Application Configuration
Hostname where the application is accessible.Required: YesExamples:
- Production:
"crewai.company.com" - Development:
"localhost:2603" - LoadBalancer:
"a1b2c3-1234.us-west-2.elb.amazonaws.com"
- OAuth authentication failures
- Invalid webhook URLs
- CORS rejection
Internal URL for inter-service communication within the Kubernetes cluster.Auto-Generated: By default, this value is automatically generated using the format:Protocol Detection:
https://whenweb.enableSslFromPuma: truehttp://whenweb.enableSslFromPuma: false
- Using custom internal service discovery
- Routing through internal proxy or service mesh
- Non-standard networking configuration
- Auto-generated:
"http://crewai-platform-web.crewai.svc.cluster.local:3000" - Auto-generated (TLS):
"https://crewai-platform-web.crewai.svc.cluster.local:3000" - Custom:
"https://crewai-internal.company.local"
Rails environment mode.Valid Values:
"production"- Production mode (optimized, logging minimized)"development"- Development mode (detailed logging, auto-reload)"staging"- Staging mode (production-like with extra logging)"test"- Test mode (not for deployment)
"production" for production deployments.Enable CrewAI Factory features.Purpose: Required for core CrewAI Platform functionality.
Rails application log level.Valid Values:
"debug", "info", "warn", "error", "fatal"Recommendations:- Production:
"info"or"warn" - Staging:
"info" - Development:
"debug"
"debug" generates significantly more log output and can impact performance.Default AWS region for regional services.
S3 bucket for application log shipping.Optional: Leave empty to disable log shipping to S3.
URL prefix for mounting Rails application at a subpath.Default: Commented outExample:Use Case: Deploying at
https://company.com/crewai/ instead of https://company.com/.CrewAI Built-in Integration
Internal URL for Built-in Integrations service communication.Auto-Generated: When Purpose: The Rails application uses this URL to communicate internally with the Built-in Integrations service for third-party integration management (Gmail, Google Calendar, Microsoft Outlook, etc.).Default Generated Value:
oauth.enabled: true, this value is automatically generated using the format:"http://crewai-oauth.crewai.svc.cluster.local:8787"Auto-Generation Details:- Protocol: Always
http://(internal cluster communication) - Service name:
<release-name>-oauth - Namespace: Current release namespace
- Port:
8787(default Built-in Integrations service port)
- Using custom service mesh routing
- Built-in Integrations service hosted externally
- Non-standard internal networking
- Auto-generated (default):
"http://crewai-oauth.crewai.svc.cluster.local:8787" - Custom:
"http://oauth-service.custom-namespace.svc.cluster.local:8080"
- This is for internal service-to-service communication
- External OAuth callbacks use the Ingress configuration (
oauth.ingress.host) - Communication is authenticated using
CREWAI_OAUTH_API_KEYsecret
- Built-in Integrations service configuration: See CrewAI Built-in Integrations Reference
- OAuth secrets:
secrets.OAUTH_INTERNAL_API_KEY(auto-populated asCREWAI_OAUTH_API_KEYfor Rails)
Authentication Configuration
Authentication provider type.Required: YesValid Values:
"local"- Local username/password authentication"entra_id"- Microsoft Entra ID (Azure AD) authentication"okta"- Okta authentication"workos"- WorkOS authentication"keycloak"- Keycloak authentication
- No additional configuration needed
- Users managed in CrewAI Platform database
envVars.ENTRA_ID_CLIENT_IDrequiredenvVars.ENTRA_ID_TENANT_IDrequiredsecrets.ENTRA_ID_CLIENT_SECRETrequiredenvVars.ENTRA_ID_DEVICE_AUTHORIZATION_CLIENT_IDoptional (for CLI authentication)envVars.ENTRA_ID_CUSTOM_OPENID_SCOPEoptional- Azure AD application configured with redirect URI:
https://your-domain/auth/entra_id/callback - Users authenticated via Microsoft
envVars.OKTA_SITErequiredenvVars.OKTA_CLIENT_IDrequiredsecrets.OKTA_CLIENT_SECRETrequiredenvVars.OKTA_AUTHORIZATION_SERVERrequiredenvVars.OKTA_AUDIENCErequiredenvVars.OKTA_DEVICE_AUTHORIZATION_CLIENT_IDoptional (for CLI authentication)envVars.OKTA_USE_ORG_AUTH_SERVERoptional (default:"false")- Okta application configured with redirect URI:
