Configuration
PromptGate is configured via the backend/.env file (or via environment: in Docker Compose). This page is the complete reference — every var that ships in .env.example plus the feature-specific ones added by guardrails, OAuth, SSRF, and the contextual PII detector.
Anything not listed here is either a Laravel internal you can ignore, or a sensible Laravel default.
| Variable | Default | Notes |
|---|---|---|
APP_NAME | "PromptGate v2" | Shown in browser title and emails. |
APP_ENV | local | local / staging / production. Set to production in prod. |
APP_KEY | (generate it) | 32-byte AES key in base64:… format. Encrypts every credential, OAuth token, and MCP server bearer. Losing it = unrecoverable secrets. |
APP_DEBUG | true | Set to false in production. |
APP_URL | http://localhost:8000 | Public URL. Used in OAuth callback, MCP bridge URL, curl examples shown in the UI. |
APP_LOCALE | en | Default UI language. (Currently English only.) |
APP_TIMEZONE | UTC | Used for log timestamps and audit entries. |
BCRYPT_ROUNDS | 12 | Password hash cost. 4 in tests, 12 in prod. |
To generate a fresh one:
docker compose exec app php artisan key:generateDatabase
Section titled “Database”PromptGate supports SQLite (default), MySQL 8+, and PostgreSQL 14+. See Database Setup for the swap procedure.
| Variable | Default | Notes |
|---|---|---|
DB_CONNECTION | sqlite | sqlite / mysql / pgsql. |
DB_DATABASE | database/database.sqlite | SQLite file path or database name for MySQL/Postgres. |
DB_HOST | 127.0.0.1 | Ignored for SQLite. |
DB_PORT | 3306 (mysql) / 5432 (pgsql) | |
DB_USERNAME | root | |
DB_PASSWORD | (empty) |
Sessions, Cache, Queue
Section titled “Sessions, Cache, Queue”| Variable | Default | Notes |
|---|---|---|
SESSION_DRIVER | database | database / redis / array (test only) / file. |
SESSION_LIFETIME | 120 | Minutes of session idle before logout. |
SESSION_ENCRYPT | false | Encrypt session payloads (small CPU cost). |
CACHE_STORE | database | database / redis / file / array (tests). Used by rate limits for the per-minute / per-hour bucket counters. |
QUEUE_CONNECTION | database | database / redis / sync. Webhooks dispatch through this. |
BROADCAST_CONNECTION | log | Not currently wired to live UI. |
For production, Redis for cache + sessions + queue is recommended:
CACHE_STORE=redisSESSION_DRIVER=redisQUEUE_CONNECTION=redis
REDIS_HOST=redisREDIS_PORT=6379REDIS_PASSWORD=Logging
Section titled “Logging”| Variable | Default | Notes |
|---|---|---|
LOG_CHANNEL | stack | stack / single / daily / stderr. Set to stderr in Docker so logs land in docker logs. |
LOG_STACK | single | Channels combined when LOG_CHANNEL=stack. |
LOG_LEVEL | debug | debug / info / warning / error. Set to warning in prod. |
LOG_DEPRECATIONS_CHANNEL | null | Where deprecations go. |
Used by webhooks (in the future) and password-reset emails. Defaults are off-line / safe.
| Variable | Default | Notes |
|---|---|---|
MAIL_MAILER | log | log writes mails to the log file (great for dev). smtp / ses / mailgun / postmark for prod. |
MAIL_HOST | 127.0.0.1 | |
MAIL_PORT | 2525 | |
MAIL_USERNAME | null | |
MAIL_PASSWORD | null | |
MAIL_FROM_ADDRESS | hello@example.com | Set this. |
MAIL_FROM_NAME | ${APP_NAME} |
Filesystem
Section titled “Filesystem”| Variable | Default | Notes |
|---|---|---|
FILESYSTEM_DISK | local | Where backups land if you ever store them in-place (default behaviour streams the ZIP directly). |
AWS / S3 (optional)
Section titled “AWS / S3 (optional)”| Variable | Default | Notes |
|---|---|---|
AWS_ACCESS_KEY_ID | (empty) | |
AWS_SECRET_ACCESS_KEY | (empty) | |
AWS_DEFAULT_REGION | us-east-1 | |
AWS_BUCKET | (empty) | |
AWS_USE_PATH_STYLE_ENDPOINT | false |
Used only if you point FILESYSTEM_DISK=s3.
