Atlas

Environment Variables

Complete reference for all Atlas environment variables with defaults and examples.

All Atlas configuration is via environment variables. Most have safe defaults — a minimal deployment needs only an LLM provider key and a datasource URL.

LLM Provider

VariableDefaultDescription
ATLAS_PROVIDERanthropic (gateway on Vercel)LLM provider: anthropic, openai, bedrock, ollama, gateway
ATLAS_MODELProvider defaultModel ID override (e.g. claude-sonnet-4-6, gpt-4o)
OLLAMA_BASE_URLhttp://localhost:11434/v1Ollama server URL. Only used when ATLAS_PROVIDER=ollama

Each provider requires its own API key:

ProviderAPI Key Variable
anthropicANTHROPIC_API_KEY
openaiOPENAI_API_KEY
bedrockAWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY + AWS_REGION
ollamaNone (local)
gatewayAI_GATEWAY_API_KEY

Default models per provider:

ProviderDefault Model
anthropicclaude-opus-4-6
openaigpt-4o
bedrockanthropic.claude-opus-4-6-v1:0
ollamallama3.1
gatewayanthropic/claude-opus-4.6

Database

VariableDefaultDescription
ATLAS_DATASOURCE_URLAnalytics datasource connection string (PostgreSQL or MySQL). Optional when datasources are defined in atlas.config.ts
DATABASE_URLAtlas internal Postgres (auth, audit, conversations). Optional — Atlas works without it
ATLAS_DEMO_DATASet true to use the internal DB as both analytics datasource and internal DB

Demo data fallback chain: When ATLAS_DEMO_DATA=true and ATLAS_DATASOURCE_URL is not set, Atlas resolves the analytics datasource by checking DATABASE_URL_UNPOOLED first, then DATABASE_URL. This lets a single Postgres instance (e.g. Neon on Vercel) serve as both the analytics datasource and Atlas's internal database.

Query Safety

VariableDefaultDescription
ATLAS_ROW_LIMIT1000Max rows returned per query
ATLAS_QUERY_TIMEOUT30000Query timeout in milliseconds
ATLAS_TABLE_WHITELISTtrueOnly allow queries against tables defined in the semantic layer
ATLAS_SCHEMApublicPostgreSQL schema name. Used by the CLI for profiling (init, diff) and by the API at runtime to set the connection search_path

See SQL Validation Pipeline for how these are enforced.

Authentication

VariableDefaultDescription
ATLAS_AUTH_MODEAuto-detectedExplicit auth mode: none, api-key, managed, byot

When ATLAS_AUTH_MODE is not set, Atlas auto-detects based on which variables are present (checked in this order):

  1. ATLAS_AUTH_JWKS_URL set → BYOT
  2. BETTER_AUTH_SECRET set → Managed
  3. ATLAS_API_KEY set → Simple Key
  4. None of the above → No auth

See Authentication for full setup guides.

Simple Key

VariableDefaultDescription
ATLAS_API_KEYShared secret. Clients send Authorization: Bearer <key> or X-API-Key: <key>
ATLAS_API_KEY_ROLEanalystRole for API key users: viewer, analyst, admin

Managed (Better Auth)

VariableDefaultDescription
BETTER_AUTH_SECRETSession signing secret. Min 32 chars, cryptographically random. Requires DATABASE_URL
BETTER_AUTH_URLAuto-detectedBase URL for auth endpoints. Auto-detected on Vercel; set explicitly for Railway/Docker
BETTER_AUTH_TRUSTED_ORIGINSComma-separated CSRF-allowed origins
ATLAS_ADMIN_EMAILUser matching this email gets admin role on signup. If unset, first signup gets admin

BYOT (Bring Your Own Token)

VariableDefaultDescription
ATLAS_AUTH_JWKS_URLJWKS endpoint URL for JWT signature verification
ATLAS_AUTH_ISSUERExpected JWT iss claim (required)
ATLAS_AUTH_AUDIENCEExpected JWT aud claim (optional)
ATLAS_AUTH_ROLE_CLAIMrole then atlas_roleDot-delimited JWT claim path for role extraction (e.g. app_metadata.role). Default is a fallback chain: Atlas checks the role claim first, then falls back to atlas_role if role is not present

Rate Limiting

VariableDefaultDescription
ATLAS_RATE_LIMIT_RPM0 (disabled)Max requests per minute per user. 0 or unset = unlimited
ATLAS_TRUST_PROXYfalseTrust X-Forwarded-For / X-Real-IP headers. Set true behind a reverse proxy

Row-Level Security

VariableDefaultDescription
ATLAS_RLS_ENABLEDSet true to enable RLS filtering on queries
ATLAS_RLS_COLUMNColumn name used for filtering (e.g. tenant_id)
ATLAS_RLS_CLAIMJWT/session claim path for RLS value extraction (e.g. org_id)
ATLAS_RLS_CLAIMSStatic JSON claims for RLS with simple-key auth

ATLAS_RLS_CLAIMS is a JSON string that provides static claims for row-level security filtering. This variable is only used with simple-key (ATLAS_API_KEY) auth mode, where there is no JWT or session to extract claims from. For managed and BYOT auth, RLS claims are extracted from the user's JWT/session automatically.