https://your-domain/auth/okta/callback - Users authenticated via Okta
envVars.WORKOS_CLIENT_IDrequiredsecrets.WORKOS_API_KEYrequiredenvVars.WORKOS_AUTHKIT_DOMAINrequiredenvVars.WORKOS_COOKIE_PASSWORDrequired- WorkOS application configured with redirect URI:
https://your-domain/auth/workos/callback - Users authenticated via WorkOS
envVars.KEYCLOAK_CLIENT_IDrequiredenvVars.KEYCLOAK_SITErequiredenvVars.KEYCLOAK_BASE_URLoptional (only for custom context paths)envVars.KEYCLOAK_REALMrequiredsecrets.KEYCLOAK_CLIENT_SECRETrequired- Keycloak client configured with redirect URI:
https://your-domain/auth/keycloak/callback - Users authenticated via Keycloak
- See Keycloak SSO Configuration Guide for detailed setup instructions
Okta Configuration
Okta organization URL.Format:
https://your-domain.okta.com or https://your-domain.oktapreview.comWhen Required: AUTH_PROVIDER: oktaPurpose: Base URL where the Okta admin console is accessible.Example:Okta application client ID for web application authentication.When Required:
AUTH_PROVIDER: oktaObtaining: Found in Okta Admin Console under Applications > Your App > General Settings.Note: This client ID is for web application authentication. CLI authentication requires a separate client configured in OKTA_DEVICE_AUTHORIZATION_CLIENT_ID.Okta authorization server identifier.Purpose: Specifies which authorization server to use for authenticating users assigned to the web application.Common Values:
"default"- Default authorization server"aus1234567890abcdef"- Custom authorization server ID
AUTH_PROVIDER: oktaFinding: Okta Admin Console > Security > API > Authorization Servers.Okta API audience identifier.Purpose: Audience used by the authorization server to authenticate users assigned to the web application. Must match the audience configured in the authorization server specified by
OKTA_AUTHORIZATION_SERVER.Common Values:"api://default"- Default audience"https://your-domain.okta.com"- Custom audience
AUTH_PROVIDER: oktaFinding: Okta Admin Console > Security > API > Authorization Servers. Choose the audience from the same authorization server as configured in OKTA_AUTHORIZATION_SERVER.Okta client ID for CLI device authorization flow.When Required: Leave Empty: If CLI authentication is not required.
AUTH_PROVIDER: okta and CLI authentication neededPurpose: Enables CLI authentication using OAuth 2.0 Device Authorization Grant flow.Important: Okta requires a separate, dedicated application for the device authorization flow. This client ID must be different from the web application client (OKTA_CLIENT_ID).Client Configuration Requirements:- Create a dedicated application in Okta for device authorization
- Configure the application with device authorization flow enabled
- This must be a different application from the web application
Use Okta organization authorization server instead of custom authorization server.Valid Values:
"true"- Use the organization authorization server"false"- Use a custom authorization server (default)
"false" (uses custom authorization server)Purpose: Specifies whether to use Okta’s “organization authorization server” or a “custom authorization server” for authentication.When to Set to “true”:- Using Okta’s default organization authorization server
- Not using a custom authorization server configuration
- Using a custom authorization server (most common)
- Default configuration
Entra ID Configuration
Microsoft Entra ID (Azure AD) application (client) ID for web application authentication.Format: UUID (e.g., Note: This client ID is for web application authentication. CLI authentication can use the same application or a separate one via
12345678-1234-1234-1234-123456789012)When Required: AUTH_PROVIDER: entra_idObtaining: Azure Portal > App Registrations > Your App > Overview > Application (client) ID.Example:ENTRA_ID_DEVICE_AUTHORIZATION_CLIENT_ID.Microsoft Entra ID (Azure AD) directory (tenant) ID.Format: UUID (e.g.,
87654321-4321-4321-4321-210987654321)When Required: AUTH_PROVIDER: entra_idObtaining: Azure Portal > App Registrations > Your App > Overview > Directory (tenant) ID.Microsoft Entra ID client ID for CLI device authorization flow.When Required: Example - Separate Application:Leave Empty: If CLI authentication is not required.
