Both the gateway and the CLI client read these. The gateway uses them at boot to override config.toml; the CLI uses them to pick a server and token without flags.
Runtime (gateway) Variable Purpose QORVEN_CONFIGPath to config.toml. Default: /etc/qorven/config.toml (root-owned install) or ~/.qorven/config.toml (user install). QORVEN_POSTGRES_DSNOverride [database].dsn in config. Full libpq URL. QORVEN_AUTH_TOKENOverride [auth].token. Useful for ephemeral test installs. QORVEN_ENCRYPTION_KEYOverride [auth].encryption_key. Do not rotate via env without a migration plan. QORVEN_API_LISTENhost:port — overrides [server].api_listen.QORVEN_WEB_LISTENhost:port — overrides [server].web_listen.QORVEN_WEB_DIRPath to a custom web build — overrides [server].web_dir. QORVEN_TLS_MODEauto, acme, custom, off. Overrides [tls].mode.QORVEN_LOG_LEVELdebug, info, warn, error. Default: info.AUTH_TOKENLegacy alias for QORVEN_AUTH_TOKEN. CORS_ORIGINSComma-separated additional origins.
CLI client Variable Purpose QORVEN_SERVERGateway URL (http://localhost:4200 default). QORVEN_TOKENAuth token. Overrides ~/.qorven/token_default. QORVEN_OUTPUTDefault --output value.
LLM providers Variable Used for OPENAI_API_KEYBootstraps an OpenAI provider if none exists ANTHROPIC_API_KEYSame for Anthropic DEEPSEEK_API_KEYSame for DeepSeek GEMINI_API_KEYSame for Gemini GROQ_API_KEYSame for Groq AWS_PROFILE / AWS_REGIONFor Bedrock
Env-var providers are bootstrap-only . Production installs should use Settings → Provider Keys so keys are encrypted at rest. Provider keys → Release pipeline Variable Purpose QORVEN_RELEASE_REPOOverride the GitHub repo qorven update pulls from. For forks. GITHUB_TOKENFor private release repos.
Where next
config.toml reference Every key, what it does, defaults.
Global flags Flags accepted by every subcommand.
