-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
71 lines (56 loc) · 3.45 KB
/
.env.example
File metadata and controls
71 lines (56 loc) · 3.45 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
# Couchbase MCP Server — environment template
#
# Copy this file to .env and fill in real values for local development:
# cp .env.example .env
#
# Production deployments should set these via the container orchestrator
# (Docker Compose, Kubernetes secrets, Smithery config) rather than committing
# a populated .env. The .gitignore is configured to exclude .env so you can't
# accidentally commit credentials.
# ── Connection (required) ─────────────────────────────────────────────────────
# Use couchbase:// for plain, couchbases:// for TLS (Capella always TLS)
CB_CONNECTION_STRING=couchbase://localhost
# Username/password auth (most common). Leave blank if using mTLS below.
CB_USERNAME=Administrator
CB_PASSWORD=
# Default bucket / scope / collection for the data-plane tools (cb_get, cb_query, etc.)
CB_BUCKET=travel-sample
CB_SCOPE=_default
CB_COLLECTION=_default
# ── mTLS (optional — instead of password auth) ────────────────────────────────
# When BOTH are set, the server uses CertificateAuthenticator instead of password auth.
# CB_CLIENT_CERT_PATH=/etc/couchbase/client.pem
# CB_CLIENT_KEY_PATH=/etc/couchbase/client.key
# CA certificate for self-signed clusters (leave blank for Capella / public CAs)
# CB_CA_CERT_PATH=/etc/couchbase/ca.pem
# Disable TLS hostname verification — DEVELOPMENT ONLY, never production
# CB_MCP_TLS_INSECURE=false
# ── Management REST port override (optional) ──────────────────────────────────
# Default is 8091 for plain, 18091 for TLS. Override only when the cluster
# uses non-standard ports.
# CB_MGMT_PORT=
# ── Safety knobs ──────────────────────────────────────────────────────────────
# When true (default), write tools are not loaded — they don't appear in tool discovery.
CB_MCP_READ_ONLY_MODE=true
# Comma-separated tool names to exclude, or a path to a file with one name per line.
# Example: CB_MCP_DISABLED_TOOLS=admin_bucket_delete,admin_node_failover_hard
CB_MCP_DISABLED_TOOLS=
# Additional tools that should require `confirm: true` (on top of the destructive defaults).
CB_MCP_CONFIRMATION_REQUIRED_TOOLS=
# Include hint text in confirmation-required error responses so the LLM knows
# how to recover.
CB_MCP_ELICITATION_HINTS=true
# ── Transport ─────────────────────────────────────────────────────────────────
# stdio (default), http, streamable_http
CB_MCP_TRANSPORT=stdio
# HTTP transport binding (only used when CB_MCP_TRANSPORT=http)
CB_MCP_HOST=127.0.0.1
CB_MCP_PORT=8000
# ── Networking ────────────────────────────────────────────────────────────────
# Retries and timeout for the admin REST client
CB_MCP_HTTP_RETRIES=3
CB_MCP_HTTP_TIMEOUT=30
# ── Capella v4 (only needed for capella_* tools) ──────────────────────────────
# CAPELLA_API_KEY=
# CAPELLA_SECRET_KEY=
# CAPELLA_BASE_URL=https://cloudapi.cloud.couchbase.com