AUTH_PROVIDER: entra_id and CLI authentication neededPurpose: Enables CLI authentication using OAuth 2.0 Device Authorization Grant flow.Flexibility: Entra ID allows using the same application for authenticating both web and CLI. You can either:- Use the same client ID as
ENTRA_ID_CLIENT_ID(simpler, single application) - Use a dedicated application with a different client ID (more granular control)
Custom OpenID scope for Entra ID authentication.When Required: Leave Empty: To use default OpenID scopes without custom API scopes.
AUTH_PROVIDER: entra_id (optional but recommended)Purpose: Specifies a custom API scope exposed by your Entra ID application for enhanced authentication.Format: api://<application-id>/<scope-name> (e.g., api://12345678-1234-1234-1234-123456789012/access)Obtaining: Azure Portal > App Registrations > Your App > Expose an API > Scopes.Common Scope Names:access- General access scopeuser_impersonation- User impersonation scope- Custom scope names defined in your application
WorkOS Configuration
WorkOS application client ID.When Required:
AUTH_PROVIDER: workosObtaining: WorkOS Dashboard > Main Page > Client ID.Example:WorkOS AuthKit domain for authentication.Format: Example - Default Domain:
your-domain.authkit.com (custom domain) or WorkOS-provided default domainWhen Required: AUTH_PROVIDER: workosPurpose: Specifies the AuthKit domain used for WorkOS authentication flows.Obtaining: WorkOS Dashboard > Developer > Domains. Can be a custom domain or the default one provided by WorkOS.Example - Custom Domain:Cookie encryption password for WorkOS authentication.When Required: Example:Important:
AUTH_PROVIDER: workosPurpose: Used to encrypt cookies stored in the browser during WorkOS authentication flows.Format: Random string, maximum 32 charactersSecurity: Must be a cryptographically secure random string. Generate using:- Keep this value secret and secure
- Use a different value for each environment (dev, staging, production)
- Changing this value will invalidate all existing user sessions
- Never commit this value to version control
Keycloak Configuration
Keycloak client ID for web application authentication.When Required: Note: This client ID is for web application authentication. CLI authentication requires a separate client configured in
AUTH_PROVIDER: keycloakObtaining: Found in Keycloak Admin Console under Clients > Your Client > Settings.Example:KEYCLOAK_DEVICE_AUTHORIZATION_CLIENT_ID.Keycloak server URL.Format:
https://keycloak.yourdomain.com or http://localhost:8080 (development)When Required: AUTH_PROVIDER: keycloakPurpose: Base URL where the Keycloak admin console is accessible.Example:Keycloak default context path.Default: Example - Keycloak 17+ (no base path):Note: This value corresponds to the
"" (empty string)When Required: AUTH_PROVIDER: keycloak (optional - only needed for specific Keycloak configurations)Purpose: Specifies the base context path for your Keycloak instance. This is used when Keycloak is configured with a custom base path, typically from older versions or custom deployments.When to Set:- Using Keycloak versions older than 17 (default was
/auth) - Migrated from Keycloak 17+ but kept the old
/authpath for backwards compatibility - Keycloak started with
--http-relative-pathparameter
- Using Keycloak 17+ without custom context path (most common)
- Authorization URLs look like:
https://keycloak.yourdomain.com/realms/crewai
- If it looks like:
https://keycloak.yourdomain.com/auth/realms/crewai→ Set to"/auth" - If it looks like:
https://keycloak.yourdomain.com/realms/crewai→ Leave empty""
--http-relative-path parameter used when starting Keycloak. If you didn’t specify this parameter during Keycloak startup, leave this field empty.Keycloak realm name.When Required:
