Configuration

Details
This page shows version v0.0.0 (dev). The current version can be found here.

The Oracle AI Optimizer and Toolkit (the AI Optimizer) requires some configuration to take full advantage of the AI capabilities in Oracle AI Database. Most settings can be configured through the application interface.

However, you can use environment variables to reduce how much needs to be configured manually and to enable features such as observability.

Getting Started

You can configure the application from the shell by exporting variables before startup. For example:

export AIO_DB_USERNAME=demo
export AIO_DB_PASSWORD=replace-with-your-password
export AIO_DB_DSN=localhost:1521/FREEPDB1

For a reusable, local configuration, an .env.* file is a better alternative. It keeps related settings together and avoids exporting them again in every shell session. Create one by copying the provided example:

cp src/.env.example src/.env.dev

Edit src/.env.dev and uncomment the settings you need. For example, to configure a CORE database connection:

AIO_DB_USERNAME=demo
AIO_DB_PASSWORD=replace-with-your-password
AIO_DB_DSN=localhost:1521/FREEPDB1

Configuring a valid CORE database with AIO_DB_USERNAME, AIO_DB_PASSWORD, and AIO_DB_DSN enables application settings persistence and provides the database access required by RAG, NL2SQL, and the Testbed. Models and other settings configured through the interface are then restored from the configured CORE database after a restart.

Shh… Secrets Inside!

Environment files can contain API keys, database credentials, wallet passwords, private-key material, and telemetry headers. Do not commit a populated environment file to source control. For shared or hosted environments, store these values using your deployment platform’s secret-management facilities.

How Configuration Works

Configuration is loaded, updated, and saved through the following paths:

flowchart TD
    exported["Shell, container, or pod AIO_* variables"] -->|Highest precedence| settings["AI Optimizer settings"]
    envfile["src/.env.{AIO_ENV}"] -->|Used when not already set| settings
    persisted["CORE database<br>Previously saved settings"] -->|Loaded when not overridden| settings
    defaults["Application defaults"] -->|Used when unset| settings
    interface["Application interface"] -->|Updates settings| settings
    settings -->|Saved when CORE is configured| persisted

Environment Variables

When the AI Optimizer starts, environment variables are read from the process environment or from a .env.{AIO_ENV} file in the src/ directory, as outlined above. In a POSIX shell, use export so that the application inherits the variables; shell-local variables are not part of the child process environment. Variables already present in the process environment are not overwritten by values in the environment file.

To select an environment file, export AIO_ENV before startup. For example, export AIO_ENV=prd loads src/.env.prd. If AIO_ENV is unset, it defaults to dev.

AIO_ENV valueFile loaded
dev (default)src/.env.dev
prdsrc/.env.prd
customsrc/.env.{custom}

Restart the affected component after changing a value.

The variables below are specific to the AI Optimizer and use the AIO_ prefix. Integrations such as OpenTelemetry and OpenInference also use their own environment variables; these are covered in the relevant integration documentation. TNS_ADMIN usage is covered under Database Configuration.

Application

VariableDescriptionDefault
AIO_ENVSelects the src/.env.{AIO_ENV} file and labels the deployment environment. Export it before startup.dev
AIO_LOG_LEVELPython logging levelINFO

Authentication

VariableDescriptionDefault
AIO_API_KEYAPI key for authenticating requests to the API Server. If unset, a key is generated at startup and displayed on the API Server page.(generated)

Database

These variables configure the CORE database connection. See Database Configuration for connection formats, wallet setup, and required privileges.

VariableDescriptionDefault
AIO_DB_USERNAMEDatabase username(none)
AIO_DB_PASSWORDDatabase password(none)
AIO_DB_DSNConnection string or TNS alias(none)
AIO_DB_WALLET_PASSWORDWallet password for mTLS connections(none)
AIO_DB_WALLET_LOCATIONPath to the wallet directory for mTLS connections(none)
AIO_DB_POOL_SIZEMaximum database connection pool size5

Server

VariableDescriptionDefault
AIO_SERVER_URLURL the client uses to reach the API Server(auto-detected)
AIO_SERVER_URL_PREFIXURL path prefix for the API Server, such as /optimizer(none)
AIO_SERVER_ADDRESSAPI Server bind address. The standalone server uses 0.0.0.0; client autostart uses 127.0.0.1. Clients should connect through AIO_SERVER_URL.component-specific
AIO_SERVER_PORTAPI Server listen port8000
AIO_SERVER_SSLEnables TLS for the API Serverfalse
AIO_SERVER_SSL_CERT_FILEPath to a TLS certificate in PEM format. When TLS is enabled without a certificate, a self-signed certificate is generated.(none)
AIO_SERVER_SSL_KEY_FILEPath to the TLS private key in PEM format(none)
AIO_SERVER_READY_TIMEOUTSeconds the client waits for the API Server to become ready at startup180
AIO_MAX_CLIENTSMaximum number of distinct client sessions cached in memory64

