Environment variables

Reference for Molar Platform environment variables — CLI, Molar API, dashboard, LLM gateway, and agent comms.

Environment variables

Reference for operators self-hosting or integrating with Molar Cloud APIs.

Secrets: Never commit .env files. Use your secret manager in production.

CLI & local config

Prefer ~/.config/molar/config.toml where noted. Env vars override file config.

VariableRequiredDescription
MOLAR_API_URLFor cloudAPI base (default cloud: https://api.molar.it)
MOLAR_TOKENFor cloudPersonal or service access token
MOLAR_TELEMETRYNo1 to enable anonymized CLI telemetry (default off)
XDG_CONFIG_HOMENoConfig directory (default ~/.config)

Molar API

App: @molar/control-plane — default port 3100

VariableRequiredDescription
DATABASE_URLYesPostgres connection string
REDIS_URLYesRedis for sessions, streams, OAuth cache
BETTER_AUTH_SECRETYesSession encryption secret
BETTER_AUTH_URLYesPublic URL for auth callbacks
OAUTH_ISSUER_URLProdAS issuer (e.g. https://api.molar.it)
MCP_RESOURCE_URLProdMCP resource id (https://mcp.molar.cloud)
SEAWEEDFS_MASTEROn-premBlob store master URL
GUARD_API_URLNoGuard worker API (default internal)
CARTOGRAPHER_API_URLNoCartographer API for crawl triggers
AGENT_SIGNUP_ENABLEDProd1/true to expose /api/v1/agent-signup/* (off in production when unset)
RESEND_API_KEYProdVerification email for agent signup
MOLAR_EMAIL_FROMProdfrom address for agent signup email
MCP_RESOURCE_URLProdMCP base URL for install links (https://mcp.molar.cloud)

Billing profile (optional)

VariableDescription
LAGO_API_URLLago API (local dev: http://localhost:3000)
LAGO_API_KEYLago organization API key
RAZORPAY_KEY_IDRazorpay key
RAZORPAY_KEY_SECRETRazorpay secret
STRIPE_SECRET_KEYStripe secret (US/EU)
STRIPE_WEBHOOK_SECRETStripe webhook verification

Lago docker profile also needs LAGO_SECRET_KEY_BASE and LAGO_RSA_PRIVATE_KEY — see control-plane/docker-compose.yml.

All-in-one dashboard

App: @molar/dashboard — default port 3200

VariableRequiredDefaultDescription
DATABASE_URLYesShared Postgres (auth + org tables)
BETTER_AUTH_SECRETYesSession encryption
BETTER_AUTH_URLYesPublic dashboard URL
PLUMBING_CONTROL_PLANE_URLCombined modeMolar API proxy target (http://127.0.0.1:3100)
CARTOGRAPHER_API_URLNo:8000Trace ingest / Cartographer proxy
GUARD_API_URLNo:4000Guard health probe
CLONES_CONTROL_URLNo:8600Clones control API
PLUMBING_LLM_GATEWAY_URLNo:8787LLM metrics probe
WORKOS_API_KEYSSOWorkOS SSO/SCIM (optional)
WORKOS_CLIENT_IDSSOWorkOS OAuth client

Standalone mode: unset PLUMBING_CONTROL_PLANE_URL — local routes only.

LLM gateway

App: @molar/llm-gateway — port 8787

VariableRequiredDescription
MOLAR_LLM_SERVICE_KEYYesService auth for workers
LITELLM_PROXY_URLNoUpstream LiteLLM (Cartographer compose: :4000)
Provider keysManagedPlatform vendor keys in compose / secret store — not org-visible

Workers (Cartographer, etc.):

VariableDescription
MOLAR_LLM_BASE_URLGateway URL (e.g. http://localhost:8787)
BFF_JWT_SECRETdashboard API JWT signing (min 32 chars)

Agent comms

Package: @molar/agent-comms-core — port 8790

VariableRequiredDefaultDescription
MOLAR_AGENT_COMMS_API_KEYYesAgent comms API key
MOLAR_AGENT_COMMS_SIGNING_KEYYes*Webhook HMAC secret (*required when signature verification on)
MOLAR_AGENT_COMMS_TUNNEL_NAMEYesmolar-agentTunnel subdomain
MOLAR_AGENT_COMMS_TUNNEL_ZONENomolar.itTunnel parent domain
MOLAR_AGENT_COMMS_API_BASENohttps://api.molar.itAgent comms API base
LISTEN_PORTNo8790HTTP port
MOLAR_AGENT_COMMS_REQUIRE_SIGNATURENotrueVerify webhook signatures
OPENAI_API_KEYOTP/voiceLLM OTP extraction / voice demo
MOLAR_OTP_POLL_SECRETProdBearer secret for /otp/poll
USE_OPENAI_REALTIMENofalsePhone WS → OpenAI Realtime bridge

MCP server (local stdio)

VariableDescription
MOLAR_API_URLCloud API for --cloud-access tools
MOLAR_TOKENPAT for cloud tools

Credentials may also live in ~/.config/molar/config.toml; refresh tokens use OS keyring when molar login is available.

Guard / run ingest

VariableDescription
MOLAR_INTERNAL_TOKENShared secret for run ingest webhooks
x-internal-token headerSent by Guard worker to dashboard ingest route

Cartographer stack (when paired)

See Cartographer docs for full list. Minimum for LLM routing:

export MOLAR_LLM_BASE_URL=http://localhost:8787
export MOLAR_LLM_SERVICE_KEY=dev-molar-llm-service-key
export BFF_JWT_SECRET=dev-bff-jwt-secret-min-32-characters-long