AUTH_PROVIDER: keycloakObtaining: Found in Keycloak Admin Console - visible in the realm dropdown or URL path.Common Values:"master"- Default Keycloak realm"crewai"- Custom realm for CrewAI"company"- Organization-specific realm
Keycloak audience value for token validation.Default: Important: Only change this value if you have specifically configured a custom audience in your Keycloak client settings. The default
"account"Purpose: Validates the aud claim in access tokens issued by Keycloak.Default Behavior: Keycloak includes "account" as the default audience in access tokens, representing the built-in account management service. This default value works for most installations without additional Keycloak configuration.When to Override:- Your organization requires a custom audience value
- You have configured custom audience mappers in Keycloak
"account" value works for standard Keycloak installations.See Also: Keycloak SSO Configuration Guide - Configuring the Audience for detailed information on custom audience configuration.Keycloak client ID for CLI device authorization flow.When Required: Setup Guide: See Keycloak SSO Configuration Guide - CLI Authentication for detailed client creation steps.Leave Empty: If CLI authentication is not required.
AUTH_PROVIDER: keycloak and CLI authentication neededPurpose: Enables CLI authentication using OAuth 2.0 Device Authorization Grant flow.Important: This must be a separate client from the web application client (KEYCLOAK_CLIENT_ID). The device authorization client must be configured as a public client with only the “OAuth 2.0 Device Authorization Grant” authentication flow enabled.Client Configuration Requirements:- Client authentication: Off (public client)
- Authentication flow: Only “OAuth 2.0 Device Authorization Grant” enabled
- Standard flow: Must be disabled
Crew Deployment Configuration
Crew container build and deployment provider.Valid Values:
"BUILDKIT_KUBERNETES"- Use BuildKit service for builds (recommended)
- Requires
buildkit.enabled: true - Builds occur in-cluster
- No external dependencies
BuildKit image reference for container builds.Auto-Generated: When Purpose: Ensures the application uses the same BuildKit image version as the deployed BuildKit service, maintaining version consistency.Default Generated Value:Override Behavior:Automatically generates:
buildkit.enabled: true, this value is automatically generated from the BuildKit image configuration:- When
buildkit.enabled: true, the auto-generated value takes precedence - Custom values in
envVars.BUILDKIT_IMAGE_OVERRIDEare ignored to prevent version mismatches - To change the BuildKit image, configure
buildkit.image.*values instead
"registry.company.com/buildkit/buildkit:v2026.0130.11"Leave Empty: To use auto-generated value (recommended when BuildKit is enabled).Container Registry Configuration
Container registry hostname for pulling Docker Hub images.Auto-Generated: By default, this value is automatically generated using one of these formats:Without With Default Generated Value: Auto-generates:
global.imageNamePrefixOverride:global.imageNamePrefixOverride:"images.crewai.com/proxy/dockerhub" (when global.imageRegistry: "images.crewai.com" and no override)Purpose: Configures where the application pulls base images from Docker Hub. This is particularly important for air-gapped environments or when using a private registry mirror.Fallback Behavior:When CONTAINER_REGISTRY_HOSTNAME is empty or not set:- If
global.imageNamePrefixOverrideis set, uses<imageRegistry>/<imageNamePrefixOverride> - Otherwise, uses
<imageRegistry>/proxy/dockerhub
"123456789012.dkr.ecr.us-west-2.amazonaws.com/crewai/"When to Override:- Air-gapped deployments with internal registry
- Using a pull-through cache registry
- Corporate registry requirements
- Private Docker Hub mirror with different path structure