Client

VariableDescriptionDefault
AIO_CLIENT_ADDRESSClient listen addresslocalhost
AIO_CLIENT_URL_PREFIXURL path prefix for the Client(none)
AIO_CLIENT_PORTClient listen port8501
AIO_CLIENT_COOKIE_SECRETSigning key for the client’s XSRF cookies. Multi-replica deployments must provide the same value to every replica.(none)
AIO_CLIENT_PASSWORDShared password gating configuration and shared-state controls in the GUI client. This does not replace API Server authentication. See Collaboration & Multi-User.(none)
AIO_CLIENT_SSLEnables TLS for the Clientfalse
AIO_CLIENT_SSL_CERT_FILEPath to a TLS certificate in PEM format(none)
AIO_CLIENT_SSL_KEY_FILEPath to a TLS private key in PEM format(none)

OCI CLI Overrides

These settings populate the DEFAULT OCI profile. See OCI Configuration for authentication requirements and supported authentication types.

VariableDescriptionDefault
AIO_OCI_CLI_AUTHAuthentication type, such as api_key or instance_principal(none)
AIO_OCI_CLI_TENANCYTenancy OCID(none)
AIO_OCI_CLI_REGIONOCI region(none)
AIO_OCI_CLI_USERUser OCID(none)
AIO_OCI_CLI_FINGERPRINTAPI key fingerprint(none)
AIO_OCI_CLI_KEY_FILEPath to a private key in PEM format(none)
AIO_OCI_CLI_KEY_CONTENTInline private-key content(none)
AIO_OCI_CLI_PASSPHRASEPrivate-key passphrase(none)
AIO_OCI_CLI_SECURITY_TOKEN_FILEPath to a security-token file(none)

OCI GenAI

VariableDescriptionDefault
AIO_GENAI_COMPARTMENT_IDCompartment OCID for OCI GenAI inference(none)
AIO_GENAI_REGIONRegion for the OCI GenAI service endpoint(none)

OCI Object Storage Source Lock

Pin the Split & Embed tab’s OCI source compartment and, optionally, its bucket for every user of the deployment. The compartment must resolve against the active OCI profile. The bucket is only applied when the compartment resolves and the bucket exists in that compartment.

VariableDescriptionDefault
AIO_OCI_SOURCE_BUCKET_COMPARTMENT_IDCompartment OCID pinned as the Split & Embed source compartment. When the OCID resolves, the compartment selector is locked for all users.(none)
AIO_OCI_SOURCE_BUCKET_NAMEBucket pinned within the configured source compartment. If the compartment does not resolve or the bucket does not exist there, this value is ignored.(none)

Model Overrides

These settings provide API keys or service URLs and enable matching built-in models at startup.

VariableDescriptionDefault
AIO_COHERE_API_KEYCohere API key(none)
AIO_OPENAI_API_KEYOpenAI API key(none)
AIO_PPLX_API_KEYPerplexity AI API key(none)
AIO_ON_PREM_OLLAMA_URLOllama API URL, such as http://127.0.0.1:11434(none)
AIO_ON_PREM_HF_URLHugging Face TEI URL, such as http://127.0.0.1:8080(none)
AIO_ON_PREM_VLLM_URLvLLM API URL, such as http://localhost:8000/v1(none)

NL2SQL

VariableDescriptionDefault
AIO_SQLCL_HOMEOverrides the SQLcl connection-store directory(temporary directory)

Observability

VariableDescriptionDefault
AIO_OTEL_LOGS_ENABLEDEnables application log export after OTLP tracing has been configuredfalse

OpenTelemetry endpoints, protocols, exporters, sampling, and OpenInference payload visibility use their standard integration variables. See Observability for the supported settings and deployment examples.

Containers and Kubernetes

Container

Pass the environment file when starting the container:

podman run --env-file src/.env.dev -p 8501:8501 -it --rm ai-optimizer-aio

Kubernetes

When using Kubernetes, configure the application through the first-class Helm values and Kubernetes Secrets. The chart translates these values into application or integration variables and can also be embedded as a subchart without requiring the same setting in two places.