LLMGW container¶
This page lists the environment variables supported by the LLMGW container. Variables are grouped by area and include defaults and usage notes where applicable.
App¶
DEBUGWhether the app is in debug mode. Mainly affects logging and telemetry.- Default is
false.
- Default is
ENVIRONMENTDeployment environment.- Supported values:
dev,test,prd,local.
- Supported values:
SESSION_SECRET_KEYThe key used to protect FastAPI/Starlette session cookies. Should be at least 256 bits in production.ADMIN_API_KEYAdmin API key that can be used for access to the admin portal.ALLOWED_HOSTSA comma-separated list of hosts against which the incoming request'sHostheader will be checked.- Example:
["localhost", "my-test-domain.net"]
- Example:
CORS_ALLOWED_ORIGINSBrowser origins allowed by the CORS middleware. Required for browser-based clients such as the Anthropic Claude in Office Add-in. Backend-to-backend integrations do not need an entry. Default is empty (no browser frontend allowed).- Example:
["https://pivot.claude.ai"]
- Example:
ADMIN_PORTAL_BRAND_COLORBrand color (hex color code for primary brand color).ADMIN_PORTAL_BRAND_ICONBrand icon (base64-encoded PNG for favicon).ADMIN_PORTAL_BRAND_LOGOBrand logo (base64-encoded PNG for sidebar header).
Configuration sources¶
CONFIG_SOURCESA JSON list of configuration source definitions. Always in a format of*prefix*:*service-specific source identifier*. Allowed prefices aredir,aws_s3andazure_blob..
All sources must use the same backend, e.g.,s3:cannot be mixed withazureblob:. For Azure Blob Storage the format is<container>/<blob>; for AWS S3<bucket>/<file_path>; for local directory a filepath.
Examples:
Entities¶
ALLOW_ANONYMOUS_ENTITIESAllow requests without a defined entity (user/project).- Default:
true(helpful when spend limits are not enforced).
- Default:
Secrets and secret stores¶
-
SECRET_STORESecret provider backend used to resolve the secrets.- Supported values:
env,azure_kv,aws_secrets_manager.
- Supported values:
-
APPLICATION_KEY_VAULT_URLAzure Key Vault URL used whenSECRET_STORE=azure_kv.- Example:
https://llmgw-kv.vault.azure.net/
- Example:
-
ENV_SERVICE_CACHE_EXPIRATION_SECONDSCache expiration time (seconds) for local secrets.- Default:
600
- Default:
Storage backends¶
-
STORAGEStorage backend used to store/load the YAML config.- Supported values:
dir,azure_blob,aws_s3.
- Supported values:
-
AZURE_BLOB_STORAGE_ACCOUNT_URLAzure Blob Storage account URL (required whenSTORAGE=azure_blob).
Database¶
DB_CONNECTION_STRINGThe Postgres connection string in libpq (key=value) or URL style.
Interaction logs¶
These are only needed when interaction-log body storage uses the Azure Blob backend
(interaction_log.body.storage.type: azure_blob in the configuration file).
When set, all three are required: a missing or empty value fails on startup. They are read from env so the
YAML config and the masked config API stay free of infra and secrets.
-
INTERACTION_LOG_AZURE_ACCOUNT_URLAzure Blob Storage account URL used to store request/response bodies.- Example:
https://myaccount.blob.core.windows.net
- Example:
-
AZURE_SUBSCRIPTION_IDAzure subscription ID. Used to manage the blob lifecycle (retention) rule. -
AZURE_RESOURCE_GROUP_NAMEResource group that holds the storage account. Used to manage the blob lifecycle (retention) rule.
Required Azure permissions¶
The container's managed identity needs two role assignments on the storage account. They are split deliberately: writing log bodies is a data-plane operation scoped to one container, while managing the retention rule is a management-plane operation that Azure only exposes at the storage-account level.