- Custom path structure not covered by
imageNamePrefixOverride
- Auto-generated (default): Leave empty to use
"images.crewai.com/proxy/dockerhub" - Auto-generated (with override): Leave empty to use
"<imageRegistry>/<imageNamePrefixOverride>" - Internal registry:
"registry.company.com/dockerhub-mirror" - Harbor registry:
"harbor.company.com/proxy-cache/dockerhub" - Direct Docker Hub (not recommended):
"docker.io"
Registry where built crew container images are stored.Required: Yes - Chart installation will fail if this value is not set.Validation: The Helm chart includes validation that enforces this requirement. If
envVars.CREW_IMAGE_REGISTRY_OVERRIDE is empty or not provided, the deployment will fail with an error message during installation.Purpose: Specifies the registry where CrewAI Platform pushes built crew images. The suffix /crewai-enterprise is automatically appended.Behavior:- Images are pushed to:
<CREW_IMAGE_REGISTRY_OVERRIDE>/crewai-enterprise/<image-name>:<tag> - Registry must be accessible from both build pods and runtime pods
- Requires appropriate push/pull credentials
- Validation occurs at deployment time (before resources are created)
- AWS ECR:
"123456789012.dkr.ecr.us-west-2.amazonaws.com" - Azure ACR:
"mycompany.azurecr.io" - Google Artifact Registry (GAR):
"us-west1-docker.pkg.dev/my-project/my-repo" - JFrog Artifactory:
"acme.jfrog.io" - Internal registry:
"registry.company.local:5000"
/crewai-enterprise, so ensure the resulting repository path exists and accepts pushes.Error Message: If not set, you will see: "envVars.CREW_IMAGE_REGISTRY_OVERRIDE is required. See: https://enterprise-docs.crewai.com/reference/chart-values/environment-variables#param-env-vars-crew-image-registry-override"Registry hostname for automation base images.Default Generated Value:
"images.crewai.com" (when global.imageRegistry: "images.crewai.com")Purpose: Specifies the registry where automation base images are stored. This is used in combination with AUTOMATION_ECR_REPOSITORY_PREFIX and AUTOMATION_BASE_IMAGE_NAME to construct the full image path for crew container builds.Repository prefix for automation base images in the registry.Auto-Generated: By default, this value is automatically generated using one of these values:With Without Default Generated Value: Example - Default Configuration:Results in: Results in:
global.imageNamePrefixOverride:global.imageNamePrefixOverride:"proxy/crewai/crewai/" (when no override is set)Purpose: Adds an organizational prefix to automation base image paths within the registry. This prefix is prepended to the automation base image name when constructing the full image path.Fallback Behavior:When AUTOMATION_ECR_REPOSITORY_PREFIX is empty or not set:- If
global.imageNamePrefixOverrideis set, uses that value - Otherwise, uses
"proxy/crewai/crewai/"
images.crewai.com/proxy/crewai/crewai/crewai-enterprise-preinstalled-v2:latestExample - With imageNamePrefixOverride:123456789012.dkr.ecr.us-west-2.amazonaws.com/crewai/crewai-enterprise-preinstalled-v2:latestWhen to Override:- Custom path structure not covered by
imageNamePrefixOverride - Different prefix for automation images vs. platform images
- Migration from one naming scheme to another
- Aligning with Replicated proxy path structure for consistency
- Multi-tenant registry organization
- Namespace separation in shared registries
- Compliance with corporate naming conventions
- Maintaining path structure consistency with proxy registries
- Simplified paths when using
imageNamePrefixOverride
Base image name used for building crew containers.Purpose: Specifies the foundational image containing CrewAI dependencies and runtime.Default: Note: The base image must be accessible from the configured registry and contain all required CrewAI runtime dependencies.
