# MemPalace remote server environment. # Copy to deploy/.env (compose) or /etc/mempalace/server.env (systemd) and edit. # Keep this file readable only by the service account: chmod 600. # --- Required for a network-exposed (0.0.0.0) bind ------------------------------ # Clients send: Authorization: Bearer . Generate a strong secret: # openssl rand -hex 32 MEMPALACE_MCP_HTTP_TOKEN= # --- Storage backend ------------------------------------------------------------ # The team server should use a networked backend so the palace is shared. MEMPALACE_BACKEND=qdrant MEMPALACE_QDRANT_URL=http://qdrant:6333 # MEMPALACE_QDRANT_API_KEY= # --- Embedding ------------------------------------------------------------------ # auto | cpu | cuda | dml | coreml. Use cuda on a GPU host (needs the GPU image). MEMPALACE_EMBEDDING_DEVICE=auto # --- Optional: native TLS (otherwise terminate TLS at a reverse proxy) ---------- # Point these at a PEM cert/key the service account can read. When set, serve # speaks HTTPS directly and clients connect to https://... # MEMPALACE_MCP_TLS_CERT=/etc/mempalace/tls/cert.pem # MEMPALACE_MCP_TLS_KEY=/etc/mempalace/tls/key.pem # --- Palace location (systemd / bare-metal) ------------------------------------- # In Docker the palace lives on the mempalace-data volume by default. # MEMPALACE_PALACE_PATH=/var/lib/mempalace/palace