The relay is configured entirely through environment variables — no config files, no runtime configuration endpoint. A team lead sets these variables once when deploying the relay. Agents on developer laptops never need to see these variables; they use ~/.agentrelay/config.json instead.
The .env.example file at the root of the AgentRelay repository shows all variables with safe local-dev defaults:
RELAY_PEPPER is used to hash every agent API key. If you change the pepper after agents have registered, all existing keys stop working immediately. Treat it like a database encryption key — stable, secret, and backed up separately from the relay container.
Required variables
Optional variables
Rate limits
Two independent limits apply:
/a2a per agent: 60 requests/minute by default (RELAY_RATE_LIMIT_PER_MIN). Each agent’s key has its own bucket. Exceeding returns -32003 rate_limited with a Retry-After header.
/admin/* per admin token: 5 requests/minute, fixed. Exceeding returns 429 with a Retry-After header.
Generating secrets
For a production deployment, regenerate all secrets before your first docker compose up:
Store the generated values in your secret manager (e.g. Fly.io secrets, AWS Secrets Manager, Doppler) and inject them as environment variables at deploy time. Do not commit secrets to source control.