> ## Documentation Index
> Fetch the complete documentation index at: https://docs.hyko.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Environment variables

Below is a comprehensive table of all environment variables required for the Hyko v2 deployment. These should be included in the `web-secrets` Kubernetes secret.

| Environment Variable            | Description & Example                                                                                                                                                                                                                             |
| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `AUTH_GOOGLE_CLIENT_SECRET`     | Secret key obtained from Google Cloud Console for OAuth 2.0 authentication. Used to verify authentication requests from Google.<br />**Example:** `GOCSPX-xxxxxxxxxxxxx`                                                                          |
| `AUTH_MICROSOFT_CLIENT_ISSUER`  | The issuer URL for Microsoft Entra ID (formerly Azure AD). This identifies your Microsoft tenant and is used to validate tokens.<br />**Example:** `https://login.microsoftonline.com/your-tenant-id/v2.0`                                        |
| `AUTH_MICROSOFT_CLIENT_SECRET`  | Secret key obtained from Microsoft Entra ID app registration. Used to authenticate your application with Microsoft's OAuth service.<br />**Example:** `your-microsoft-client-secret`                                                              |
| `AUTH_SECRET`                   | A randomly generated secret key used for encrypting session tokens and cookies. Should be a long, random string for security. Generate using: `openssl rand -base64 32`<br />**Example:** `your-random-secret-key-min-32-chars`                   |
| `AUTH_URL`                      | The base URL of your application where OAuth callbacks will be sent. This must match the callback URLs configured in your OAuth providers.<br />**Example:** `https://your-domain.com`                                                            |
| `AUTH_XERO_CLIENT_SECRET`       | Secret key obtained from Xero Developer portal for OAuth 2.0 authentication. Required if integrating with Xero accounting software.<br />**Example:** `your-xero-client-secret`                                                                   |
| `BUCKET_KEY`                    | Used for programmatic access to encrypt objects path.<br />**Example:** `AKIAIOSFODNN7EXAMPLE`                                                                                                                                                    |
| `BUCKET_NAME`                   | The name of the S3-compatible bucket where application files, uploads, and assets will be stored.<br />**Example:** `hyko-production-storage`                                                                                                     |
| `POSTGRES_URL`                  | Full PostgreSQL connection string including credentials, host, port, and database name. Used by the application to connect to the database.<br />**Example:** `postgresql://hyko:password123@postgres-host.namespace.svc.cluster.local:5432/hyko` |
| `HYKO_NAMESPACE`                | The Kubernetes namespace where Hyko is deployed. Used by the application to interact with Kubernetes resources in the same namespace.<br />**Example:** `hyko-v2`                                                                                 |
| `HYKO_AUTH_GOOGLE_CLIENT_ID`    | OAuth 2.0 Client ID obtained from Google Cloud Console. Identifies your application to Google's authentication service.<br />**Example:** `123456789-abcdefg.apps.googleusercontent.com`                                                          |
| `HYKO_AUTH_MICROSOFT_CLIENT_ID` | Application (client) ID from Microsoft Entra ID app registration. Identifies your application to Microsoft's authentication service.<br />**Example:** `xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`                                                     |
| `HYKO_AUTH_XERO_CLIENT_ID`      | OAuth 2.0 Client ID from Xero Developer portal. Identifies your application when users authenticate with Xero.<br />**Example:** `your-xero-client-id`                                                                                            |
| `HYKO_CDN_BASE_URL`             | Base URL for a Content Delivery Network if you're using one to serve static assets. Improves performance by caching assets globally.<br />**Example:** `https://cdn.your-domain.com`                                                              |
| `HYKO_DOMAIN_NAME`              | The primary domain name for your application without protocol. Used for cookie domain settings and email generation.<br />**Example:** `your-domain.com`                                                                                          |
| `DEEPSEEK_API_KEY`              | API key for DeepSeek's AI models. Used to authenticate requests to DeepSeek's LLM API for text generation and analysis.<br />**Example:** `sk-xxxxxxxxxxxxx`                                                                                      |
| `GOOGLE_GENERATIVE_AI_API_KEY`  | API key for Google's Generative AI (Gemini). Used to access Google's AI models for text generation, chat, and embeddings.<br />**Example:** `AIzaSyxxxxxxxxxxxxx`                                                                                 |
| `OPENAI_API_KEY`                | API key for OpenAI services. Used to authenticate requests to OpenAI's API for GPT models, embeddings, and other AI services.<br />**Example:** `sk-proj-xxxxxxxxxxxxx`                                                                           |
| `OLLAMA_LLM_URL`                | Base URL for a self-hosted Ollama instance. Ollama allows running open-source LLMs locally without external API dependencies.<br />**Example:** `http://ollama-service.namespace.svc.cluster.local:11434/api`                                     |
| `OLLAMA_MODEL`                  | The specific model identifier to use with Ollama. Determines which LLM model will be loaded and used for inference.<br />**Example:** `llama2`                                                                                                    |
| `PUBLIC_STORAGE_BASE_URL`       | Publicly accessible URL for retrieving files from object storage. Used to generate download links and display uploaded content.<br />**Example:** `https://storage.your-domain.com`                                                               |
| `STORAGE_ADMIN_PASSWORD`        | Administrator password for MinIO or S3-compatible storage. Used for administrative operations and bucket management.<br />**Example:** `your-storage-admin-password`                                                                              |
| `STORAGE_ADMIN_USERNAME`        | Administrator username for MinIO or S3-compatible storage. Typically 'admin' or 'root' for full administrative access.<br />**Example:** `admin`                                                                                                  |
| `STORAGE_BASE_URL`              | Internal Kubernetes service URL for object storage. Used by backend services to upload and retrieve files within the cluster.<br />**Example:** `http://minio.hyko-v2.svc.cluster.local:9000`                                                     |
| `STORAGE_REGION`                | AWS region identifier for S3-compatible storage. Even for MinIO, this should be set to a valid AWS region format.<br />**Example:** `us-east-1`                                                                                                   |
