Environment Configuration¶
All environment variables and secrets for the VitaraVox platform
Last Updated: 2026-03-09 (v4.3.0 — audited against
config/env.ts)
Server Environment¶
Location: /home/ubuntu/vitara-platform/admin-dashboard/server/.env
Required Variables¶
| Variable | Description | Example |
|---|---|---|
NODE_ENV |
Environment mode | production |
DATABASE_URL |
PostgreSQL connection string | postgresql://vitara:<password>@localhost:5432/vitara_platform |
ENCRYPTION_KEY |
AES-256-GCM key for credential encryption | 32-byte hex string |
JWT_SECRET |
Access token signing key | 64-char base64 string |
JWT_REFRESH_SECRET |
Refresh token signing key | 64-char base64 string |
VAPI_API_KEY |
Vapi API key for server-side calls | From Vapi dashboard |
VAPI_WEBHOOK_SECRET |
Vapi webhook HMAC verification | From Vapi dashboard |
Voice & EMR Variables¶
Source: config/env.ts:37-65
| Variable | Default | Description |
|---|---|---|
VAPI_BASE_URL |
https://api.vapi.ai |
Vapi API base URL |
VAPI_DEFAULT_SQUAD_ID |
— | Auto-linked to new clinics during onboarding |
DEFAULT_EMR_TYPE |
oscar-universal |
EMR adapter type (oscar-universal = legacy bridge, oscar-soap = production) |
OSCAR_BRIDGE_URL |
http://localhost:3000/api/v1 |
REST Bridge URL (dev/fallback only) |
OSCAR_BRIDGE_API_KEY |
— | REST Bridge API key (dev/fallback only) |
OSCAR_SOAP_URL |
http://localhost:8080/oscar |
Default OSCAR base URL (overridden per-clinic in DB) |
OSCAR_SOAP_USERNAME |
— | Default OSCAR SOAP username (overridden per-clinic) |
OSCAR_SOAP_PASSWORD |
— | Default OSCAR SOAP password (overridden per-clinic) |
No TRANSFER_NUMBER env var
The transfer phone number is stored per-clinic in ClinicConfig.transferPhoneNumber in the database. There is no TRANSFER_NUMBER environment variable.
OSCAR OAuth Variables¶
Source: config/env.ts:58-62
| Variable | Default | Description |
|---|---|---|
OSCAR_OAUTH_CONSUMER_KEY |
— | OAuth 1.0a consumer key (dev/fallback — production uses per-clinic DB) |
OSCAR_OAUTH_CONSUMER_SECRET |
— | OAuth consumer secret |
OSCAR_OAUTH_TOKEN_KEY |
— | OAuth access token key |
OSCAR_OAUTH_TOKEN_SECRET |
— | OAuth access token secret |
OSCAR Credentials
Production OSCAR credentials (SOAP or OAuth) are stored per-clinic in the database, encrypted with AES-256-GCM using ENCRYPTION_KEY. They are configured during the onboarding wizard. The env vars above are only dev/fallback defaults.
SMS Variables¶
Source: config/env.ts:77-79
| Variable | Default | Description |
|---|---|---|
TELNYX_API_KEY |
— | Platform-level Telnyx API v2 key (single account) |
TELNYX_MESSAGING_PROFILE_ID |
— | Telnyx messaging profile UUID |
SMS sender phone numbers are stored per-clinic in ClinicConfig.smsSenderNumber. The Telnyx API key and messaging profile are shared across all clinics.
Fax Intelligence Variables¶
Source: config/env.ts:68-76
| Variable | Default | Description |
|---|---|---|
FAX_AI_PROVIDER |
anthropic |
AI extraction provider (anthropic / openai / google) |
FAX_ANTHROPIC_MODEL |
claude-sonnet-4-20250514 |
Anthropic model ID |
ANTHROPIC_API_KEY |
— | Claude API key (optional, required if using anthropic provider) |
OPENAI_API_KEY |
— | OpenAI API key (optional, for openai provider) |
GOOGLE_AI_API_KEY |
— | Google AI API key (optional, for google provider) |
FAX_PROVIDER |
mock |
Fax polling provider (mock / srfax) |
FAX_POLL_INTERVAL_MS |
60000 |
Polling interval in ms |
FAX_UPLOAD_DIR |
uploads/fax |
Local file upload directory |
Optional Variables¶
Source: config/env.ts:15-17, 26-27, 82-83
| Variable | Default | Description |
|---|---|---|
PORT |
3002 |
Server listen port |
CORS_ORIGIN |
https://dev.vitaravox.ca |
Allowed CORS origin |
JWT_EXPIRES_IN |
1h |
Access token expiry |
JWT_REFRESH_EXPIRES_IN |
7d |
Refresh token expiry |
LOG_LEVEL |
info (prod) / debug (dev) |
Pino log level (trace/debug/info/warn/error/fatal) |
VITARA_DEBUG |
false |
PHI-DEBUG mode — auto-expires after 4h. NEVER leave on unattended. |
Generate Secrets¶
# Encryption key (32-byte hex)
openssl rand -hex 32
# JWT secret (64-char base64)
openssl rand -base64 64
# Database password
openssl rand -base64 24
Production Requirements
When NODE_ENV=production, the server validates via Zod that ENCRYPTION_KEY is set. Missing it will crash the server on startup.
Vapi GitOps Environment¶
Location: /home/ubuntu/vitara-platform/vapi-gitops/.env.dev
| Variable | Description |
|---|---|
VAPI_TOKEN |
Vapi API key for GitOps pushes |
Warning
The variable name is VAPI_TOKEN, not VAPI_API_KEY.
NGINX Environment¶
NGINX is configured at the host level via config files, not environment variables.
| Config File | Purpose |
|---|---|
/etc/nginx/sites-enabled/vitaravox.ca |
API proxy (→ localhost:3002) |
/etc/nginx/sites-enabled/vitdocs.vitaravox.ca |
Docs site (static files) |
PostgreSQL¶
| Setting | Value |
|---|---|
| Host | localhost |
| Port | 5432 |
| Database | vitara_platform |
| User | vitara |
| Connection | Via Prisma ORM (DATABASE_URL) |