Configuration
Configure feature flags and environment variables for your deployment
This guide explains how to configure Meeting BaaS v2 for your self-hosted deployment using feature flags and environment variables.
Feature Flags Overview
Feature flags control which functionality is enabled in your deployment. All flags default to false, making minimal deployments straightforward.
Feature Flag Reference
| Flag | Default | Description | Required Services |
|---|---|---|---|
SELF_HOSTED | false | Enable self-hosted mode (simplified configuration) | - |
ENABLE_STRIPE | false | Enable Stripe billing, subscriptions, and token system | Stripe account |
ENABLE_SVIX | false | Enable SVIX managed webhooks (otherwise use direct callbacks) | SVIX instance |
ENABLE_CALENDAR | false | Enable Google/Microsoft calendar integration | OAuth credentials |
ENABLE_MULTI_TENANT | false | Enable multi-tenant mode (teams, multiple users) | - |
ENABLE_DASHBOARD | false | Enable frontend dashboard (BFF and internal routes) | OAuth credentials |
ENABLE_TRANSCRIPTION | false | Enable Gladia transcription service | Gladia API key |
ENABLE_EMAIL | false | Enable Resend email notifications | Resend API key |
Configuration Files
Feature flags are configured in your environment override files:
environment-overrides/api_server_v2_chart/prod.yaml- API server configurationenvironment-overrides/job_v2_chart/prod.yaml- Background jobs configuration
Deployment Modes
Single-Tenant Self-Hosted (Minimal)
Perfect for organizations that need a single team with unlimited usage:
# environment-overrides/api_server_v2_chart/prod.yaml
featureFlags:
selfHosted: true
enableStripe: false
enableSvix: false
enableCalendar: false
enableMultitenant: false
enableDashboard: false
enableTranscription: false
enableEmail: false
selfHosted:
staticApiKey: "your-secure-api-key-here"
staticTeamId: "your-team-id"What's Enabled:
- Bot creation via
/v2/botsendpoint - Scheduled bots via
/v2/bots/scheduledendpoint - Direct webhook callbacks (via
callback_urlin bot config) - Unlimited bot usage (no token billing)
- Recording and video artifacts
What's Disabled:
- SVIX managed webhooks
- Stripe billing and token system
- Calendar integration
- Frontend dashboard
- Email notifications
- Multi-tenant features (team creation, deletion, invitations)
- Team deletion background job
Single-Tenant with Dashboard
For organizations that want the frontend dashboard without multi-tenancy:
featureFlags:
selfHosted: true
enableMultitenant: false
enableDashboard: true # Enable dashboard
enableStripe: false
enableSvix: false
enableCalendar: false
enableTranscription: false
enableEmail: false
selfHosted:
staticApiKey: "your-secure-api-key-here"
staticTeamId: "your-team-id"
dashboard:
masterAdminEmail: "admin@yourcompany.com" # User to auto-promote to adminAdditional Requirements:
- OAuth credentials (Google and/or GitHub)
BETTER_AUTH_SECRET(authentication secret)
Multi-Tenant Self-Hosted
For organizations that need multiple teams and user management:
featureFlags:
selfHosted: true
enableMultitenant: true # Enable multi-tenant
enableDashboard: true # Usually enabled with multi-tenant
enableStripe: false # Optional: enable for billing
enableSvix: false
enableCalendar: false
enableTranscription: false
enableEmail: falseNote: When ENABLE_MULTI_TENANT=true, you don't need STATIC_API_KEY or STATIC_TEAM_ID. Teams are created dynamically.
Environment Variables
Required Variables
These are always required, regardless of feature flags:
secret:
# Database
database_url: "postgres://user:password@host:port/database"
# Redis
redis_url: "redis://user:password@host:port"
# SQS Queues
sqs_queue_url_zoom: "https://sqs.region.amazonaws.com/account/queue-name"
sqs_queue_url_meet_teams: "https://sqs.region.amazonaws.com/account/queue-name"
aws_access_key_id_sqs: "your-sqs-access-key"
aws_secret_access_key_sqs: "your-sqs-secret-key"
# S3 Storage
aws_access_key_id: "your-s3-access-key"
aws_secret_access_key: "your-s3-secret-key"
# Bot encryption (for transcription API keys)
bot_encryption_secret: "generate-a-random-32-byte-key"Optional Variables
These are only needed when specific features are enabled:
When ENABLE_DASHBOARD=true
secret:
better_auth_secret: "generate-a-random-secret" # Required for dashboard
google_id: "your-google-oauth-client-id"
google_secret: "your-google-oauth-client-secret"
github_id: "your-github-oauth-client-id"
github_secret: "your-github-oauth-client-secret"
configmap:
frontend_baseurl: "https://dashboard.yourcompany.com"
trusted_origins: "https://yourcompany.com,https://dashboard.yourcompany.com"When ENABLE_CALENDAR=true
secret:
calendar_credentials_key: "generate-a-random-32-byte-key" # For encrypting OAuth tokens
google_id: "your-google-oauth-client-id"
google_secret: "your-google-oauth-client-secret"
# Microsoft OAuth configured via Azure AD
configmap:
api_server_baseurl: "https://api.yourcompany.com" # Used for webhook URLsWhen ENABLE_TRANSCRIPTION=true
secret:
gladia_api_key: "your-gladia-api-key"
configmap:
aws_s3_audio_chunks_bucket: "your-audio-chunks-bucket"When ENABLE_EMAIL=true
secret:
resend_api_key: "your-resend-api-key"
configmap:
resend_email_from: "Meeting BaaS <noreply@yourcompany.com>"
support_email: "support@yourcompany.com"When ENABLE_SVIX=true
secret:
svix_jwt_secret: "your-svix-jwt-secret"
configmap:
svix_url: "http://svix.services.svc.cluster.local:8071" # Or external URLWhen ENABLE_STRIPE=true
secret:
stripe_secret_key: "sk_live_..."
