Environment Variables
This page lists common environment variables used when integrating Custodian Labs into your application.
Do not commit secret values to version control.
User-Facing Integration Variables
Use these when calling Custodian Labs from your own application.
| Variable | Required | Used by | Description |
|---|---|---|---|
CUSTODIAN_API_KEY | Yes | Guardian Layer API examples | Your Custodian Labs API key. Use this name in curl or backend examples. |
CUSTODIAN_API_BASE_URL | Usually | Guardian Layer API examples | Base URL for Guardian Layer API requests. |
CUSTODIAN_SDK_API_KEY | Yes | Python SDK | API key read by the Python SDK. |
CUSTODIAN_SDK_BASE_URL | No | Python SDK | Assistant API base URL override. Defaults to the production platform endpoint. |
CUSTODIAN_MASKING_BASE_URL | No | Python SDK Guardian Layer helper | Guardian Layer base URL override. Defaults to the production privacy endpoint. |
Legacy SDK variables may still work as fallbacks:
| Legacy variable | Prefer |
|---|---|
AI_SDK_API_KEY | CUSTODIAN_SDK_API_KEY |
AI_SDK_BASE_URL | CUSTODIAN_SDK_BASE_URL |
GUARDIAN_LAYER_BASE_URL | CUSTODIAN_MASKING_BASE_URL |
Dashboard Testing Variables
Most dashboard users do not need to set dashboard environment variables. These values are relevant only when your team is running a dashboard environment for development, preview, or internal testing.
| Variable | Used by | Description |
|---|---|---|
NEXT_PUBLIC_API_TEST_ENDPOINT | Dashboard API Testing | Default text API endpoint used by API Testing. |
NEXT_PUBLIC_FILE_TEST_BASE_URL | Dashboard file testing | Base URL used by dashboard file testing. |
Internal deployment secrets, billing provider secrets, database service credentials, and infrastructure keys are intentionally not documented here. Use your team's private deployment runbook for those values.
Optional Assistant Settings
These values are used only if your application or deployment needs custom model or masking behavior.
| Variable | Required | Description |
|---|---|---|
OPENAI_API_KEY | Optional for BYO/model-provider setups | Model provider key used only when your environment is configured to use your own model provider. |
OPENAI_BASE_URL | No | OpenAI-compatible API base URL override. |
PII_MASKING_DOMAIN | No | Default privacy masking domain, such as General. |
PII_MASKING_ENTITIES | No | Default PII entity list for masking workflows. |
Security Notes
- Store API keys in backend environment variables or a secret manager.
- Restart your application after changing environment variables.
- Do not expose Custodian Labs or model-provider keys in browser-side code.
- Use production values for production deployments and test values for local testing.
- Ask your team's engineering or platform owner for internal deployment secrets.