Environment Variables

Configure environment variables for self-hosting AgentSudo

This guide covers all environment variables needed to self-host AgentSudo.

Required Variables

Supabase Configuration

# Supabase project URL
NEXT_PUBLIC_SUPABASE_URL=

# Supabase anonymous key (safe for client-side)
NEXT_PUBLIC_SUPABASE_ANON_KEY=

Where to get these values:

  • Local Development (Docker): Run npx supabase start and copy the values from the output
  • Supabase Cloud: Go to Project Settings → API

Service Role Key (Server-side only)

# Service role key - KEEP SECRET, never expose to client
SUPABASE_SERVICE_KEY=
⚠️

The service role key bypasses Row Level Security. Never expose it in client-side code or commit it to version control.

Optional Variables

JWT Secret (Local Development)

# Required for local Supabase instance
JWT_SECRET=your-super-secret-jwt-token-min-32-chars

Generate a secure secret:

openssl rand -base64 32

Cloud Telemetry

Connect your self-hosted instance to AgentSudo Cloud for analytics:

# Enable cloud telemetry
AGENTSUDO_CLOUD_ENABLED=true

# Your API key from dashboard.agentsudo.dev
AGENTSUDO_CLOUD_API_KEY=as_xxx

AI Playground

Enable the AI Playground feature:

# OpenAI API key for playground
OPENAI_API_KEY=sk-xxx

Analytics (Optional)

# PostHog analytics
NEXT_PUBLIC_POSTHOG_KEY=phc_xxx
NEXT_PUBLIC_POSTHOG_HOST=https://app.posthog.com

Example Configuration

Local Development with Docker

Create a .env file in your project root:

# Local Supabase (Docker)
NEXT_PUBLIC_SUPABASE_URL=http://localhost:54321
NEXT_PUBLIC_SUPABASE_ANON_KEY=<from supabase start output>
SUPABASE_SERVICE_KEY=<from supabase start output>
JWT_SECRET=<generate with openssl rand -base64 32>

Production with Supabase Cloud

# Supabase Cloud
NEXT_PUBLIC_SUPABASE_URL=https://your-project.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=<from Supabase dashboard>
SUPABASE_SERVICE_KEY=<from Supabase dashboard>

# Optional: Connect to AgentSudo Cloud
AGENTSUDO_CLOUD_ENABLED=true
AGENTSUDO_CLOUD_API_KEY=as_xxx

Security Best Practices

  1. Never commit .env files - Add .env* to your .gitignore
  2. Use environment-specific files - .env.local, .env.production
  3. Rotate keys regularly - Especially service role keys
  4. Use secrets management - In production, use tools like Vault, AWS Secrets Manager, or your platform's secrets

Next Steps