Backend Configuration
Complete reference for all environment variables consumed by the Go backend. The authoritative source is internal/app/env-setup.go (API server) and internal/app/env-setup-worker.go (eventsync worker).
Phase 0 note: per-variable descriptions, valid values, and environment-specific requirements to be filled in during baseline generation.
Environment groups
| Group | Env struct | Purpose |
|---|---|---|
| Core | — | Runtime environment label (local, dev, prod) |
| Cookie | CookieEnv | Session cookie signing and encryption keys, domain, Gin mode |
| Website | WebsiteEnv | Frontend base URL (used for redirect URIs) |
| LiveKit | LiveKitEnv | LiveKit Cloud API key/secret, server URL, project and region |
| WorkOS | WorkOSEnv | AuthKit API key, client ID, SSO/OAuth redirect URIs, webhook secret |
| WebSocket | WebSocketEnv | Office-router Worker base URL, JWT issuer/audience/private key |
| R2 Files | R2Env | Cloudflare R2 credentials and bucket for recording temp storage |
| R2 Avatars | R2AvatarEnv | Separate R2 bucket and public URL for user/org avatar storage |
| Cloudflare | CloudflareEnv | Cloudflare Worker URL (office-router) |
GoogleEnv | Google OAuth credentials (Calendar integration) | |
| Avatar | AvatarEnv | Avatar processing config |
| Org Logo | OrgLogoEnv | Org logo processing config |
| Recording | RecordingEnv | Recording pipeline config |
| Grafana | GrafanaEnv | Grafana Mimir push endpoint and credentials |
| Supabase | SupabaseEnv | JWT secret (used to validate Supabase-issued tokens) |
| Webhook | WebhookEnv | Inbound webhook signing secret (WorkOS events) |
Worker-specific overrides
The eventsync worker binary reads the same env file as the API server but supports one override:
WORKER_POSTGRES_URL— if set, replacesPOSTGRES_URLfor the worker process. Used to point the worker at a dedicated database while the API server continues using the main one.
Notes
- All secrets (keys, signing secrets, credentials) are managed as org-level GitHub Actions secrets and injected at deploy time by Sevalla. No secrets are committed to the repository.
- Local development uses a
.envfile loaded bygodotenv. The file is gitignored; obtain values from the shared secrets store. - The
GIN_MODEvariable controls Gin's behaviour:debuglocally,releasein production. Settingdebugin production degrades performance and enables verbose output.