-
Storage Blob Data Contributor— scoped to the container configured ininteraction_log.body.container. Data-plane access for uploading the request/response bodies. -
Storage Account Contributor— scoped to the whole storage account. Management-plane access so the app can create and update the blob lifecycle (retention) policy. Retention is enforced by an Azure blob lifecycle rule (namedinteraction-log-body-retention) that the app upserts at startup frominteraction_log.body.retention_days. The rule deletes blobs under theinteraction-logs/prefix after the configured number of days. Azure lifecycle/management policies are an account-level resource, which is why this role is granted at account scope rather than per container.
This is why AZURE_SUBSCRIPTION_ID and AZURE_RESOURCE_GROUP_NAME are required alongside
INTERACTION_LOG_AZURE_ACCOUNT_URL: the management-plane SDK call that maintains the retention rule needs
the subscription and resource group to address the storage account.
OTEL¶
-
OTEL_SDK_DISABLEDDisable OpenTelemetry configuration.- Default:
false(OTEL enabled)
- Default:
-
OTEL_TRACES_EXPORTEROTEL Traces exporter.- Supported values:
otlp,console, ornone. - Default:
otlp.
- Supported values:
-
OTEL_METRICS_EXPORTEROTEL Metrics exporter.- Supported values:
otlp,console, ornone. - Default:
otlp.
- Supported values:
-
OTEL_LOGS_EXPORTEROTEL Logs exporter.- Supported values:
otlpornone. - Default:
otlp.
- Supported values:
-
OTEL_EXPORTER_ENDPOINTOTLP exporter endpoint. Required if any ofOTEL_*_EXPORTERisotlp.- Example:
http://<SERVICE_HOST>:4318 - Azure Container Apps:
<SERVICE_HOST>is the ACA service name (e.g.,bss-llm-gateway-dev-otel).
- Example:
-
OTEL_PERIODIC_EXPORT_INTERVAL_MILLISOTEL periodic export interval (ms).- Default:
60000
- Default:
-
DEBUG_METRICSWhen main exporter isotlp, enable additional console exporters / debug messages.- Boolean flag:
1,true,True.
- Boolean flag:
Admin portal and SSO¶
SSO must be configured for admin portal access. Currently only Entra ID is supported. For other identity providers, please contact us.
-
ADMIN_AUTH_ENABLEDEnable admin authentication/SSO. Warning: Disabling this removes SSO protection and auth endpoints. -
ADMIN_SSO_CLIENT_IDOAuth client ID (e.g., Entra ID App ID). -
ADMIN_SSO_REDIRECT_CALLBACKURL the SSO flow redirects to after browser login. -
ADMIN_SSO_REDIRECT_SUCCESSURL the backend redirects to after successful SSO completion. -
ADMIN_SSO_AUTH_METHODOAuth client auth method:client_secret_basic(client secret) orprivate_key_jwt(client certificate). -
ADMIN_SSO_AUTH_CREDENTIALOAuth credential. Must be either an Entra ID client secret or a base64-encoded private key (forprivate_key_jwt). See How to generate Azure credentials -
ADMIN_SSO_PUBLIC_CERTBase64-encoded public certificate. Required whenADMIN_SSO_AUTH_METHOD=private_key_jwt. -
AZURE_SERVER_METADATA_URLAzure tenant OpenID Connect metadata URL. Example:https://login.microsoftonline.com/{tenant_id}/v2.0/.well-known/openid-configuration
Entra ID setup¶
To enable SSO via Entra ID, the following steps are required:
Note: When you create an App Registration, Azure automatically creates a corresponding Enterprise Application. Steps 1–4 are performed in the App Registration blade. Step 5 is performed in the Enterprise Application blade, which controls who can actually sign in and what role they receive.
- Create an App Registration in Azure Entra ID.
- In the App Registration, go to Authentication and add the redirect URI:
https://{app-url}/api/admin/login/oauth2/azure/callback. - In the App Registration, go to Certificates & secrets and generate a client secret or upload a certificate.
- In the App Registration, go to App roles and create the following roles:
Admin,ProjectManager,Auditor,SuperAdmin,User. - In the Enterprise Application, configure user access:
- Navigate to Azure Entra ID → Enterprise applications and find the application created in step 1.
