.env file, a Docker run command, a Compose file, or your deployment platform’s secrets manager. The sections below cover the most important variables grouped by concern.
API Keys
Two separate credentials control access to the Core HTTP API:The bearer token that all clients must send in the
Authorization: Bearer <key> header to access memory, search, and ingest endpoints. Defaults to local-dev-key for local Docker runs — replace this with a strong random secret for any internet-accessible deployment.Authorization header:
Embedding Providers
SetEMBEDDING_PROVIDER to choose the backend that generates vector embeddings for every memory stored and every search query. The default is openai.
transformers — local WASM, no API key required
transformers — local WASM, no API key required
Runs embedding inference entirely inside the container using Best for: air-gapped environments, local development without API spend, and privacy-sensitive workloads. Expect higher latency on the first request while the model warms up compared with hosted APIs.
@huggingface/transformers (WASM/ONNX). No external API call is made, so this option works fully offline and does not require any API key.openai — OpenAI Embeddings API (default)
openai — OpenAI Embeddings API (default)
Uses the OpenAI Embeddings API with Best for: production workloads where retrieval quality is the priority.
text-embedding-3-small at 1536 dimensions by default. Requires a valid OPENAI_API_KEY.openai-compatible — any OpenAI-compatible endpoint
openai-compatible — any OpenAI-compatible endpoint
Points to any API that implements the OpenAI embeddings interface. Recommended for self-hosters who run a local inference server (LM Studio, vLLM, LocalAI, etc.).
ollama — local Ollama instance
ollama — local Ollama instance
Connects to a running Ollama server. The model must already be pulled in Ollama before starting Core.
voyage — Voyage AI embeddings
voyage — Voyage AI embeddings
Uses Voyage AI embedding models, which are designed for high retrieval quality. Requires a
VOYAGE_API_KEY.LLM Providers
The LLM provider is used during full ingest (POST /v1/memories/ingest) to extract structured claims from conversation messages and apply AUDN-SC mutation decisions (Add, Update, Delete, No-op, Supersede, Clarify). Quick ingest (POST /v1/memories/ingest/quick) uses embedding deduplication only and does not call the LLM provider.
Set LLM_PROVIDER to one of the following values:
| Provider | LLM_PROVIDER value | Required variable |
|---|---|---|
| OpenAI | openai | OPENAI_API_KEY |
| Anthropic | anthropic | ANTHROPIC_API_KEY |
| Ollama (local) | ollama | OLLAMA_BASE_URL |
| Groq | groq | GROQ_API_KEY |
| Google Gemini | google-genai | GOOGLE_GENAI_API_KEY |
| OpenAI-compatible | openai-compatible | OPENAI_COMPATIBLE_BASE_URL |
| Claude Code (local dev) | claude-code | Logged-in claude session |
| Codex (local dev) | codex | Logged-in codex session |
claude-code and codex use your locally authenticated account session rather than a standalone API key. They are intended for personal development only — not for hosted or team deployments — because they consume account limits and are not designed for multi-user concurrency.Port
The port the Core HTTP server listens on inside the container. Map this to your host in the Docker run command with
-p <host-port>:$PORT.Storage and Database
Postgres connection string. When unset or set to
embedded, the container starts its bundled local Postgres instance and persists data to /var/lib/atomicmemory/postgres (which you should mount as a volume). For production, point this at a managed Postgres instance with the pgvector extension enabled.HMAC secret used to sign storage artifact keys. Required in production. Generate one with
openssl rand -hex 32.Set to
production to enable production-grade storage policies. The local value relaxes certain constraints that are appropriate for development but not for multi-user deployments.