stripe_webhook_secret: "whsec_..."
configmap:
stripe_pro_subscription_product_id: "prod_..."
stripe_pro_subscription_price_id: "price_..."
# ... other Stripe product/price IDsConfigMap Variables
Common configuration values:
configmap:
# Server configuration
port: "3001"
host: "0.0.0.0"
node_env: "production"
environ: "prod"
log_level: "info" # or "debug" for troubleshooting
# API URLs
api_server_baseurl: "https://api.yourcompany.com"
frontend_baseurl: "https://dashboard.yourcompany.com" # If dashboard enabled
domain: ".yourcompany.com"
trusted_origins: "https://yourcompany.com,https://api.yourcompany.com"
# AWS/S3 Configuration
aws_region: "us-east-1"
aws_default_region: "us-east-1"
aws_endpoint_url: "https://s3.us-east-1.amazonaws.com"
aws_endpoint_url_sqs: "https://sqs.us-east-1.amazonaws.com"
# S3 Buckets
aws_s3_artifacts_bucket: "your-company-meeting-baas-artifacts"
aws_s3_logs_bucket: "your-company-meeting-baas-logs"
aws_s3_audio_chunks_bucket: "your-company-meeting-baas-audio-chunks" # If transcription enabled
aws_s3_logo_bucket: "your-company-meeting-baas-logo" # Optional
aws_s3_support_bucket: "your-company-meeting-baas-support" # OptionalBackground Jobs Configuration
Background jobs are configured in environment-overrides/job_v2_chart/prod.yaml:
featureFlags:
enableCalendar: false # Must match api_server_v2_chart
enableMultitenant: false # Must match api_server_v2_chart
enableTranscription: false # Must match api_server_v2_chart
enableEmail: false # Must match api_server_v2_chartImportant: Job chart feature flags should match the API server chart flags.
Jobs That Run
Based on feature flags:
Always Running:
scheduled-bot-job- Creates bots for scheduled meetings (every minute)data-retention-deletion-job- Deletes old bot data (daily)
When ENABLE_CALENDAR=true:
calendar-bot-job- Creates bots for calendar events (every minute)microsoft-calendar-resubscription-job- Renews Microsoft subscriptions (every 6 hours)google-calendar-resubscription-job- Renews Google subscriptions (every 6 hours)calendar-materialization-job- Materializes calendar events (daily)
When ENABLE_MULTI_TENANT=true:
team-permanent-deletion-job- Deletes soft-deleted teams (daily at 9 AM UTC)
Generating Secrets
Bot Encryption Secret
# Generate 32-byte key (base64 encoded)
openssl rand -base64 32Calendar Credentials Key
# Generate 32-byte key (base64 encoded)
openssl rand -base64 32Better Auth Secret
# Generate random secret
openssl rand -hex 32Static API Key
For single-tenant mode, generate a secure API key:
# Generate random key (64 characters)
openssl rand -hex 32Use this as your STATIC_API_KEY value.
Configuration Checklist
Before deploying, verify:
API Server Chart
- Feature flags set correctly
-
staticApiKeyset (if single-tenant) -
staticTeamIdset (if single-tenant) -
masterAdminEmailset (if dashboard enabled) - All required secrets filled in
- ConfigMap values updated (domain, URLs, etc.)
- Node selector matches your pool name
- Image repository points to your registry
Job Chart
- Feature flags match API server chart
- Database URL set
- Required secrets filled in (based on enabled features)
- Node selector matches your pool name
- Image repository points to your registry
Bot Charts
- Node selector matches bots pool name
- SQS queue URLs set
- S3 bucket names set
- Image repository points to your registry
Video Device Plugin
- Node selector matches bots pool name
- Image repository points to your registry
Environment-Specific Configuration
Development/Staging
configmap:
log_level: "debug"
environ: "dev"
api_server_baseurl: "https://api-dev.yourcompany.com"Production
configmap:
log_level: "info"
environ: "prod"
api_server_baseurl: "https://api.yourcompany.com"Next Steps
- Deployment - Deploy the platform using the provided scripts
- Upgrades - Learn how to upgrade your deployment
