Configuration
Keystone services are configured via environment variables. Each variable is prefixed with KEYSTONE_ for namespace isolation.
Common
Section titled “Common”| Variable | Description |
|---|---|
KEYSTONE_LOG_LEVEL | Logging verbosity: debug, info, warn, error |
KEYSTONE_ALLOWED_ORIGINS | Comma-separated list of allowed CORS origins |
KEYSTONE_REQUEST_TIMEOUT | Request timeout (e.g. 15s) |
Authentication (OIDC)
Section titled “Authentication (OIDC)”| Variable | Description |
|---|---|
KEYSTONE_AUTH_ENABLED | Enable/disable OIDC authentication (true/false) |
KEYSTONE_AUTH_ISSUER | OIDC issuer URL |
KEYSTONE_AUTH_AUDIENCE | Expected JWT audience |
KEYSTONE_AUTH_JWKS_URL | JWKS endpoint for token verification |
Indexing
Section titled “Indexing”| Variable | Description |
|---|---|
KEYSTONE_INDEX_BACKEND | Search backend: postgres, opensearch, or hybrid |
KEYSTONE_INDEX_BOOTSTRAP | Auto-create indexes on startup (true/false) |
Semantic Engine
Section titled “Semantic Engine”The semantic engine powers embedding generation and similarity search. Configuration is handled at the service level.
For deployment-level configuration (database connections, service URLs, infrastructure setup), refer to the deployment guide provided with your installation.