Configuration

Configure feature flags and environment variables for your deployment

This guide explains how to configure Meeting BaaS v2 for your self-hosted deployment using feature flags and environment variables.

Feature Flags Overview

Feature flags control which functionality is enabled in your deployment. All flags default to false, making minimal deployments straightforward.

Feature Flag Reference

FlagDefaultDescriptionRequired Services
SELF_HOSTEDfalseEnable self-hosted mode (simplified configuration)-
ENABLE_STRIPEfalseEnable Stripe billing, subscriptions, and token systemStripe account
ENABLE_SVIXfalseEnable SVIX managed webhooks (otherwise use direct callbacks)SVIX instance
ENABLE_CALENDARfalseEnable Google/Microsoft calendar integrationOAuth credentials
ENABLE_MULTI_TENANTfalseEnable multi-tenant mode (teams, multiple users)-
ENABLE_DASHBOARDfalseEnable frontend dashboard (BFF and internal routes)OAuth credentials
ENABLE_TRANSCRIPTIONfalseEnable Gladia transcription serviceGladia API key
ENABLE_EMAILfalseEnable Resend email notificationsResend API key

Configuration Files

Feature flags are configured in your environment override files:

  • environment-overrides/api_server_v2_chart/prod.yaml - API server configuration
  • environment-overrides/job_v2_chart/prod.yaml - Background jobs configuration

Deployment Modes

Single-Tenant Self-Hosted (Minimal)

Perfect for organizations that need a single team with unlimited usage:

# environment-overrides/api_server_v2_chart/prod.yaml
featureFlags:
  selfHosted: true
  enableStripe: false
  enableSvix: false
  enableCalendar: false
  enableMultitenant: false
  enableDashboard: false
  enableTranscription: false
  enableEmail: false

selfHosted:
  staticApiKey: "your-secure-api-key-here"
  staticTeamId: "your-team-id"

What's Enabled:

  • Bot creation via /v2/bots endpoint
  • Scheduled bots via /v2/bots/scheduled endpoint
  • Direct webhook callbacks (via callback_url in bot config)
  • Unlimited bot usage (no token billing)
  • Recording and video artifacts

What's Disabled:

  • SVIX managed webhooks
  • Stripe billing and token system
  • Calendar integration
  • Frontend dashboard
  • Email notifications
  • Multi-tenant features (team creation, deletion, invitations)
  • Team deletion background job

Single-Tenant with Dashboard

For organizations that want the frontend dashboard without multi-tenancy:

featureFlags:
  selfHosted: true
  enableMultitenant: false
  enableDashboard: true  # Enable dashboard
  enableStripe: false
  enableSvix: false
  enableCalendar: false
  enableTranscription: false
  enableEmail: false

selfHosted:
  staticApiKey: "your-secure-api-key-here"
  staticTeamId: "your-team-id"

dashboard:
  masterAdminEmail: "admin@yourcompany.com"  # User to auto-promote to admin

Additional Requirements:

  • OAuth credentials (Google and/or GitHub)
  • BETTER_AUTH_SECRET (authentication secret)

Multi-Tenant Self-Hosted

For organizations that need multiple teams and user management:

featureFlags:
  selfHosted: true
  enableMultitenant: true  # Enable multi-tenant
  enableDashboard: true    # Usually enabled with multi-tenant
  enableStripe: false     # Optional: enable for billing
  enableSvix: false
  enableCalendar: false
  enableTranscription: false
  enableEmail: false

Note: When ENABLE_MULTI_TENANT=true, you don't need STATIC_API_KEY or STATIC_TEAM_ID. Teams are created dynamically.

Environment Variables

Required Variables

These are always required, regardless of feature flags:

secret:
  # Database
  database_url: "postgres://user:password@host:port/database"
  
  # Redis
  redis_url: "redis://user:password@host:port"
  
  # SQS Queues
  sqs_queue_url_zoom: "https://sqs.region.amazonaws.com/account/queue-name"
  sqs_queue_url_meet_teams: "https://sqs.region.amazonaws.com/account/queue-name"
  aws_access_key_id_sqs: "your-sqs-access-key"
  aws_secret_access_key_sqs: "your-sqs-secret-key"
  
  # S3 Storage
  aws_access_key_id: "your-s3-access-key"
  aws_secret_access_key: "your-s3-secret-key"
  
  # Bot encryption (for transcription API keys)
  bot_encryption_secret: "generate-a-random-32-byte-key"

Optional Variables

These are only needed when specific features are enabled:

When ENABLE_DASHBOARD=true

secret:
  better_auth_secret: "generate-a-random-secret"  # Required for dashboard
  google_id: "your-google-oauth-client-id"
  google_secret: "your-google-oauth-client-secret"
  github_id: "your-github-oauth-client-id"
  github_secret: "your-github-oauth-client-secret"

configmap:
  frontend_baseurl: "https://dashboard.yourcompany.com"
  trusted_origins: "https://yourcompany.com,https://dashboard.yourcompany.com"

When ENABLE_CALENDAR=true

secret:
  calendar_credentials_key: "generate-a-random-32-byte-key"  # For encrypting OAuth tokens
  google_id: "your-google-oauth-client-id"
  google_secret: "your-google-oauth-client-secret"
  # Microsoft OAuth configured via Azure AD

configmap:
  api_server_baseurl: "https://api.yourcompany.com"  # Used for webhook URLs

