Skip to main content
Version: 0.11.0

Configuration Reference

Kamiwaza uses environment variables for configuration. The installer automatically sets sensible defaults based on your installation type, so most users don't need to configure anything manually.

Installation Types

TypeCommandDescription
Community/Liteinstall.sh --communityLocal development with SQLite, auth disabled
Community/Fullinstall.sh --community --fullLocal development with full database, auth enabled
Enterpriseinstall.shProduction deployment with full features

When to Customize

You only need to set environment variables if you want to modify or enable features:

  • Change the default admin password
  • Configure external network access
  • Enable optional features (vector database, observability)
  • Set up CORS for external applications

Core Configuration

Mode Settings

VariableDescriptionCommunity DefaultEnterprise Default
KAMIWAZA_LITELite mode enables faster restarts and smaller footprint. Suitible for individual users.truefalse
KAMIWAZA_USE_AUTHEnable authentication stackfalsetrue

Installation Paths

VariableDescriptionDefault
KAMIWAZA_ROOTInstallation directoryAuto-detected
KAMIWAZA_INSTALL_ROOTAlias for KAMIWAZA_ROOTAuto-detected

Authentication

Basic Auth Settings

VariableDescriptionDefault
KAMIWAZA_ADMIN_PASSWORDAdmin user passwordkamiwaza (dev) or auto-generated
AUTH_FORWARD_HEADER_SECRETForwardAuth HMAC secretAuto-generated

When authentication is enabled (KAMIWAZA_USE_AUTH=true), additional configuration is required. See the Security Admin Guide for complete authentication setup.

Network & CORS

VariableDescriptionDefault
KAMIWAZA_EXTERNAL_URLPublic-facing hostname (without protocol)localhost
KAMIWAZA_CORS_ORIGINSAdditional CORS origins (comma-separated)"" (empty)
KAMIWAZA_ORIGINOrigin for redirects and App Garden appsDefaults to https://{EXTERNAL_URL}

Example CORS configuration:

# Allow requests from a separate frontend
export KAMIWAZA_CORS_ORIGINS="dashboard.mycompany.com,dev.mycompany.com"

# Allow all subdomains (use with caution)
export KAMIWAZA_CORS_ORIGINS="*.mycompany.com"

Optional Features

Vector Database (Milvus)

VariableDescriptionDefault
KAMIWAZA_MILVUS_ENABLEDEnable Milvus vector databasetrue

Milvus provides vector storage for RAG and similarity search. Disable if not using these features:

export KAMIWAZA_MILVUS_ENABLED=false

Observability (OpenTelemetry)

VariableDescriptionDefault
KAMIWAZA_OTEL_ENABLEDEnable OpenTelemetry tracingfalse
KAMIWAZA_LOKI_ENABLEDEnable Loki loggingfalse
OTEL_EXPORTER_OTLP_ENDPOINTOTLP collector endpointhttp://localhost:4318

See Observability for setup details.

Logging

VariableDescriptionDefault
KAMIWAZA_DEBUGEnable debug loggingfalse
KAMIWAZA_LOG_LEVELLog level (DEBUG, INFO, WARNING, ERROR)INFO
KAMIWAZA_LOG_JSONUse JSON log formattrue

Example Configurations

Local Development (Default)

For most local development, no configuration is needed. The installer creates sensible defaults:

# Run the installer - it handles everything
bash install.sh --community --i-accept-the-kamiwaza-license

If you want to customize, create env.sh before running the installer:

#!/bin/bash
# Optional: Custom admin password
export KAMIWAZA_ADMIN_PASSWORD="my-secure-password"

# Optional: Use a specific IP (for network access)
export KAMIWAZA_HEAD_IP="192.168.1.100"

Production Deployment

For production deployments, see the Security Admin Guide which covers:

  • Full authentication setup with Keycloak
  • HTTPS configuration
  • External access and CORS
  • Session management

Applying Configuration Changes

  1. Before installation: Create env.sh in your KAMIWAZA_ROOT directory
  2. After installation: Edit env.sh and restart services:
    source env.sh
    bash startup/kamiwazad.sh restart

Troubleshooting

Common Issues

Services won't start after changing configuration:

  • Ensure all required variables are set (check logs for missing values)
  • Verify env.sh syntax with bash -n env.sh
  • Restart all services: bash startup/kamiwazad.sh restart

CORS errors in browser:

  • Add your frontend origin to KAMIWAZA_CORS_ORIGINS
  • Ensure KAMIWAZA_EXTERNAL_URL matches your access URL

Authentication not working:

  • Verify KAMIWAZA_USE_AUTH=true is set
  • Check Keycloak is running: docker ps | grep keycloak
  • See Security Admin Guide for detailed auth setup