> ## Documentation Index
> Fetch the complete documentation index at: https://slackhive.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Environment Variables

> Reference for SlackHive configuration variables and AI backend credentials.

SlackHive stores configuration in a `.env` file in the install directory. `slackhive init` generates this file with safe defaults. Most secrets can also be managed in the dashboard under **Settings → AI Backend** or **Settings → Env Vars**.

<Warning>
  `.env` contains encryption keys and admin credentials. Never commit it.
</Warning>

## AI backend credentials

SlackHive supports multiple agent runtimes. The active runtime is selected in **Settings → AI Backend** and persisted in the database, while credentials can come from login files, CLI-detected auth, or API keys.

### OpenAI Codex / ChatGPT

Use one of these paths:

| Method        | Variable / file                           | Notes                                                                                                    |
| ------------- | ----------------------------------------- | -------------------------------------------------------------------------------------------------------- |
| ChatGPT login | `~/.codex/auth.json` or `CODEX_AUTH_JSON` | Preferred for subscription auth. The Settings page can start device auth and persist the resulting file. |
| API key       | `OPENAI_API_KEY`                          | Best for server deployments and predictable billing.                                                     |
| Custom binary | `CODEX_PATH`                              | Optional. Points SlackHive at a specific `codex` binary.                                                 |

Example:

```bash theme={null}
OPENAI_API_KEY=sk-...
# CODEX_PATH=/usr/local/bin/codex
```

### Claude Code / Anthropic

Use one of these paths:

| Method        | Variable / file                                            | Notes                                                     |
| ------------- | ---------------------------------------------------------- | --------------------------------------------------------- |
| Claude login  | `~/.claude/.credentials.json` or `CLAUDE_CREDENTIALS_JSON` | Preferred for Claude Pro/Max subscription auth.           |
| API key       | `ANTHROPIC_API_KEY`                                        | Best for teams and server deployments.                    |
| Custom binary | `CLAUDE_BIN`                                               | Optional. Points SlackHive at a specific `claude` binary. |

Example:

```bash theme={null}
ANTHROPIC_API_KEY=sk-ant-api03-...
# CLAUDE_BIN=/usr/local/bin/claude
```

<Note>
  If both a provider API key and subscription login are available, the explicit API key path is treated as deliberate server auth for that provider.
</Note>

## Backend status and detection

The dashboard header shows the active backend status:

| Status           | Meaning                                                                                                     |
| ---------------- | ----------------------------------------------------------------------------------------------------------- |
| **Connected**    | SlackHive can use the active backend now.                                                                   |
| **Expired**      | A login token exists but must be refreshed. Run the provider login command or paste fresh auth in Settings. |
| **Disconnected** | No usable credentials were found for the active backend.                                                    |

Use **Settings → AI Backend → Detect** after running `codex login` or `claude login` on the host.

## Dashboard authentication

`slackhive init` sets these from the prompts:

| Variable         | Purpose                                                           |
| ---------------- | ----------------------------------------------------------------- |
| `ADMIN_USERNAME` | Superadmin login                                                  |
| `ADMIN_PASSWORD` | Superadmin password                                               |
| `AUTH_SECRET`    | Signs session cookies. Rotating logs everyone out.                |
| `ENV_SECRET_KEY` | Encrypts stored secrets. Rotating breaks existing stored secrets. |

Generate replacement secrets with:

```bash theme={null}
openssl rand -hex 32
```

<Warning>
  Do not rotate `ENV_SECRET_KEY` after initial setup without a migration plan. Stored AI backend credentials, Slack tokens, and MCP env vars become unreadable.
</Warning>

For disaster recovery, export a password-protected recovery key from **Settings -> Backups**. That file lets you recover encrypted secrets from a database backup without storing the plaintext `ENV_SECRET_KEY` beside the backup.

## Platform

| Variable               | Default               | Purpose                                                                                                       |
| ---------------------- | --------------------- | ------------------------------------------------------------------------------------------------------------- |
| `NODE_ENV`             | `production`          | Runtime mode                                                                                                  |
| `PORT`                 | auto                  | Web server port, usually 3001                                                                                 |
| `RUNNER_INTERNAL_PORT` | auto                  | Runner control port, usually 3002                                                                             |
| `AGENTS_TMP_DIR`       | `~/.slackhive/agents` | Per-agent workspaces and session directories                                                                  |
| `DATABASE_TYPE`        | `sqlite`              | SQLite for CLI installs                                                                                       |
| `ACTIVITY_DASHBOARD`   | unset                 | Legacy flag for activity collection. Current installs normally keep tracing enabled through the app defaults. |

## Where data lives

| Path                                      | Contents                                                                |
| ----------------------------------------- | ----------------------------------------------------------------------- |
| `~/.slackhive/data.db`                    | SQLite database: agents, memories, skills, activities, traces, settings |
| `~/.slackhive/backups/`                   | SQLite backups and pre-restore safety snapshots                         |
| `~/.slackhive/agents/<slug>/`             | Agent workspace, sessions, instructions, skills, assigned wiki copies   |
| `~/.slackhive/knowledge/<folderId>/wiki/` | Compiled wiki for one Knowledge Library folder                          |
| `~/.slackhive/logs/runner.log`            | Runner log stream                                                       |
| `~/.slackhive/runner.lock`                | Singleton runner lock                                                   |
| `~/.slackhive/slackhive.pid`              | Web server PID file                                                     |

Use [Backup & Recovery](/operations/backup-recovery) for database backups and recovery-key export. Snapshot `~/.slackhive/` separately when you also need generated workspaces, compiled wiki files, and logs.

## Complete `.env.example`

```bash theme={null}
# --- OpenAI Codex / ChatGPT ---
# OPENAI_API_KEY=sk-...
# CODEX_PATH=/usr/local/bin/codex

# --- Claude Code / Anthropic ---
# ANTHROPIC_API_KEY=sk-ant-api03-...
# CLAUDE_BIN=/usr/local/bin/claude

# --- Dashboard ---
ADMIN_USERNAME=admin
ADMIN_PASSWORD=change-me
AUTH_SECRET=generate-with-openssl-rand-hex-32
ENV_SECRET_KEY=generate-with-openssl-rand-hex-32

# --- Platform ---
NODE_ENV=production
DATABASE_TYPE=sqlite
```

## Next steps

<CardGroup cols={2}>
  <Card title="AI Backends" icon="server" href="/configuration/ai-backends">
    Configure Codex/OpenAI or Claude/Anthropic.
  </Card>

  <Card title="MCP Servers" icon="plug" href="/configuration/mcp-servers">
    Use the encrypted env store to pass secrets to MCP tools.
  </Card>
</CardGroup>