"crewai-enterprise-preinstalled-v2:latest"Format: <image-name>:<tag>When to Change:- Using custom base image with additional dependencies
- Pinning to specific version for consistency
- Testing new base image versions
Storage Configuration
File storage backend service.Required: Yes (unless using MinIO)Valid Values:
"amazon"- Amazon S3 or S3-compatible storage"microsoft"- Azure Blob Storage
- Requires
envVars.AWS_REGION - Requires
envVars.AWS_BUCKET - Requires
secrets.AWS_ACCESS_KEY_IDandsecrets.AWS_SECRET_ACCESS_KEY(or IRSA) - Optional
envVars.AWS_ENDPOINTfor S3-compatible services
- Requires
envVars.AZURE_STORAGE_ACCOUNT_NAME - Requires
secrets.AZURE_STORAGE_ACCESS_KEY
S3-compatible storage endpoint URL.When to Set:
- Using MinIO:
"http://crewai-minio:9000" - Using Wasabi:
"https://s3.wasabisys.com" - Using DigitalOcean Spaces:
"https://nyc3.digitaloceanspaces.com"
- Using AWS S3 (uses regional endpoint automatically)
AWS region for S3 bucket.Examples:
"us-west-2", "eu-central-1", "ap-southeast-1"Required For: STORAGE_SERVICE: amazonS3 bucket name for file storage.Examples:
"crewai-prod-storage", "company-crewai-files"Required For: STORAGE_SERVICE: amazonAzure Storage account name.Required For:
STORAGE_SERVICE: microsoftBuilt-in LLM Configuration
LLM provider for built-in platform AI features.Purpose: Specifies which LLM provider to use for internal platform features such as:
- Improving Studio prompts
- Generating automation descriptions
- Chatting with flows
- Other AI-assisted platform capabilities
"openai"- OpenAI provider (GPT models)"anthropic"- Anthropic provider (Claude models)
- Requires
secrets.BUILT_IN_LLM_API_KEYto be set with a valid API key for the chosen provider - Requires
envVars.BUILT_IN_LLM_MODELto be set with a supported model for the provider
Model name for built-in LLM provider.Purpose: Specifies which model to use for internal platform AI features.OpenAI Models (BUILT_IN_LLM_PROVIDER: “openai”):
"gpt-4o-mini"- Recommended for most use cases (cost-effective, fast)"gpt-4o"- More capable, higher cost"gpt-4-turbo"- Previous generation flagship"gpt-3.5-turbo"- Older, budget option
"claude-3-5-sonnet-20241022"- Latest Sonnet model (recommended)"claude-3-5-haiku-20241022"- Fast and cost-effective"claude-3-opus-20240229"- Most capable (higher cost)
- Balance cost vs. capability based on your usage patterns
- Internal platform features typically work well with smaller, faster models
- Larger models may provide better results for complex prompt improvements
Database Configuration
PostgreSQL database hostname or IP address.Auto-Override: When
postgres.enabled: true, this value is automatically overridden to the internal PostgreSQL service name (<fullname>-postgres).Required For: External database (postgres.enabled: false)Examples:- AWS RDS:
"crewai-prod.cluster-abc.us-west-2.rds.amazonaws.com" - Azure Database:
"crewai-prod.postgres.database.azure.com" - Google Cloud SQL:
"10.1.2.3"(via Cloud SQL proxy)
PostgreSQL database port.Standard:
"5432" (PostgreSQL default)PostgreSQL username.Recommendation: Use a dedicated database user (not
postgres superuser) for production.PostgreSQL main database name.Purpose: Primary database for application data, schema migrations, and business logic.Must Match: Database created during PostgreSQL initialization.
