ENVIRONMENT_VARIABLES.md

🔧 Environment Variables

NoteDiscovery supports environment variables to override configuration settings, allowing different behavior in different deployment environments (local, staging, production).

📋 Available Environment Variables

Core Settings

Variable	Type	Default	Description
PORT	integer	8000	HTTP port for the application (Docker, run.py)

Note: Advanced server settings (CORS origins, debug mode) are configured via config.yaml only, not via environment variables. See config.yaml for details.

Authentication

Variable	Type	Default	Description
AUTHENTICATION_ENABLED	boolean	config.yaml	Enable/disable authentication
AUTHENTICATION_PASSWORD	string	admin	Password (hashed automatically at startup)
AUTHENTICATION_SECRET_KEY	string	config.yaml	Session secret key (for session security)
AUTHENTICATION_API_KEY	string	-	API key for external integrations (MCP, scripts)

Example: Setting password via environment variable

# Docker
docker run -e AUTHENTICATION_ENABLED=true -e AUTHENTICATION_PASSWORD=mysecretpassword ...

# Docker Compose (in .env file or docker-compose.yml)
AUTHENTICATION_PASSWORD=mysecretpassword

Demo Mode

Variable	Type	Default	Description
DEMO_MODE	boolean	false	Enable demo mode (enables rate limiting and other demo restrictions)

Support

Variable	Type	Default	Description
ALREADY_DONATED	boolean	false	Hides the support buttons in the Settings pane

⚠️ Disclaimer: No verification exists. But legend says that setting this to true without donating causes your next git push to fail silently. Just once. When it matters most.

Haven't donated yet? ☕ Buy me a coffee - it takes 30 seconds and makes my day!

Upload Limits

Variable	Type	Default	Description
UPLOAD_MAX_IMAGE_MB	integer	10	Maximum image upload size in MB
UPLOAD_MAX_AUDIO_MB	integer	50	Maximum audio upload size in MB
UPLOAD_MAX_VIDEO_MB	integer	100	Maximum video upload size in MB
UPLOAD_MAX_PDF_MB	integer	20	Maximum PDF upload size in MB

Example: Allowing larger video uploads

# Docker
docker run -e UPLOAD_MAX_VIDEO_MB=500 ...

# Docker Compose
environment:
  - UPLOAD_MAX_VIDEO_MB=500

🎯 Configuration Priority

Configuration is loaded in this order (later overrides earlier):

1. config.yaml - Default configuration file
2. Environment Variables - Runtime overrides
3. Command Line - Highest priority (if applicable)

🔧 Advanced Server Configuration

The following settings are available in config.yaml only (not via environment variables):

CORS (Cross-Origin Resource Sharing)

server:
  # List of allowed origins for CORS
  # Default: ["*"] allows all origins (fine for self-hosted)
  # Production: specify your domains
  allowed_origins: ["*"]
  
  # Examples for production:
  # allowed_origins: ["http://localhost:8000", "https://yourdomain.com"]
  # allowed_origins: ["https://*.yourdomain.com"]  # Wildcard subdomain

Security Note:

• ["*"] is safe for self-hosted deployments on private networks
• For public deployments, specify exact origins to prevent unauthorized API access
• This prevents CSRF attacks when authentication is enabled

Debug Mode

server:
  # Enable detailed error messages in API responses
  # Default: false (production-safe)
  # Set to true for development/troubleshooting
  debug: false

⚠️ CRITICAL: Never enable debug: true in production!

When debug: true:

• Full error stack traces are returned to users
• Internal paths and system details are exposed
• Security vulnerabilities may be revealed

When debug: false (recommended):

• Generic error messages are returned
• Full error details are logged server-side only
• Production-safe error handling

---

📚 Related Documentation

• Authentication: AUTHENTICATION.md
• API Rate Limiting: API.md

---

Pro Tip: Use environment variables for deployment-specific settings, and config.yaml for application defaults. This keeps your configuration flexible and maintainable! 🎯