# Environment Variables Fetch ML supports environment variables for configuration, allowing you to override config file settings and deploy in different environments. ## Priority Order 1. Environment variables (highest priority) 2. Configuration file values 3. Default values (lowest priority) ## Variable Prefixes ### General Configuration - `FETCH_ML_*` - General server and application settings ### CLI Configuration - `FETCH_ML_CLI_*` - CLI-specific settings (overrides `~/.ml/config.toml`) ### TUI Configuration - `FETCH_ML_TUI_*` - TUI-specific settings (overrides TUI config file) ## CLI Environment Variables | Variable | Config Field | Example | |----------|-------------|---------| | `FETCH_ML_CLI_HOST` | `worker_host` | `localhost` | | `FETCH_ML_CLI_USER` | `worker_user` | `mluser` | | `FETCH_ML_CLI_BASE` | `worker_base` | `/opt/ml` | | `FETCH_ML_CLI_PORT` | `worker_port` | `22` | | `FETCH_ML_CLI_API_KEY` | `api_key` | `your-api-key-here` | ## TUI Environment Variables | Variable | Config Field | Example | |----------|-------------|---------| | `FETCH_ML_TUI_HOST` | `host` | `localhost` | | `FETCH_ML_TUI_USER` | `user` | `mluser` | | `FETCH_ML_TUI_SSH_KEY` | `ssh_key` | `~/.ssh/id_rsa` | | `FETCH_ML_TUI_PORT` | `port` | `22` | | `FETCH_ML_TUI_BASE_PATH` | `base_path` | `/opt/ml` | | `FETCH_ML_TUI_TRAIN_SCRIPT` | `train_script` | `train.py` | | `FETCH_ML_TUI_REDIS_ADDR` | `redis_addr` | `localhost:6379` | | `FETCH_ML_TUI_REDIS_PASSWORD` | `redis_password` | `` | | `FETCH_ML_TUI_REDIS_DB` | `redis_db` | `0` | | `FETCH_ML_TUI_KNOWN_HOSTS` | `known_hosts` | `~/.ssh/known_hosts` | ## Server Environment Variables (Auth & Debug) These variables control **server-side** authentication behavior and are intended **only for local development and debugging**. | Variable | Purpose | Allowed In Production? | |----------|---------|------------------------| | `FETCH_ML_ALLOW_INSECURE_AUTH` | When set to `1` *and* `FETCH_ML_DEBUG=1`, allows the API server to run with `auth.enabled: false` by injecting a default admin user. | **No**. Must never be set in production. | | `FETCH_ML_DEBUG` | Enables additional debug behaviors. Required (set to `1`) to activate the insecure auth bypass above. | **No**. Must never be set in production. | When both variables are set to `1` and `auth.enabled` is `false`, the server logs a clear warning and treats all requests as coming from a default admin user. This mode is convenient for local homelab experiments but is **insecure by design** and must not be used on any shared or internet-facing environment. ## Usage Examples ### Development Environment ```bash export FETCH_ML_CLI_HOST=localhost export FETCH_ML_CLI_USER=devuser export FETCH_ML_CLI_API_KEY=dev-key-123456789012 ./ml status ``` ### Production Environment ```bash export FETCH_ML_CLI_HOST=prod-server.example.com export FETCH_ML_CLI_USER=mluser export FETCH_ML_CLI_API_KEY=prod-key-abcdef1234567890 ./ml status ``` ### Docker/Kubernetes ```yaml env: - name: FETCH_ML_CLI_HOST value: "ml-server.internal" - name: FETCH_ML_CLI_USER value: "mluser" - name: FETCH_ML_CLI_API_KEY valueFrom: secretKeyRef: name: ml-secrets key: api-key ``` ### Using .env file ```bash # Copy the example file cp .env.example .env # Edit with your values vim .env # Load in your shell export $(cat .env | xargs) ``` ## Backward Compatibility The CLI also supports the legacy `ML_*` prefix for backward compatibility, but `FETCH_ML_CLI_*` takes priority if both are set. | Legacy Variable | New Variable | |-----------------|--------------| | `ML_HOST` | `FETCH_ML_CLI_HOST` | | `ML_USER` | `FETCH_ML_CLI_USER` | | `ML_BASE` | `FETCH_ML_CLI_BASE` | | `ML_PORT` | `FETCH_ML_CLI_PORT` | | `ML_API_KEY` | `FETCH_ML_CLI_API_KEY` |