Environment Variables¶
Fetch ML supports environment variables for configuration, allowing you to override config file settings and deploy in different environments.
Priority Order¶
- Environment variables (highest priority)
- Configuration file values
- Default values (lowest priority)
Variable Prefixes¶
General Configuration¶
FETCH_ML_*- General server and application settings
CLI Configuration¶
FETCH_ML_CLI_*- CLI-specific settings (overrides~/.ml/config.toml)
TUI Configuration¶
FETCH_ML_TUI_*- TUI-specific settings (overrides TUI config file)
CLI Environment Variables¶
| Variable | Config Field | Example |
|---|---|---|
FETCH_ML_CLI_HOST |
worker_host |
localhost |
FETCH_ML_CLI_USER |
worker_user |
mluser |
FETCH_ML_CLI_BASE |
worker_base |
/opt/ml |
FETCH_ML_CLI_PORT |
worker_port |
22 |
FETCH_ML_CLI_API_KEY |
api_key |
your-api-key-here |
TUI Environment Variables¶
| Variable | Config Field | Example |
|---|---|---|
FETCH_ML_TUI_HOST |
host |
localhost |
FETCH_ML_TUI_USER |
user |
mluser |
FETCH_ML_TUI_SSH_KEY |
ssh_key |
~/.ssh/id_rsa |
FETCH_ML_TUI_PORT |
port |
22 |
FETCH_ML_TUI_BASE_PATH |
base_path |
/opt/ml |
FETCH_ML_TUI_TRAIN_SCRIPT |
train_script |
train.py |
FETCH_ML_TUI_REDIS_ADDR |
redis_addr |
localhost:6379 |
FETCH_ML_TUI_REDIS_PASSWORD |
redis_password |
`` |
FETCH_ML_TUI_REDIS_DB |
redis_db |
0 |
FETCH_ML_TUI_KNOWN_HOSTS |
known_hosts |
~/.ssh/known_hosts |
Server Environment Variables (Auth & Debug)¶
These variables control server-side authentication behavior and are intended only for local development and debugging.
| Variable | Purpose | Allowed In Production? |
|---|---|---|
FETCH_ML_ALLOW_INSECURE_AUTH |
When set to 1 and FETCH_ML_DEBUG=1, allows the API server to run with auth.enabled: false by injecting a default admin user. |
No. Must never be set in production. |
FETCH_ML_DEBUG |
Enables additional debug behaviors. Required (set to 1) to activate the insecure auth bypass above. |
No. Must never be set in production. |
When both variables are set to 1 and auth.enabled is false, the server logs a clear warning and treats all requests as coming from a default admin user. This mode is convenient for local homelab experiments but is insecure by design and must not be used on any shared or internet-facing environment.
Usage Examples¶
Development Environment¶
export FETCH_ML_CLI_HOST=localhost
export FETCH_ML_CLI_USER=devuser
export FETCH_ML_CLI_API_KEY=dev-key-123456789012
./ml status
Production Environment¶
export FETCH_ML_CLI_HOST=prod-server.example.com
export FETCH_ML_CLI_USER=mluser
export FETCH_ML_CLI_API_KEY=prod-key-abcdef1234567890
./ml status
Docker/Kubernetes¶
env:
- name: FETCH_ML_CLI_HOST
value: "ml-server.internal"
- name: FETCH_ML_CLI_USER
value: "mluser"
- name: FETCH_ML_CLI_API_KEY
valueFrom:
secretKeyRef:
name: ml-secrets
key: api-key
Using .env file¶
# Copy the example file
cp .env.example .env
# Edit with your values
vim .env
# Load in your shell
export $(cat .env | xargs)
Backward Compatibility¶
The CLI also supports the legacy ML_* prefix for backward compatibility, but FETCH_ML_CLI_* takes priority if both are set.
| Legacy Variable | New Variable |
|---|---|
ML_HOST |
FETCH_ML_CLI_HOST |
ML_USER |
FETCH_ML_CLI_USER |
ML_BASE |
FETCH_ML_CLI_BASE |
ML_PORT |
FETCH_ML_CLI_PORT |
ML_API_KEY |
FETCH_ML_CLI_API_KEY |