# Environment that the agent will run in. ENV=local # Browser streaming mode: "cdp" for local browser streaming, "vnc" for VNC streaming. # Quickstart writes "cdp" for new local installs; app code falls back to "vnc" if unset. BROWSER_STREAMING_MODE=cdp # LLM Provider Configurations: # ENABLE_OPENAI: Set to true to enable OpenAI as a language model provider. ENABLE_OPENAI=false # OPENAI_API_KEY: Your OpenAI API key for accessing models like GPT-4. OPENAI_API_KEY="" # OPENAI_API_BASE: Your OpenAI API Base url. Optional. # OPENAI_API_BASE="" # OPENAI_ORGANIZATION: Your OpenAI org-id. Optional. # OPENAI_ORGANIZATION="" # ENABLE_ANTHROPIC: Set to true to enable Anthropic as a language model provider. ENABLE_ANTHROPIC=false # ANTHROPIC_API_KEY: Your Anthropic API key for accessing models like Claude-3, Claude-4, and Claude-4.5. ANTHROPIC_API_KEY="" # ENABLE_AZURE: Set to true to enable Azure as a language model provider. ENABLE_AZURE=false # AZURE_DEPLOYMENT: Your Azure deployment name for accessing specific models. AZURE_DEPLOYMENT="" # AZURE_API_KEY: Your API key for accessing Azure's language models. AZURE_API_KEY="" # AZURE_API_BASE: The base URL for Azure's API. AZURE_API_BASE="" # AZURE_API_VERSION: The version of Azure's API to use. AZURE_API_VERSION="" ENABLE_AZURE_GPT4O_MINI=false AZURE_GPT4O_MINI_DEPLOYMENT="" AZURE_GPT4O_MINI_API_KEY="" AZURE_GPT4O_MINI_API_BASE="" AZURE_GPT4O_MINI_API_VERSION="" # Azure GPT-5 Model Configurations ENABLE_AZURE_GPT5=false AZURE_GPT5_DEPLOYMENT="gpt-5" AZURE_GPT5_API_KEY="" AZURE_GPT5_API_BASE="" AZURE_GPT5_API_VERSION="2025-01-01-preview" ENABLE_AZURE_GPT5_MINI=false AZURE_GPT5_MINI_DEPLOYMENT="gpt-5-mini" AZURE_GPT5_MINI_API_KEY="" AZURE_GPT5_MINI_API_BASE="" AZURE_GPT5_MINI_API_VERSION="2025-01-01-preview" ENABLE_AZURE_GPT5_NANO=false AZURE_GPT5_NANO_DEPLOYMENT="gpt-5-nano" AZURE_GPT5_NANO_API_KEY="" AZURE_GPT5_NANO_API_BASE="" AZURE_GPT5_NANO_API_VERSION="2025-01-01-preview" # ENABLE_GEMINI: Set to true to enable Gemini as a language model provider. ENABLE_GEMINI=false # GEMINI_API_KEY: Your Gemini API key for accessing models like Gemini 2.5 Pro. GEMINI_API_KEY="" # ENABLE_NOVITA: Set to true to enable Novita AI as a language model provider. ENABLE_NOVITA=false # NOVITA_API_KEY: Your Novita AI API key. NOVITA_API_KEY="" # ENABLE_VOLCENGINE: Set to true to enable Volcengine(ByteDance Doubao) as a language model provider. ENABLE_VOLCENGINE=false # VOLCENGINE_API_KEY: Your Volcengine(ByteDance Doubao) API key. VOLCENGINE_API_KEY="" # VOLCENGINE_API_BASE: The base URL for Volcengine(ByteDance Doubao) API. VOLCENGINE_API_BASE="https://ark.cn-beijing.volces.com/api/v3" # ENABLE_YUTORI: Set to true to enable the Yutori Navigator computer-use model. ENABLE_YUTORI=false # YUTORI_API_KEY: Your Yutori API key. YUTORI_API_KEY="" # YUTORI_API_BASE: The base URL for the Yutori API. YUTORI_API_BASE="https://api.yutori.com/v1" # YUTORI_MODEL: The Yutori model to use. YUTORI_MODEL="n1.5-latest" # YUTORI_TOOL_SET: Tool set for Navigator. Options: "" (default core), "browser_tools_core-20260403", "browser_tools_expanded-20260403". YUTORI_TOOL_SET="" # LLM_KEY: The chosen language model to use. This should be one of the models # provided by the enabled