Configuration
Bootstrap bigRAG, then manage runtime settings from the admin UI.
bigRAG uses a UI-first configuration model. Operators provide only the wiring needed before the API can read Postgres, then admins manage product/runtime settings from /settings and /models.
Auth is admin accounts + session cookies and minted bigrag_sk_… API keys — see Authentication.
Bootstrap config
Bootstrap config is the small set of values the API needs before it can connect to the database and decrypt saved settings.
| Variable | Description | Default |
|---|---|---|
BIGRAG_ENV | dev or prod. Production mode enforces safe startup checks. | dev |
BIGRAG_LOG_LEVEL | Backend log level: debug, info, warning, or error. | info |
BIGRAG_LOG_FORMAT | Backend log renderer: text for local terminals with escaped control characters or json for log shippers. | text |
BIGRAG_HOST | API bind address. | 127.0.0.1 |
BIGRAG_PORT | API bind port. | 4000 |
BIGRAG_WORKERS | Uvicorn process count. | 1 |
BIGRAG_DATABASE_URL | Postgres connection URL. | postgres://bigrag:bigrag@localhost:5432/bigrag?sslmode=disable |
BIGRAG_DB_POOL_MIN | Minimum Postgres pool size. | 5 |
BIGRAG_DB_POOL_MAX | Maximum Postgres pool size. | 20 |
BIGRAG_MIGRATION_TIMEOUT_SECONDS | Startup migration timeout. Set 0 to disable the timeout. | 60 |
BIGRAG_REDIS_URL | Redis connection URL. | redis://localhost:6379/0 |
BIGRAG_MASTER_KEY | Fernet key for encrypted provider secrets, instance-setting secrets, embedding-cache rows, and Redis cache payloads. Required for production. | — |
BIGRAG_MASTER_KEY_PREVIOUS | JSON array of old Fernet keys during staged key rotation. | [] |
BIGRAG_UPLOAD_DIR | Local ingestion staging directory. | ./data/uploads |
BIGRAG_TURBOPUFFER_API_KEY | Bootstrap Turbopuffer API key. Saved admin settings override it. | — |
BIGRAG_TURBOPUFFER_BASE_URL | Optional bootstrap Turbopuffer-compatible base URL. | — |
BIGRAG_TURBOPUFFER_REGION | Bootstrap Turbopuffer region slug. | aws-us-east-1 |
BIGRAG_TURBOPUFFER_NAMESPACE_PREFIX | Bootstrap Turbopuffer namespace prefix. | bigrag_ |
BIGRAG_CONVERSION_DEVICE | Docling inference device for OCR and layout models. Use cpu, auto, cuda, cuda:0, mps, or xpu. | cpu |
Two variables to note:
BIGRAG_DATABASE_URLpreserves Postgressslmodesettings. Usesslmode=require,verify-ca, orverify-fullfor hosted Postgres TLS; usesslmode=disableonly for local or trusted private networks.BIGRAG_MASTER_KEY_PREVIOUSis dual-read during rotation for encrypted secrets and API-key hash lookup. Keep old keys there until encrypted rows and minted API keys have been rewritten or replaced.
The admin UI has one frontend bootstrap value: point it at the API with VITE_BIGRAG_URL at build/dev time or BIGRAG_URL in the app container when frontend and backend are deployed separately.
Worker
Run background jobs with bigrag-worker. The worker reads the same BIGRAG_ environment and accepts these flags:
| Flag | Purpose |
|---|---|
--processes | Number of Dramatiq worker processes |
--threads | Threads per process |
--queues | Queue names to consume |
--config | Path to a TOML bootstrap file |
The worker parent runs database migrations once before spawning Dramatiq processes; child processes skip migration bootstrap. The local dev script and Docker Compose default to BIGRAG_WORKER_PROCESSES=5 and BIGRAG_WORKER_THREADS=8.
TOML bootstrap file
The CLI can also read a bigrag.toml file. Keep this file to bootstrap wiring:
env = "prod"
log_level = "info"
log_format = "json"
host = "0.0.0.0"
port = 4000
workers = 1
database_url = "postgres://bigrag:change-me@postgres:5432/bigrag?sslmode=disable"
redis_url = "redis://redis:6379/0"
master_key = "generate-a-fernet-key"
master_key_previous = []
upload_dir = "./data/uploads"
conversion_device = "cpu"Environment variables override TOML values. CLI flags passed to python -m bigrag.main override both.
Runtime settings
After the first admin account exists, the admin UI sends first-run operators to /onboarding to create one verified embedding preset and save Turbopuffer settings. The Turbopuffer step's Save and Finish action saves the vector settings and opens /overview.
Later, manage settings at:
| Location | What you configure |
|---|---|
/settings | Platform runtime settings |
/settings?tab=account | Account settings |
/settings?tab=health | Dependency health |
/settings?tab=security | Trusted proxies, provider URL allow-lists, embedding-cache mode, and private-network escape hatches. CORS origins and session-cookie policy are still supported, but managed from deployment config or the instance settings API instead of the Security tab. |
/settings?tab=data | Upload limits, OCR, queue depth, webhook delivery limits, and retention windows. |
/settings?tab=vector_store | Turbopuffer API key, public-region dropdown, namespace prefix, and optional compatible base URL for vector, keyword, and hybrid retrieval. |
/models | Default embedding provider, model, dimension, key, base URL, cache TTLs, chat provider, chat model, temperature, history count, and context budget. |
Turbopuffer is the search backend for every collection. Settings are stored in Postgres in the instance_settings table; secret settings are encrypted with BIGRAG_MASTER_KEY and redacted on read.
BIGRAG_CHAT_API_KEY can seed a default instance chat credential for OpenAI's standard API endpoint. For non-default chat_base_url values, configure a saved chat key in the admin UI or pass provider_api_key on chat requests so the instance fallback key is never sent to a custom provider.
The same settings are available through /v1/admin/settings. Database-backed admin settings apply immediately on save. Turbopuffer connection changes validate the new target before saving, then swap the runtime client in place where applicable.
Bootstrap Turbopuffer environment variables are useful for managed deploy templates. Values saved from the admin UI are stored in Postgres and override bootstrap defaults for both API and worker processes.
CLI flags
python -m bigrag.main accepts bootstrap overrides:
--config PATH Path to bigrag.toml
--host HOST Override server host
--port PORT Override server port
--database-url URL Override Postgres URL
--redis-url URL Override Redis URL