- Under Properties, set Assignment required? to Yes to disable default access.
- Under Users and groups, click Add user/group and assign users or groups with the appropriate app role (
Admin,ProjectManager,Auditor,SuperAdmin, orUser).
- Set the environment variables listed above in your deployment.
For more information about RBAC and role permissions, see the Admin portal documentation.
Entra ID Graph API¶
LLMGW can be configured to use the Microsoft Graph API to fetch user and group information from Entra ID. This enables importing groups into the admin portal and looking up user details via the Entra user header.
To enable this functionality:
- Create an Entra ID App Registration.
- Create a client secret for the App Registration.
- Assign the following API permissions:
Group.Read.All,GroupMember.Read.All,User.Read.All- or alternatively
Directory.Read.All
Variables¶
-
GRAPH_API_ENABLEDWhether Graph API should be enabled for importing user/group info from Entra ID (required to support Entra identity). -
GRAPH_API_TENANT_IDApp Registration Tenant ID. -
GRAPH_API_CLIENT_IDApp Registration Client ID. -
GRAPH_API_CLIENT_SECRETApp Registration Client Secret. -
GRAPH_API_GROUP_MEMBERSHIPControls how user group memberships are resolved via Graph API. One of:transitive(default) — flattened group membership including nested groups.direct— only directly-assigned groups (prior behaviour).none— skip the group fetch entirely; users are treated as having no groups.
Note: this variable usually does not need changing. Change it from the default only after carefully evaluating the implications for user entitlements and group-based access.
-
GRAPH_API_GROUP_PAGE_SIZEPage size (Graph$topparameter) used when listing user groups. Defaults to999, the documented maximum for directory objects. Results are paginated via@odata.nextLinkuntil exhausted.
Agent overview¶
These configure the optional Agents Overview section of the admin portal, which proxies to the librechat-auditor service to display the LibreChat agents in a tenant.
Enabling the feature requires both of the following:
- The YAML config flag
agent_overview.enabled: true(defaultfalse) — the rollout switch for the section. - The transport environment variables below, pointing the gateway at the
librechat-auditorservice.
The transport variables are:
-
LIBRECHAT_AUDITOR_BASE_URLBase URL of thelibrechat-auditorservice the gateway proxies agent requests to.- Default: empty (feature disabled).
-
LIBRECHAT_AUDITOR_API_KEYShared API key the gateway attaches when calling the auditor service.- Default: empty (feature disabled).
-
LIBRECHAT_AUDITOR_HTTP_TIMEOUT_SECONDSRequest timeout (seconds) for calls to the auditor service.- Default:
30.
- Default:
If the base URL or API key is missing, the section stays disabled (the API returns 503) even when the flag is on.
Azure¶
These are only relevant when deploying on Azure.
-
AZURE_CLIENT_IDClient ID of the user-assigned managed identity used by the container. -
APPLICATIONINSIGHTS_CONNECTION_STRINGConnection string for Azure Application Insights.
Google¶
WIF Authentication¶
GOOGLE_VERTEXAI_PROJECT_ID- The ID of the project on behalf of which VertexAI requests are going to made. Used both for model call URL construction and Google WIF.GOOGLE_WIF_CONFIG- A json containing the Google WIF config.GOOGLE_EXTERNAL_ACCOUNT_ALLOW_EXECUTABLES- Must be set to1if the provided Google WIF Config uses an executable to obtain identity keys.GOOGLE_ENTRAID_RESOURCE_URI- The API URL of the EntraID App Registration used to impersonate the Google Service Account.
See Google WIF Authentication setup for details on setting up the WIF Authentication.
Logging¶
-
LOG_FILEOptional path to a log file. If empty or not set, logs go to stdout only. -
STD_JSON_LOGOutput logs as JSON to stdout.- Default:
false.
- Default:
-
FILE_JSON_LOGOutput logs as JSON toLOG_FILE(requiresLOG_FILEto be set).- Default:
false.
- Default:
-
LOG_RESOURCE_USAGEPeriodically log CPU and memory usage.- Default:
false.
