Environment Variables
Curiosity workspaces read most of their configuration from environment variables. This page is the developer-facing subset — what you need to set when running locally or wiring a workspace into CI. For the full operator reference (security, encryption, SSO), see Configuration reference.
Core
| Variable | Default | Meaning |
|---|---|---|
storage |
/data/curiosity |
Path where graph data and uploaded files are stored. |
MSK_PORT |
8080 |
Port the workspace listens on. |
MSK_PUBLIC_ADDRESS |
(auto) | User-facing URL. Set this when behind a reverse proxy so generated links use the right host. |
MSK_CORS |
(empty) | Comma-separated list of allowed origins. Required for local front-end dev (e.g. http://localhost:5000). |
MSK_LOG_LEVEL |
Information |
Trace / Debug / Information / Warning / Error. |
Security
| Variable | Default | Meaning |
|---|---|---|
MSK_ADMIN_PASSWORD |
(generated) | Password for the bootstrap admin account. Set explicitly in prod. |
MSK_JWT_KEY |
(generated) | Key used to sign session JWTs. Set explicitly so tokens survive restarts. |
MSK_GRAPH_MASTER_KEY |
(generated) | Master key for encrypted content. Back this up — losing it loses data. |
MSK_SECRET_KEY |
(generated) | Legacy alias for MSK_GRAPH_MASTER_KEY on older builds. |
MSK_READONLY |
false |
Start the workspace in read-only mode (used by replicas). |
Storage & backups
| Variable | Default | Meaning |
|---|---|---|
MSK_GRAPH_STORAGE |
${storage}/graph |
Override the graph data directory. |
MSK_GRAPH_BACKUP_FOLDER |
(none) | Path where automatic backups are written. Mount a separate volume. |
Development quick-start
For local front-end development against a Docker workspace:
docker run -p 8080:8080 \
-v ~/curiosity/storage:/data \
-e storage=/data/curiosity \
-e MSK_CORS=http://localhost:5000 \
-e MSK_ADMIN_PASSWORD=ChangeMe123 \
curiosityai/curiosity
Then run curiosity-cli serve from your front-end project — the CORS entry lets the dev server hit the workspace.