LLM providers (e.g., OPENAI_GPT5_5, OPENAI_GPT5_4, # ANTHROPIC_CLAUDE5_FABLE, ANTHROPIC_CLAUDE4.7_OPUS, ANTHROPIC_CLAUDE4.6_SONNET, # GEMINI_3_PRO, BEDROCK_ANTHROPIC_CLAUDE5_FABLE_INFERENCE_PROFILE, # BEDROCK_ANTHROPIC_CLAUDE5_FABLE_WITH_FALLBACK). # See docs: https://www.skyvern.com/docs/self-hosted/llm-configuration LLM_KEY="" # a cheaper LLM providers to help finishing some small tasks, like custom selection or svg conversion. If empty, it will be the same as LLM_KEY SECONDARY_LLM_KEY="" # Web browser configuration for scraping: # BROWSER_TYPE: Can be either "chromium-headless" or "chromium-headful". BROWSER_TYPE="chromium-headful" # BROWSER_REMOTE_DEBUGGING_HOST_HEADER: Optional Host header for cdp-connect. # Windows chrome://inspect Docker bridges may need this set to 127.0.0.1:. BROWSER_REMOTE_DEBUGGING_HOST_HEADER= # BROWSER_CDP_CONNECT_TIMEOUT_MS: Timeout for cdp-connect startup/approval in milliseconds. BROWSER_CDP_CONNECT_TIMEOUT_MS=120000 # MAX_SCRAPING_RETRIES: Number of times to retry scraping a page before giving up, currently set to 0. MAX_SCRAPING_RETRIES=0 # VIDEO_PATH: Path to the directory where videos will be saved. VIDEO_PATH=./videos # BROWSER_ACTION_TIMEOUT_MS: Timeout for browser actions in milliseconds. BROWSER_ACTION_TIMEOUT_MS=5000 # Agent run configuration: # MAX_STEPS_PER_RUN: Maximum number of steps to execute per run unless the agent finishes with a terminal state (last step or error). MAX_STEPS_PER_RUN=50 # Logging and database configuration: # LOG_LEVEL: Control log level (e.g., INFO, DEBUG). LOG_LEVEL=INFO # DATABASE_STRING: Database connection string. DATABASE_STRING="postgresql+psycopg://skyvern@localhost/skyvern" # If you are using Windows use this DATABASE_STRING. # DATABASE_STRING="postgresql+asyncpg://skyvern@localhost/skyvern" # PORT: Port to run the agent on. PORT=8000 # Analytics configuration: # ANALYTICS_ID: Distinct analytics ID (a UUID is generated if left blank). ANALYTICS_ID="anonymous" # LAMINAR # Skyvern's backend runs on port 8000 by default. Consider updating your self-hosted laminar to env vars to avoid conflicts # LMNR_HTTP_PORT=8010 # LMNR_GRPC_PORT=8011 # LMNR_BASE_URL=http://localhost # LMNR_PROJECT_API_KEY= # 1Password Integration # OP_SERVICE_ACCOUNT_TOKEN: API token for 1Password integration OP_SERVICE_ACCOUNT_TOKEN="" # ============================================================================= # SKYVERN CREDENTIAL VAULT CONFIGURATION # ============================================================================= # Built-in encrypted local vault used by default by the OSS Docker Compose setup. # Docker also sets ENABLE_LOCAL_CREDENTIAL_VAULT=true and persists this under /data/credential_vault. CREDENTIAL_VAULT_TYPE=skyvern ENABLE_LOCAL_CREDENTIAL_VAULT=true # LOCAL_CREDENTIAL_VAULT_PATH=/data/credential_vault # Production self-hosters should set LOCAL_CREDENTIAL_VAULT_KEY from an external secret store. # If unset, Skyvern generates .fernet_key inside LOCAL_CREDENTIAL_VAULT_PATH; backups or host-dir # exposure of that directory include both encrypted items and the key needed to decrypt them. # LOCAL_CREDENTIAL_VAULT_KEY= # The OSS Docker volumes for browser_sessions/ and downloads/ can contain plaintext