HYKO_NAMESPACE | The Kubernetes namespace where Hyko is deployed. Used by the application to interact with Kubernetes resources in the same namespace. Example: hyko-v2 |
HYKO_AUTH_GOOGLE_CLIENT_ID | OAuth 2.0 Client ID obtained from Google Cloud Console. Identifies your application to Google’s authentication service. Example: 123456789-abcdefg.apps.googleusercontent.com |
HYKO_AUTH_MICROSOFT_CLIENT_ID | Application (client) ID from Microsoft Entra ID app registration. Identifies your application to Microsoft’s authentication service. Example: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx |
HYKO_AUTH_XERO_CLIENT_ID | OAuth 2.0 Client ID from Xero Developer portal. Identifies your application when users authenticate with Xero. Example: your-xero-client-id |
HYKO_CDN_BASE_URL | Base URL for a Content Delivery Network if you’re using one to serve static assets. Improves performance by caching assets globally. Example: https://cdn.your-domain.com |
HYKO_DOMAIN_NAME | The primary domain name for your application without protocol. Used for cookie domain settings and email generation. Example: your-domain.com |
DEEPSEEK_API_KEY | API key for DeepSeek’s AI models. Used to authenticate requests to DeepSeek’s LLM API for text generation and analysis. Example: sk-xxxxxxxxxxxxx |
GOOGLE_GENERATIVE_AI_API_KEY | API key for Google’s Generative AI (Gemini). Used to access Google’s AI models for text generation, chat, and embeddings. Example: AIzaSyxxxxxxxxxxxxx |
OPENAI_API_KEY | API key for OpenAI services. Used to authenticate requests to OpenAI’s API for GPT models, embeddings, and other AI services. Example: sk-proj-xxxxxxxxxxxxx |
OLLAMA_LLM_URL | Base URL for a self-hosted Ollama instance. Ollama allows running open-source LLMs locally without external API dependencies. Example: http://ollama-service.namespace.svc.cluster.local:11434/api |
OLLAMA_MODEL | The specific model identifier to use with Ollama. Determines which LLM model will be loaded and used for inference. Example: llama2 |
PUBLIC_STORAGE_BASE_URL | Publicly accessible URL for retrieving files from object storage. Used to generate download links and display uploaded content. Example: https://storage.your-domain.com |
STORAGE_ADMIN_PASSWORD | Administrator password for MinIO or S3-compatible storage. Used for administrative operations and bucket management. Example: your-storage-admin-password |
STORAGE_ADMIN_USERNAME | Administrator username for MinIO or S3-compatible storage. Typically ‘admin’ or ‘root’ for full administrative access. Example: admin |
STORAGE_BASE_URL | Internal Kubernetes service URL for object storage. Used by backend services to upload and retrieve files within the cluster. Example: http://minio.hyko-v2.svc.cluster.local:9000 |
STORAGE_REGION | AWS region identifier for S3-compatible storage. Even for MinIO, this should be set to a valid AWS region format. Example: us-east-1 |