- Default:
-
LOG_REQUEST_RESPONSE_BODYLog request and response bodies for successful proxy responses. Caution: useful for debugging, but not recommended in production due to potential sensitive data exposure. Regardless of this setting, response bodies are always logged for non-success responses (atWARNING) to aid incident investigation. Request/response headers and query parameters are only logged when the logger level isDEBUG.- Default:
false. - Formerly named
LOG_USER_DATA; the old name is still accepted as an alias but is deprecated and should be removed from deployment configuration. On the Terraform side the variable was renamedllmgw_log_user_data→llmgw_log_request_response_bodywith no alias, so deployment pipelines must be updated.
- Default:
Alerting¶
-
ALERTMANAGER_URLBase URL of the Prometheus Alertmanager/api/v2/alertsendpoint that the gateway posts spend-limit alerts to. When unset or empty, alerting is disabled: no alerts are posted and the admin portal Alerts view returns empty lists. In production this is set by Terraform whenenable_alertmanager = true; in local development use the docker-compose Alertmanager service.- Example:
http://my-alertmgr/api/v2/alerts - Default: unset (alerting off).
- Example:
-
ADMIN_PORTAL_URLPublic URL of the admin portal frontend. Used as thegeneratorURLfield on posted Alertmanager alerts so the Alertmanager UI can link back to the portal.- Default:
http://localhost:5173.
- Default:
-
SPEND_ALERT_RULES_CACHE_TTL_SECONDSHow long (in seconds) the gateway caches the alert rules fetched from the database before re-querying. Increasing this reduces database load at the cost of slower propagation of rule changes.- Default:
60.
- Default:
-
SPEND_ALERT_ENTITY_CACHE_TTL_SECONDSHow long (in seconds) contact-email lookups for recipient token resolution are cached. Stale values are acceptable because contact information changes rarely.- Default:
300.
- Default:
Generate private key and public certificate for SSO cert-based flow¶
This can be done in multiple ways. A bash instruction is shown below.
Requires openssl and base64 utils.
-
Generate a private key:
-
Generate a public certificate using that key:
-
Turn both to b64:
-
Upload the public cert file to EntraID
- Make b64 secret available via
ADMIN_SSO_AUTH_CREDENTIALvar. - Make b64 certificate available via
ADMIN_SSO_PUBLIC_CERTvar.
Google WIF Authentication setup¶
In order to call VertexAI LLMGW has to obtain access to the platform. This can be done in various ways, but Google's Workload Identity Federation with Service Account Impersonation is the most secure as per Google's docs. More information can be found in the Workload Identity Federation (WIF) documentation.
WIF With Azure Container Apps¶
Related documentation: Workload Identity Federation with other clouds
Since the documentation is written for Azure VMs, the setup for Container APPs will be a little different:
- Setup GCP Project and Service Account as per docs.
- Create a Microsoft EntraID App Registration.
- Expose an API for App Registration. You should get an ID that looks like
api://12a45b78-1c11-aa2a-b3b-123456789102. Set it asGOOGLE_ENTRAID_RESOURCE_URIenv var. - Configure WIF following the Google docs mentioned before.
- Authenticate the App Registration by following the Service Account Impersonation section in the docs.
- Create a json to place in the
GOOGLE_WIF_CONFIGenv var by executing this shell command (requiresgcloudutility):
gcloud iam workload-identity-pools create-cred-config \
projects/*PROJECT NUMBER*/locations/global/workloadIdentityPools/*POOL ID*/providers/*PROVIDER ID* \
--service-account=*SERVICE ACCOUNT EMAIL OR NUMBER* \
--service-account-token-lifetime-seconds=3600 \
--output-file=*OUTPUT PATH TO JSON* \
--executable-command="python /app/get_azure_entra_token_google_impersonation.py" \ # do not change this
--executable-timeout-millis=15000
Note that the container app has to have a proper Managed Identity in order to authenticate against the created App
Registration.
If User-Assigned Identity is used, its ID passed in AZURE_CLIENT_ID var is going to be used for EntraID token
negotiation.