cookies, # session tokens, and downloaded files. Treat them as sensitive and exclude them from casual backups. # Enable recording skyvern logs as artifacts ENABLE_LOG_ARTIFACTS=false # ============================================================================= # SKYVERN BITWARDEN CONFIGURATION # ============================================================================= # Set CREDENTIAL_VAULT_TYPE=bitwarden to use Bitwarden or vaultwarden instead # of the built-in Skyvern credential vault. # Your organization ID in official Bitwarden server or vaultwarden (if using organizations) SKYVERN_AUTH_BITWARDEN_ORGANIZATION_ID=your-org-id-here # These should match the values for bitwarden cli server for consistency SKYVERN_AUTH_BITWARDEN_MASTER_PASSWORD=your-master-password-here SKYVERN_AUTH_BITWARDEN_CLIENT_ID=user.your-client-id-here SKYVERN_AUTH_BITWARDEN_CLIENT_SECRET=your-client-secret-here # The CLI server will run on localhost:8002 by default # Optional, because by default Bitwarden is used directly # BITWARDEN_SERVER=http://localhost # BITWARDEN_SERVER_PORT=8002 # ============================================================================= # OPTIONAL: ADDITIONAL SKYVERN CONFIGURATION # ============================================================================= # If you need to override the default Bitwarden server settings in Skyvern # These will be automatically set by the Docker Compose, but you can override them here # Maximum number of retries for Bitwarden operations # BITWARDEN_MAX_RETRIES=3 # Timeout in seconds for Bitwarden operations # BITWARDEN_TIMEOUT_SECONDS=60 # Shared Redis URL used by any service that needs Redis (pub/sub, cache, etc.) # REDIS_URL=redis://localhost:6379/0 # Notification registry type: "local" (default, in-process) or "redis" (multi-pod) # NOTIFICATION_REGISTRY_TYPE=local # Optional: override Redis URL specifically for notifications (falls back to REDIS_URL) # NOTIFICATION_REDIS_URL= # REDIS_URL=redis://localhost:6379/0 # ============================================================================= # OPTIONAL: GCP SELF-HOSTED DEPLOYMENT # ============================================================================= # Uncomment to run Skyvern on Google Cloud with GCS storage and Secret Manager # credentials. Auth uses Application Default Credentials (Workload Identity on # GKE, or GOOGLE_APPLICATION_CREDENTIALS pointing at a service-account key). # Store artifacts/screenshots/browser sessions/uploads in Google Cloud Storage # SKYVERN_STORAGE_TYPE=gcs # GCS_PROJECT_ID=your-gcp-project-id # GCS_BUCKET_ARTIFACTS=skyvern-artifacts # GCS_BUCKET_SCREENSHOTS=skyvern-screenshots # GCS_BUCKET_BROWSER_SESSIONS=skyvern-browser-sessions # GCS_BUCKET_UPLOADS=skyvern-uploads # Service account that signs GCS download URLs; required only under Workload # Identity, where the runtime SA has no signing key of its own. # GCS_SIGNER_SA_EMAIL=skyvern@your-gcp-project-id.iam.gserviceaccount.com # Store workflow credentials in GCP Secret Manager instead of Bitwarden # CREDENTIAL_VAULT_TYPE=gcp # GCP_CREDENTIAL_VAULT_PROJECT_ID=your-gcp-project-id # Secret-id prefix; must be unique per Skyvern deployment sharing a project # GCP_CREDENTIAL_VAULT_PREFIX=skyvern-cred-