Logfire Authentication and Environment Configuration
Summary
Logfire requires a valid LOGFIRE_TOKEN environment variable to function within Docker containers to prevent interactive authentication crashes. The project mandates using environment variables passed through Docker Compose rather than hardcoding tokens in configuration files or relying on local interactive login.
Details
Logfire integration within the Sokrates stack requires explicit environment variable configuration to prevent runtime failures. In containerized environments—such as the Eidos API or Hermes Agent running under Docker—Logfire defaults to interactive authentication if a token is not provided via the environment. Because these containers are non-interactive, the authentication attempt fails, causing the service to crash during startup.
The system architecture dictates that LOGFIRE_TOKEN must be defined in the local .env file and explicitly passed through the docker-compose.yml environment section. This replaces the legacy practice of hardcoding tokens directly into production compose files. For historical reference, a specific token (pylf_v1_us_Y3M5BTg3KhZfGLSmM8VBKq4wJNzLGTtrW6zLc1LQHP6M) was previously hardcoded in docker-compose.prod.yml before being migrated to the environment-based management system.
Configuration Requirements
To maintain consistency across environments and ensure service stability, the following rules apply:
- Environment Templates: The
.env.examplefile must include a placeholder forLOGFIRE_TOKENto ensure new deployments are aware of the requirement. - Compose Passthrough: The
docker-compose.yml(for bothsokrates-devandsokrates-box) must includeLOGFIRE_TOKENin theenvironmentlist. This allows the container to inherit the value set on the host machine or within the.envfile. - Appliance Setup: On physical appliances (the sokrates-box), the token must be provisioned within the environment configuration managed by the NixOS deployment or the local secrets directory.
This configuration ensures that the application code, specifically calls like token=os.getenv("LOGFIRE_TOKEN"), receives a valid string. This allows the Logfire client to authenticate silently and begin streaming telemetry and logs to the observability backend without manual intervention.