PromptGate-specific configuration
Section titled “PromptGate-specific configuration”These are the env variables that control PromptGate features beyond what Laravel provides out of the box.
Contextual PII detection (LLM-backed)
Section titled “Contextual PII detection (LLM-backed)”Used by PII Filter when person_name or address types are enabled.
| Variable | Default | Notes |
|---|---|---|
PII_CONTEXTUAL_ENABLED | true | Master switch. Set to false to disable contextual detection even if a credential is configured. |
PII_CONTEXTUAL_CREDENTIAL_ID | (unset) | DB id of the App\Models\Credential row to use for the LLM call. The credential’s provider_key picks the adapter. |
PII_CONTEXTUAL_MODEL | gpt-4o-mini | Model identifier passed to the provider. Should be cheap + fast. |
PII_CONTEXTUAL_MAX_CHARS | 8000 | Inputs longer than this skip contextual detection (regex still runs). |
PII_CONTEXTUAL_ENABLED=truePII_CONTEXTUAL_CREDENTIAL_ID=3PII_CONTEXTUAL_MODEL=gpt-4o-miniOllama provider base URL
Section titled “Ollama provider base URL”Used by the local Ollama adapter.
| Variable | Default |
|---|---|
OLLAMA_BASE_URL | http://localhost:11434/v1 |
Set to your Ollama instance’s URL if it isn’t on the same host.
SSRF allowlist
Section titled “SSRF allowlist”Used by SSRF Protection to permit specific internal hosts.
| Variable | Default | Notes |
|---|---|---|
SSRF_ALLOWED_HOSTS | (empty) | Comma-separated host list. * disables the SSRF guard entirely (only used by the test suite). |
# Allow an internal API on a docker bridge networkSSRF_ALLOWED_HOSTS=internal-api.svc.local,10.0.0.42Pulse / Telescope / Nightwatch
Section titled “Pulse / Telescope / Nightwatch”| Variable | Default | Notes |
|---|---|---|
PULSE_ENABLED | false | Laravel Pulse (not currently used). |
TELESCOPE_ENABLED | false | Laravel Telescope (not currently used). |
NIGHTWATCH_ENABLED | false | Laravel Nightwatch (not currently used). |
Leave these false unless you know you need them.
A clean production .env
Section titled “A clean production .env”Drop-in template for a real deployment:
APP_NAME="PromptGate"APP_ENV=productionAPP_KEY=base64:... # generate with `php artisan key:generate`APP_DEBUG=falseAPP_URL=https://gateway.your-domain.comAPP_TIMEZONE=Europe/Berlin
DB_CONNECTION=pgsqlDB_HOST=db.internalDB_PORT=5432DB_DATABASE=promptgateDB_USERNAME=promptgateDB_PASSWORD=...
CACHE_STORE=redisSESSION_DRIVER=redisQUEUE_CONNECTION=redisREDIS_HOST=redisREDIS_PORT=6379
LOG_CHANNEL=stderrLOG_LEVEL=warning
MAIL_MAILER=smtpMAIL_HOST=smtp.your-provider.comMAIL_PORT=587MAIL_USERNAME=...MAIL_PASSWORD=...MAIL_FROM_ADDRESS=noreply@your-domain.comMAIL_FROM_NAME="PromptGate"
# Optional featuresPII_CONTEXTUAL_CREDENTIAL_ID=3PII_CONTEXTUAL_MODEL=gpt-4o-miniSSRF_ALLOWED_HOSTS=Reload after changing
Section titled “Reload after changing”When you change .env, the changes take effect on the next request — but if you have config caching enabled (php artisan config:cache), you need to clear it:
docker compose exec app php artisan config:cleardocker compose restart appNext: Database Setup — switching from SQLite to MySQL or PostgreSQL.
© Akyros Labs LLC. All rights reserved.