When ENABLE_TRANSCRIPTION=true

secret:
  gladia_api_key: "your-gladia-api-key"

configmap:
  aws_s3_audio_chunks_bucket: "your-audio-chunks-bucket"

When ENABLE_EMAIL=true

secret:
  resend_api_key: "your-resend-api-key"

configmap:
  resend_email_from: "Meeting BaaS <noreply@yourcompany.com>"
  support_email: "support@yourcompany.com"

When ENABLE_SVIX=true

secret:
  svix_jwt_secret: "your-svix-jwt-secret"

configmap:
  svix_url: "http://svix.services.svc.cluster.local:8071"  # Or external URL

When ENABLE_STRIPE=true

secret:
  stripe_secret_key: "sk_live_..."
  stripe_webhook_secret: "whsec_..."

configmap:
  stripe_pro_subscription_product_id: "prod_..."
  stripe_pro_subscription_price_id: "price_..."
  # ... other Stripe product/price IDs

ConfigMap Variables

Common configuration values:

configmap:
  # Server configuration
  port: "3001"
  host: "0.0.0.0"
  node_env: "production"
  environ: "prod"
  log_level: "info"  # or "debug" for troubleshooting
  
  # API URLs
  api_server_baseurl: "https://api.yourcompany.com"
  frontend_baseurl: "https://dashboard.yourcompany.com"  # If dashboard enabled
  domain: ".yourcompany.com"
  trusted_origins: "https://yourcompany.com,https://api.yourcompany.com"
  
  # AWS/S3 Configuration
  aws_region: "us-east-1"
  aws_default_region: "us-east-1"
  aws_endpoint_url: "https://s3.us-east-1.amazonaws.com"
  aws_endpoint_url_sqs: "https://sqs.us-east-1.amazonaws.com"
  
  # S3 Buckets
  aws_s3_artifacts_bucket: "your-company-meeting-baas-artifacts"
  aws_s3_logs_bucket: "your-company-meeting-baas-logs"
  aws_s3_audio_chunks_bucket: "your-company-meeting-baas-audio-chunks"  # If transcription enabled
  aws_s3_logo_bucket: "your-company-meeting-baas-logo"  # Optional
  aws_s3_support_bucket: "your-company-meeting-baas-support"  # Optional

Background Jobs Configuration

Background jobs are configured in environment-overrides/job_v2_chart/prod.yaml:

featureFlags:
  enableCalendar: false      # Must match api_server_v2_chart
  enableMultitenant: false   # Must match api_server_v2_chart
  enableTranscription: false # Must match api_server_v2_chart
  enableEmail: false         # Must match api_server_v2_chart

Important: Job chart feature flags should match the API server chart flags.

Jobs That Run

Based on feature flags:

Always Running:

  • scheduled-bot-job - Creates bots for scheduled meetings (every minute)
  • data-retention-deletion-job - Deletes old bot data (daily)

When ENABLE_CALENDAR=true:

  • calendar-bot-job - Creates bots for calendar events (every minute)
  • microsoft-calendar-resubscription-job - Renews Microsoft subscriptions (every 6 hours)
  • google-calendar-resubscription-job - Renews Google subscriptions (every 6 hours)
  • calendar-materialization-job - Materializes calendar events (daily)

When ENABLE_MULTI_TENANT=true:

  • team-permanent-deletion-job - Deletes soft-deleted teams (daily at 9 AM UTC)

Generating Secrets

Bot Encryption Secret

# Generate 32-byte key (base64 encoded)
openssl rand -base64 32

Calendar Credentials Key

# Generate 32-byte key (base64 encoded)
openssl rand -base64 32

Better Auth Secret

# Generate random secret
openssl rand -hex 32

Static API Key

For single-tenant mode, generate a secure API key:

# Generate random key (64 characters)
openssl rand -hex 32

Use this as your STATIC_API_KEY value.

Configuration Checklist

Before deploying, verify:

API Server Chart

  • Feature flags set correctly
  • staticApiKey set (if single-tenant)
  • staticTeamId set (if single-tenant)
  • masterAdminEmail set (if dashboard enabled)
  • All required secrets filled in
  • ConfigMap values updated (domain, URLs, etc.)
  • Node selector matches your pool name
  • Image repository points to your registry

Job Chart

  • Feature flags match API server chart
  • Database URL set
  • Required secrets filled in (based on enabled features)
  • Node selector matches your pool name
  • Image repository points to your registry

Bot Charts

  • Node selector matches bots pool name
  • SQS queue URLs set
  • S3 bucket names set
  • Image repository points to your registry

Video Device Plugin

  • Node selector matches bots pool name
  • Image repository points to your registry

Environment-Specific Configuration

Development/Staging

configmap:
  log_level: "debug"
  environ: "dev"
  api_server_baseurl: "https://api-dev.yourcompany.com"

Production

configmap:
  log_level: "info"
  environ: "prod"
  api_server_baseurl: "https://api.yourcompany.com"

Next Steps

  • Deployment - Deploy the platform using the provided scripts
  • Upgrades - Learn how to upgrade your deployment

On this page