ATLAS_RLS_CLAIMS='{"tenant_id": "acme-corp"}'

Networking & CORS

VariableDefaultDescription
ATLAS_PUBLIC_URLPublic base URL for constructing action approval URLs. When not set, derived from request headers. Set explicitly in production for reliable approve/deny links in /api/v1/query responses
ATLAS_CORS_ORIGIN*CORS allowed origin. Must set explicitly for cross-origin + managed auth (cookie-based)
NEXT_PUBLIC_ATLAS_API_URLNext.js frontend: cross-origin API URL. When unset, same-origin via Next.js rewrites
ATLAS_API_URLhttp://localhost:3001Rewrite target for same-origin mode (only used when NEXT_PUBLIC_ATLAS_API_URL is unset)

Sandbox & Isolation

VariableDefaultDescription
ATLAS_RUNTIMERuntime hint: vercel enables Vercel-specific sandbox and optimizations
ATLAS_SANDBOXSet nsjail to enforce nsjail isolation (hard fail if unavailable)
ATLAS_SANDBOX_URLSidecar service URL for explore isolation (e.g. http://sandbox-sidecar:8080)
SIDECAR_AUTH_TOKENShared secret for sidecar auth (set on both API and sidecar)
ATLAS_NSJAIL_PATHAuto-detectedExplicit path to nsjail binary
ATLAS_NSJAIL_TIME_LIMIT10nsjail per-command time limit in seconds
ATLAS_NSJAIL_MEMORY_LIMIT256nsjail per-command memory limit in MB

See Sandbox Architecture for the full selection priority.

Actions

VariableDefaultDescription
ATLAS_ACTIONS_ENABLEDSet true to enable the action framework (approval-gated write operations)
ATLAS_ACTION_APPROVALmanualDefault approval mode for actions: auto, manual, or admin-only
ATLAS_ACTION_TIMEOUT30000Per-action execution timeout in milliseconds
ATLAS_ACTION_MAX_PER_CONVERSATION10Maximum number of actions allowed per conversation
ATLAS_EMAIL_ALLOWED_DOMAINSComma-separated list of allowed email recipient domains for the email action plugin. When unset, all domains are allowed

These env vars can also be set via atlas.config.ts under actions.defaults. See the declarative config guide for details.

Scheduler

VariableDefaultDescription
ATLAS_SCHEDULER_ENABLEDSet true to enable scheduled task execution
ATLAS_SCHEDULER_BACKENDbunExecution backend: bun, webhook, or vercel
ATLAS_SCHEDULER_SECRETShared secret for the /tick endpoint (non-Vercel). On Vercel, use CRON_SECRET instead
CRON_SECRETVercel-native alternative to ATLAS_SCHEDULER_SECRET. When set, the /tick endpoint requires Authorization: Bearer <secret>. Takes precedence over ATLAS_SCHEDULER_SECRET
ATLAS_SCHEDULER_MAX_CONCURRENT5Max concurrent task executions per tick
ATLAS_SCHEDULER_TIMEOUT60000Per-task timeout in milliseconds
ATLAS_SCHEDULER_TICK_INTERVAL60Tick interval in seconds

Scheduler backend options:

  • bun — In-process tick loop. Simplest for single-instance deployments.
  • webhook — External cron service hits POST /:id/run. Use when you need external scheduling.
  • vercel — Vercel Cron hits POST /tick. Use on Vercel deployments.

Email Delivery

VariableDefaultDescription
RESEND_API_KEYResend API key for email delivery in scheduled tasks
ATLAS_EMAIL_FROMAtlas <noreply@useatlas.dev>From address for scheduled task emails

Slack Integration

VariableDefaultDescription
SLACK_SIGNING_SECRETEnables Slack integration. Used to verify request signatures
SLACK_BOT_TOKENSingle-workspace mode (skip OAuth)
SLACK_CLIENT_IDMulti-workspace OAuth app client ID
SLACK_CLIENT_SECRETMulti-workspace OAuth app client secret

Python Tool

VariableDefaultDescription
ATLAS_PYTHON_ENABLEDSet true to enable the executePython agent tool. Requires ATLAS_SANDBOX_URL to be set (Python runs in the sandbox sidecar for isolation)
ATLAS_PYTHON_TIMEOUT30000Python execution timeout in milliseconds

Runtime

VariableDefaultDescription
PORT3001HTTP port for the standalone Hono API server. Most platforms (Railway, Render, Fly) set this automatically

Logging & Observability

VariableDefaultDescription
ATLAS_LOG_LEVELinfoPino log level: trace, debug, info, warn, error, fatal
OTEL_EXPORTER_OTLP_ENDPOINTOpenTelemetry collector endpoint. When set, Atlas emits trace spans for agent steps via @opentelemetry/api

SQL Validation Pipeline

How Atlas enforces read-only SQL execution through a multi-layer defense-in-depth pipeline.

CLI Reference

Complete reference for the Atlas CLI — init, diff, query, doctor, validate, mcp, and more.

On this page

LLM ProviderDatabaseQuery SafetyAuthenticationSimple KeyManaged (Better Auth)BYOT (Bring Your Own Token)Rate LimitingRow-Level SecurityNetworking & CORSSandbox & IsolationActionsSchedulerEmail DeliverySlack IntegrationPython ToolRuntimeLogging & Observability