Description
Allow OpenAB to be fully configured through environment variables alone,
without requiring a config.toml file at startup. Every setting currently
readable from the config file should have a corresponding OPENAB_* env var
that OpenAB reads when no config file is present (or when
OPENAB_CONFIG_FROM_ENV=1 is set).
This affects the core config loader (src/config.rs) and the Helm chart
(charts/openab).
Use Case
Kubernetes operators today must bake a config.toml into a ConfigMap or mount
it as a Secret volume, then keep it in sync with Helm values. This creates two
sources of truth.
As a platform operator, I want to configure OpenAB entirely via environment
variables so that:
- There is a single source of truth (Helm release values / Kubernetes Secrets).
- Secrets (bot tokens, API keys) are never written to a ConfigMap as plaintext.
- The deployment follows 12-factor app principles and works with standard secret
managers (Vault, External Secrets Operator, AWS Secrets Manager).
As a developer or CI runner, env-var-only mode also makes testing significantly
easier — spin up an instance with a few exported variables, no config file to
create, template, or clean up between test runs.
Proposed Solution
Define a flat set of OPENAB_* env vars that mirror the TOML structure:
| Env var |
TOML equivalent |
OPENAB_DISCORD_BOT_TOKEN |
[discord] bot_token |
OPENAB_DISCORD_ALLOWED_CHANNELS |
[discord] allowed_channels (comma-separated) |
OPENAB_DISCORD_ALLOW_BOT_MESSAGES |
[discord] allow_bot_messages |
OPENAB_SLACK_BOT_TOKEN |
[slack] bot_token |
OPENAB_SLACK_APP_TOKEN |
[slack] app_token |
OPENAB_AGENT_COMMAND |
[agent] command |
OPENAB_AGENT_ARGS |
[agent] args (space-separated or JSON array) |
OPENAB_AGENT_WORKING_DIR |
[agent] working_dir |
OPENAB_POOL_MAX_SESSIONS |
[pool] max_sessions |
OPENAB_POOL_SESSION_TTL_HOURS |
[pool] session_ttl_hours |
| … |
… |
In src/config.rs, when --config is not provided and config.toml does not
exist, fall back to building a Config struct from these env vars. The Helm
chart would expose a corresponding envVars: section in values.yaml and
stop generating a ConfigMap when env-var mode is active.
Prior Art
OpenClaw — supports layered env sources (process env → .env →
~/.openclaw/.env → config env block) and full ${VAR_NAME} substitution
in all config strings. Does not yet support a fully config-file-free startup,
but the env-layer precedence model is directly applicable.
Ref: docs/help/environment.md, docs/gateway/configuration-reference.md.
Hermes Agent — defines a comprehensive HERMES_* env var namespace
covering every feature (provider, model, gateway, session, etc.), documented in
website/docs/reference/environment-variables.md. The agent can be started
with no config file at all. This is the closest prior art to the proposed
feature.
Related Issues
Description
Allow OpenAB to be fully configured through environment variables alone,
without requiring a
config.tomlfile at startup. Every setting currentlyreadable from the config file should have a corresponding
OPENAB_*env varthat OpenAB reads when no config file is present (or when
OPENAB_CONFIG_FROM_ENV=1is set).This affects the core config loader (
src/config.rs) and the Helm chart(
charts/openab).Use Case
Kubernetes operators today must bake a
config.tomlinto a ConfigMap or mountit as a Secret volume, then keep it in sync with Helm values. This creates two
sources of truth.
As a platform operator, I want to configure OpenAB entirely via environment
variables so that:
managers (Vault, External Secrets Operator, AWS Secrets Manager).
As a developer or CI runner, env-var-only mode also makes testing significantly
easier — spin up an instance with a few exported variables, no config file to
create, template, or clean up between test runs.
Proposed Solution
Define a flat set of
OPENAB_*env vars that mirror the TOML structure:OPENAB_DISCORD_BOT_TOKEN[discord] bot_tokenOPENAB_DISCORD_ALLOWED_CHANNELS[discord] allowed_channels(comma-separated)OPENAB_DISCORD_ALLOW_BOT_MESSAGES[discord] allow_bot_messagesOPENAB_SLACK_BOT_TOKEN[slack] bot_tokenOPENAB_SLACK_APP_TOKEN[slack] app_tokenOPENAB_AGENT_COMMAND[agent] commandOPENAB_AGENT_ARGS[agent] args(space-separated or JSON array)OPENAB_AGENT_WORKING_DIR[agent] working_dirOPENAB_POOL_MAX_SESSIONS[pool] max_sessionsOPENAB_POOL_SESSION_TTL_HOURS[pool] session_ttl_hoursIn
src/config.rs, when--configis not provided andconfig.tomldoes notexist, fall back to building a
Configstruct from these env vars. The Helmchart would expose a corresponding
envVars:section invalues.yamlandstop generating a
ConfigMapwhen env-var mode is active.Prior Art
OpenClaw — supports layered env sources (process env →
.env→~/.openclaw/.env→ configenvblock) and full${VAR_NAME}substitutionin all config strings. Does not yet support a fully config-file-free startup,
but the env-layer precedence model is directly applicable.
Ref:
docs/help/environment.md,docs/gateway/configuration-reference.md.Hermes Agent — defines a comprehensive
HERMES_*env var namespacecovering every feature (provider, model, gateway, session, etc.), documented in
website/docs/reference/environment-variables.md. The agent can be startedwith no config file at all. This is the closest prior art to the proposed
feature.
Related Issues
maxBotTurnsvia Helm (same pattern, single field; this proposes a systematic approach)