TapPass is configured via environment variables with the TAPPASS_ prefix.
| Variable | Description |
|---|
TAPPASS_PRODUCTION=1 | Enable production hardening |
TAPPASS_ADMIN_API_KEY | Admin API key (starts with tp_) |
TAPPASS_JWT_SECRET | JWT signing secret (48+ chars) |
TAPPASS_VAULT_KEY | AES-256 key for credential encryption |
DATABASE_URL | PostgreSQL connection string |
| Variable | Default | Description |
|---|
TAPPASS_PORT | 9620 | Server port |
TAPPASS_KV_URL | (memory) | Redis URL for multi-worker state |
TAPPASS_OPA_URL | http://localhost:8181 | OPA sidecar URL |
TAPPASS_LLM_JUDGE_MODEL | (none) | LLM model for classification judge |
TAPPASS_CORS_ORIGINS | (none) | Allowed CORS origins |
TAPPASS_EU_DATA_RESIDENCY | false | Restrict to EU model providers |
OPENAI_API_KEY | (none) | For LLM judge and gateway |
When TAPPASS_PRODUCTION=1:
- Refuses to start without
JWT_SECRET and ADMIN_API_KEY
- Hides OpenAPI docs (
/docs, /openapi.json)
- Enforces HSTS, CSP, X-Frame-Options
- Strips the
Server header
| Mode | Config | Use case |
|---|
| Memory | Nothing needed | Development, CI |
| PostgreSQL | DATABASE_URL=postgresql:/... | Self-hosted production |
| Supabase | SUPABASE_URL + SUPABASE_KEY | Managed production |
| Endpoint | Type | Purpose |
|---|
/health/live | Liveness | Process alive check (no dependency checks) |
/health/ready | Readiness | Checks DB, OPA, Redis: returns 503 if not ready |
/health/startup | Startup | Checks DB, OPA, Presidio model loaded: returns 503 until ready |
/health | Legacy | Same as readiness (backward compatible) |
/health/detailed | Diagnostic | Full system status (requires auth) |
| Variable | Default | Description |
|---|
OTEL_EXPORTER_OTLP_ENDPOINT | (disabled) | OTLP collector endpoint (e.g. http://otel-collector:4317) |
OTEL_TRACES_CONSOLE | false | Print spans to stdout (local debugging) |
When enabled, every pipeline execution creates a parent span tappass.pipeline with child spans per step. Incoming traceparent headers are propagated for end-to-end distributed tracing.
| Variable | Default | Description |
|---|
TAPPASS_FAIL_MODE | fail_closed | fail_closed, fail_open_cached, or fail_open_logged |
TAPPASS_CACHE_TTL | 300 | Seconds cached responses are valid in degraded mode |
TAPPASS_MAX_OFFLINE_REQUESTS | 100 | Max calls allowed in degraded mode (0 = unlimited) |
TAPPASS_LOCAL_AUDIT_PATH | .tappass_audit_buffer.jsonl | Local audit buffer for degraded calls |
TAPPASS_CIRCUIT_FAILURE_THRESHOLD | 3 | Consecutive failures before circuit opens |
TAPPASS_CIRCUIT_RECOVERY_TIMEOUT | 30 | Seconds before circuit transitions to half-open |
| Variable | Description |
|---|
TAPPASS_SSO_PROVIDER | google, azure, okta |
TAPPASS_SSO_CLIENT_ID | OIDC client ID |
TAPPASS_SSO_CLIENT_SECRET | OIDC client secret |
TAPPASS_SAML_ENABLED | Enable SAML 2.0 |
See the SSO guide for full configuration.
