Skip to main content

Environment Variables Reference

Configure Conductor with environment variables.

Provider API Keys

OpenAI

OPENAI_API_KEY=sk-...
OPENAI_ORG_ID=org-...              # Optional

Anthropic

ANTHROPIC_API_KEY=sk-ant-...

Groq

GROQ_API_KEY=gsk_...

Cloudflare

Account

CLOUDFLARE_ACCOUNT_ID=abc123...
CLOUDFLARE_API_TOKEN=...

Workers AI

CF_AI_BINDING=AI                   # Binding name (default: AI)

Database

D1

D1_BINDING=DB                      # Binding name (default: DB)
D1_DATABASE_ID=...                 # Database ID

KV

KV_BINDING=CACHE                   # Binding name (default: CACHE)
KV_NAMESPACE_ID=...                # Namespace ID

R2

R2_BINDING=STORAGE                 # Binding name (default: STORAGE)
R2_BUCKET_NAME=...                 # Bucket name

Vectorize

VECTORIZE_BINDING=VECTORIZE        # Binding name (default: VECTORIZE)
VECTORIZE_INDEX_NAME=...           # Index name

Email

SendGrid

SENDGRID_API_KEY=SG...
SENDGRID_FROM_EMAIL=noreply@example.com

AWS SES

AWS_SES_REGION=us-east-1
AWS_SES_ACCESS_KEY_ID=...
AWS_SES_SECRET_ACCESS_KEY=...
AWS_SES_FROM_EMAIL=noreply@example.com

SMS

Twilio

TWILIO_ACCOUNT_SID=AC...
TWILIO_AUTH_TOKEN=...
TWILIO_FROM_NUMBER=+1234567890

AWS SNS

AWS_SNS_REGION=us-east-1
AWS_SNS_ACCESS_KEY_ID=...
AWS_SNS_SECRET_ACCESS_KEY=...

Conductor Config

Runtime

CONDUCTOR_ENV=production           # Environment name
CONDUCTOR_LOG_LEVEL=info           # Log level (debug, info, warn, error)
CONDUCTOR_TIMEOUT=30000            # Default timeout (ms)

Caching

CACHE_ENABLED=true                 # Enable caching (default: true)
CACHE_DEFAULT_TTL=3600             # Default TTL (seconds)

Retries

RETRY_MAX_ATTEMPTS=3               # Max retry attempts
RETRY_BACKOFF=exponential          # Backoff strategy

Development

Local Dev

DEV_PORT=3000                      # Dev server port
DEV_HOST=localhost                 # Dev server host

Testing

NODE_ENV=test                      # Test environment
TEST_TIMEOUT=10000                 # Test timeout (ms)

Security

Secrets

# Use Wrangler for production secrets
wrangler secret put OPENAI_API_KEY
wrangler secret put DATABASE_PASSWORD

HITL

HITL_APPROVAL_URL=https://...      # Approval UI URL
HITL_WEBHOOK_SECRET=...            # Webhook signature secret

Observability

Logging

LOG_LEVEL=info                     # Log level
LOG_FORMAT=json                    # Log format (json, pretty)

Metrics

METRICS_ENABLED=true               # Enable metrics
METRICS_ENDPOINT=https://...       # Metrics endpoint

Custom Environment Variables

Access in YAML: 
config:
  apiKey: ${env.MY_CUSTOM_API_KEY}
  endpoint: ${env.MY_CUSTOM_ENDPOINT}
Access in JavaScript: 
const apiKey = process.env.MY_CUSTOM_API_KEY;

Environment Files

.env (Local Development)

# .env
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
DATABASE_URL=...

.env.production

# .env.production
# Production-specific overrides
LOG_LEVEL=error
CACHE_DEFAULT_TTL=7200

.env.test

# .env.test
# Test-specific config
NODE_ENV=test
LOG_LEVEL=debug

Priority Order

  1. Cloudflare Secrets (production)
  2. .env.local (local, gitignored)
  3. .env.${NODE_ENV} (environment-specific)
  4. .env (defaults)

Best Practices

1. Never Commit Secrets 
# .gitignore
.env
.env.local
.env.*.local
2. Use Wrangler Secrets in Production 
wrangler secret put OPENAI_API_KEY
3. Document Required Variables 
# .env.example
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
DATABASE_URL=...
4. Validate at Startup 
if (!process.env.OPENAI_API_KEY) {
  throw new Error('OPENAI_API_KEY required');
}
5. Use Type-Safe Access 
const env = z.object({
  OPENAI_API_KEY: z.string(),
  DATABASE_URL: z.string().url(),
}).parse(process.env);

Next Steps

CLI Commands

Command reference

YAML Schema

YAML reference

Deployment

Deploy guide

Cloudflare Config

Cloudflare setup