Warning: If you are not a developer, you should not set environment variables directly. Instead, you should use the in-app interface to manage environment variables.
Desktop:
If you are using AnythingLLM Desktop, do not edit the .env
file. This guide is only for users who are using AnythingLLM Self-hosted or Docker.
Configuration of AnythingLLM
In general, the majority of configurations you can set are through environment variables and there is typically an associated in-app interface to manage these settings so you don't have to edit them directly.
However, there are a few configurations that are not configurable via the in-app interface and require you to set environment variables directly. These are usually for more niche use cases that most users will not need.
Tip: After you set these environment variables, you will need to restart the AnythingLLM service or container for the changes to take effect.
Disable View Chat History
Modification of the DISABLE_VIEW_CHAT_HISTORY
environment variable allows you to disable the frontend ability to view chat history by anyone with an account on the instance as well as the instance administrator.
This blocks any user, including yourself, from viewing chat history from users using the AnythingLLM chat interface and via external embed widgets.
- This does not impact users from seeing their own chat histories in chat or the LLM from being able to use them for continuous conversations.
- This does not impact the ability to use API keys to access chat histories via the associated API endpoints.
- This will impact the ability to export chat histories via the in-app interface as well as the ability to delete chat histories.
- Chat history is not deleted when this is enabled. It is simply hidden and blocked from being viewed via the frontend admin interfaces.
Enable
Set the DISABLE_VIEW_CHAT_HISTORY
environment variable to any value to enable.
# This can be any value, number, boolean, or string and it will have the same effect.
DISABLE_VIEW_CHAT_HISTORY="enable"
Disable
Fully remove or comment out the DISABLE_VIEW_CHAT_HISTORY
environment variable to return to the default behavior.
Simple SSO Passthrough
Important: You should use an independent API key for using this feature so you can revoke it if needed. This feature configuration is best used for internally facing AnythingLLM instances that are not exposed to the public internet for the best security practices.
Modification of the SIMPLE_SSO_ENABLED
environment variable allows easily enable third party SSO solutions that do not require a full OAuth integration. This environment variable
will enable you to generate a temporary authentication link per user that can be visited in browser to automatically login the user.
This feature is most useful for when you have AnythingLLM as a simple sub-service within a much larger system and you want to leverage existing user authentication flows within that system and want to provide a seamless login experience for your users to your AnythingLLM instance.
Prerequisites
- Your instance must be in multi-user mode to use this feature.
- You should provision an API key for AnythingLLM so you can create new users as well as issue temporary authentication links for users.
- The user must already exist within AnythingLLM before using this feature. You can create a user via the in-app interface or the API.
Enable
Set the SIMPLE_SSO_ENABLED
environment variable to any value to enable.
# This can be any value, number, boolean, or string and it will have the same effect.
SIMPLE_SSO_ENABLED="enable"
Integration
Once enabled, you can issue a temporary authentication link for a user leveraging the /v1/users/{id}/issue-auth-token
endpoint via the AnythingLLM API.
You simply need to provide the user ID and the API key you created earlier to generate a temporary authentication token that can be used by the target user to login to AnythingLLM.
curl -X POST "https://your-anythingllm-instance.com/v1/users/{id}/issue-auth-token" \
-H "Authorization: Bearer {api_key}"
# Example Response
# {
# "token": "1234567890",
# "loginPath": "/sso/simple?token=1234567890"
# }
Now, the user can visit the provided loginPath
URL in their browser to be automatically logged in to AnythingLLM!
https://your-anythingllm-instance.com/sso/simple?token=1234567890
All temporary authentication tokens expire after 1 hour and are single-use only. Once logged in, the user sessions will be valid for 30 days.
The user will be redirected to the home page of AnythingLLM after logging in.
You can optionally redirect the user to a different URL after logging in by appending &redirectTo={path/to/redirect}
to the query string of the login path.
For example:
https://your-anythingllm-instance.com/sso/simple?token=1234567890&redirectTo=/workspaces/sample-workspace
Will redirect the user to the /workspaces/sample-workspace
chat page after logging in. This can be useful if you want to redirect the user to a specific workspace they have access to after logging in.
Disable
Fully remove or comment out the SIMPLE_SSO_ENABLED
environment variable to return to the default behavior.