Skip to main content

Environment Variables

This page lists common environment variables used when integrating Custodian Labs into your application.

Do not commit secret values to version control.

User-Facing Integration Variables

Use these when calling Custodian Labs from your own application.

VariableRequiredUsed byDescription
CUSTODIAN_API_KEYYesGuardian Layer API examplesYour Custodian Labs API key. Use this name in curl or backend examples.
CUSTODIAN_API_BASE_URLUsuallyGuardian Layer API examplesBase URL for Guardian Layer API requests.
CUSTODIAN_SDK_API_KEYYesPython SDKAPI key read by the Python SDK.
CUSTODIAN_SDK_BASE_URLNoPython SDKAssistant API base URL override. Defaults to the production platform endpoint.
CUSTODIAN_MASKING_BASE_URLNoPython SDK Guardian Layer helperGuardian Layer base URL override. Defaults to the production privacy endpoint.

Legacy SDK variables may still work as fallbacks:

Legacy variablePrefer
AI_SDK_API_KEYCUSTODIAN_SDK_API_KEY
AI_SDK_BASE_URLCUSTODIAN_SDK_BASE_URL
GUARDIAN_LAYER_BASE_URLCUSTODIAN_MASKING_BASE_URL

Dashboard Testing Variables

Most dashboard users do not need to set dashboard environment variables. These values are relevant only when your team is running a dashboard environment for development, preview, or internal testing.

VariableUsed byDescription
NEXT_PUBLIC_API_TEST_ENDPOINTDashboard API TestingDefault text API endpoint used by API Testing.
NEXT_PUBLIC_FILE_TEST_BASE_URLDashboard file testingBase URL used by dashboard file testing.

Internal deployment secrets, billing provider secrets, database service credentials, and infrastructure keys are intentionally not documented here. Use your team's private deployment runbook for those values.

Optional Assistant Settings

These values are used only if your application or deployment needs custom model or masking behavior.

VariableRequiredDescription
OPENAI_API_KEYOptional for BYO/model-provider setupsModel provider key used only when your environment is configured to use your own model provider.
OPENAI_BASE_URLNoOpenAI-compatible API base URL override.
PII_MASKING_DOMAINNoDefault privacy masking domain, such as General.
PII_MASKING_ENTITIESNoDefault PII entity list for masking workflows.

Security Notes

  • Store API keys in backend environment variables or a secret manager.
  • Restart your application after changing environment variables.
  • Do not expose Custodian Labs or model-provider keys in browser-side code.
  • Use production values for production deployments and test values for local testing.
  • Ask your team's engineering or platform owner for internal deployment secrets.