PostgreSQL database name for ActionCable (WebSocket connections).Purpose: Separate database for real-time WebSocket communication and pub/sub messaging.Must Match: Cable database created during PostgreSQL initialization.Note: ActionCable uses a separate database to isolate real-time communication from main application data.
PostgreSQL database name for the Built-in Integrations service.Purpose: Separate database for storing encrypted OAuth tokens for third-party integrations (Gmail, Google Calendar, Microsoft Outlook, etc.).Default: Example with External Database:Note: The Built-in Integrations service uses its own database separate from the main CrewAI application database for security isolation. All database connections use the same
"oauth_db" - Only used when postgres.enabled: false and oauth.enabled: true.Behavior:- When
postgres.enabled: true: Usespostgres.oauthDatabasevalue (database is auto-created) - When
postgres.enabled: false: Uses this value for connecting to the external database
DB_HOST, DB_PORT, DB_USER, and DB_PASSWORD configuration.Skip database migrations during application startup.Default: Related Configuration:
"true"Purpose: Database migrations are handled by a dedicated pre-upgrade Helm hook job (helm/templates/jobs/pre-upgrade-migration.yaml:1) that runs before each upgrade, ensuring migrations complete successfully before the application starts.Migration Strategy:- Pre-upgrade hook runs
rails db:migratebefore deployment - Pre-upgrade hook runs
rails db:migrate:cablefor Action Cable database - Hook waits for PostgreSQL availability (when using internal PostgreSQL)
- Hook has 3 retry attempts on failure
- Application pods skip migrations to prevent race conditions
- Custom deployment workflows that don’t use Helm upgrades
- Manual migration management outside of Helm
- Debugging migration issues
"false" can cause race conditions if multiple pods attempt migrations simultaneously. The pre-upgrade hook pattern ensures single-execution migration runs.Example - Disable Migration Hook:migrationJob.nodeSelector (docs/reference/chart-values/reference.mdx:258) - Configure node placement for migration jobs.Whitelabeling Configuration
Short name for platform branding customization.Purpose: Customize the platform’s short name displayed throughout the user interface for whitelabeling purposes.Default:
"" (empty) - Uses default “CrewAI” brandingWhen to Set:- Whitelabeling the platform with your company or product name
- Creating a branded experience for end users
- Partner or reseller deployments
"Acme"- Short company name"MyPlatform"- Product short name""- Use default branding
Full display name for platform branding customization.Purpose: Customize the platform’s full display name shown throughout the user interface for whitelabeling purposes.Default:
"" (empty) - Uses default “CrewAI Platform” brandingWhen to Set:- Whitelabeling the platform with your company or product name
- Creating a branded experience for end users
- Partner or reseller deployments
"Acme AI Platform"- Full branded name"MyCompany Automation Platform"- Custom product name""- Use default branding
PLATFORM_SHORT_NAME for consistent branding across the interface.Leave Empty: To use default CrewAI Platform branding.Concurrency Settings
Maximum threads per Rails process.Default: Commented out (uses Rails default of
5)Tuning:- Lower (2-3): Reduce memory usage, lower concurrency
- Higher (10-15): Increase concurrency, higher memory usage
Number of Puma worker processes.Default: Commented out (auto-calculated based on available CPU cores)Tuning:
- Single-core containers:
1 - Multi-core containers:
2-4
WEB_CONCURRENCY x per-worker memory.Background job timeout in seconds.Default: Commented out (
60 seconds)Adjust For:- Long-running jobs: Increase timeout
- Quick jobs: Keep default or lower
Worker process boot timeout in seconds.Default: Commented out (
120 seconds)Increase If: Workers fail to start within default timeout.GitHub Configuration
GitHub username or organization for repository access.Auto-Populated: From Replicated license fieldPurpose: Required to pull crewai enterprise repositories.
GitHub OAuth application client ID.Required For: GitHub OAuth authentication.
GitHub App installation URL.
GitHub App ID.