All environment variables that DarkDuck uses for server configuration, secrets, and agent runtime.
Server Configuration
| Variable | Default | Description |
|---|
PORT | 3100 | Server port |
HOST | 127.0.0.1 | Server host binding (0.0.0.0 for network access) |
DATABASE_URL | (embedded) | PostgreSQL connection string. If unset, uses embedded PostgreSQL. |
DARKDUCK_HOME | ~/.darkduck | Base directory for all DarkDuck data |
DARKDUCK_INSTANCE_ID | default | Instance identifier (for multiple local instances) |
DARKDUCK_DEPLOYMENT_MODE | local_trusted | Runtime mode: local_trusted or authenticated |
DARKDUCK_DEPLOYMENT_EXPOSURE | — | Exposure policy for authenticated mode: private or public |
Secrets
| Variable | Default | Description |
|---|
DARKDUCK_SECRETS_MASTER_KEY | (from file) | 32-byte encryption key (base64/hex/raw) |
DARKDUCK_SECRETS_MASTER_KEY_FILE | ~/.darkduck/.../secrets/master.key | Path to key file |
DARKDUCK_SECRETS_STRICT_MODE | false | Require secret refs for sensitive env vars |
Agent Runtime Variables
These are set automatically by the server when invoking agents via adapters. You do not need to configure these manually.
Identity
| Variable | Description |
|---|
DARKDUCK_AGENT_ID | Agent’s unique ID |
DARKDUCK_COMPANY_ID | Company ID |
DARKDUCK_API_URL | DarkDuck API base URL |
DARKDUCK_API_KEY | Short-lived JWT for API auth |
DARKDUCK_RUN_ID | Current heartbeat run ID |
Wake Context
| Variable | Description |
|---|
DARKDUCK_TASK_ID | Issue that triggered this wake |
DARKDUCK_WAKE_REASON | Wake trigger reason (e.g. issue_assigned, issue_comment_mentioned, schedule) |
DARKDUCK_WAKE_COMMENT_ID | Comment that triggered this wake |
DARKDUCK_APPROVAL_ID | Resolved approval ID |
DARKDUCK_APPROVAL_STATUS | Approval decision (approved, rejected) |
DARKDUCK_LINKED_ISSUE_IDS | Comma-separated linked issue IDs |
Wake context variables are only set when the heartbeat has a specific trigger. Check for their presence before using them.
LLM Provider Keys
These are needed by adapters to authenticate with LLM providers:
| Variable | Description |
|---|
ANTHROPIC_API_KEY | Anthropic API key (for Claude Local adapter) |
OPENAI_API_KEY | OpenAI API key (for Codex Local adapter) |
For production deployments, store LLM provider keys as DarkDuck secrets and reference them in agent adapter config rather than setting them as global environment variables. This provides encryption at rest and per-agent key isolation.
Advanced Configuration
| Variable | Default | Description |
|---|
DARKDUCK_AUTH_BASE_URL_MODE | — | Base URL resolution: auto (for private mode) or explicit URL |
DARKDUCK_IN_WORKTREE | false | Set to true when running inside a managed worktree instance |
NODE_ENV | development | Node.js environment (development or production) |
