Configuration

Auto-generated page. This page is generated from the live Evidentia codebase by scripts/wiki/sync_reference.py. Do not edit it by hand; change the underlying code/data and re-run the generator (uv run python scripts/wiki/sync_reference.py).

Evidentia is configured through three layers, in precedence order: CLI flag > environment variable > evidentia.yaml > built-in default. There is no global config daemon or hidden state — every knob is one of the items below.

`evidentia.yaml`

An optional project config file discovered by walking the current directory up to the filesystem root for the first evidentia.yaml. String values support ${ENV_VAR} interpolation. Honored keys (schema: evidentia_core.config.EvidentiaConfig):

Key	Type	Description
`organization`	`str \| None`	Organization name — seeds `gap analyze`'s inventory.organization when the inventory file lacks one.
`system_name`	`str \| None`	System / product name surfaced in reports alongside organization.
`frameworks`	`list[str]`	Default framework IDs for `gap analyze` when --frameworks is omitted. CLI replaces, never unions.
`llm.model`	`str \| None`	Default LLM model name (e.g. 'claude-sonnet-4-6'). Overridden by --model or $EVIDENTIA_LLM_MODEL.
`llm.temperature`	`float \| None`	Default LLM temperature. Overridden by $EVIDENTIA_LLM_TEMPERATURE.

Environment variables

Evidentia reads the following 46 EVIDENTIA_* environment variables. Variables whose name ends in _PASSWORD, _SECRET, or _TOKEN_FILE carry credential material — set them in your shell/secret store, never commit their values.

Environment variable
`EVIDENTIA_AI_OPERATOR`
`EVIDENTIA_AI_REGISTRY_DIR`
`EVIDENTIA_API_AUTH_TOKEN_FILE`
`EVIDENTIA_API_DEV`
`EVIDENTIA_API_OFFLINE`
`EVIDENTIA_API_SECURITY_HEADERS`
`EVIDENTIA_AUDIT_RO`
`EVIDENTIA_CATALOG_DIR`
`EVIDENTIA_CHALLENGE_STORE_DIR`
`EVIDENTIA_CONMON_DAEMON_HISTORY_FILE`
`EVIDENTIA_CONMON_DAEMON_STATUS_FILE`
`EVIDENTIA_EDITOR_ALLOW_ANY`
`EVIDENTIA_EVIDENCE_AUTO_MIRROR_WORM`
`EVIDENTIA_EVIDENCE_STORE_DIR`
`EVIDENTIA_EVIDENCE_WORM_BACKEND_FACTORY`
`EVIDENTIA_EXPLAIN_CACHE_DIR`
`EVIDENTIA_GAP_STORE_DIR`
`EVIDENTIA_LLM_API_BASE`
`EVIDENTIA_LLM_MODEL`
`EVIDENTIA_LLM_TEMPERATURE`
`EVIDENTIA_MCP_SIGNER_FACTORY`
`EVIDENTIA_MCP_SIGN_OUTPUTS`
`EVIDENTIA_METRIC_STORE_DIR`
`EVIDENTIA_MODEL_STORE_DIR`
`EVIDENTIA_MSSQL_PASSWORD`
`EVIDENTIA_MYSQL_PASSWORD`
`EVIDENTIA_ORACLE_PASSWORD`
`EVIDENTIA_OSCAL_NS`
`EVIDENTIA_POAM_STORE_DIR`
`EVIDENTIA_POSTGRES_PASSWORD`
`EVIDENTIA_RBAC_IDENTITY`
`EVIDENTIA_RBAC_POLICY_FILE`
`EVIDENTIA_RBAC_TENANT`
`EVIDENTIA_RETENTION_STORE_DIR`
`EVIDENTIA_SERVICENOW_INSTANCE_URL`
`EVIDENTIA_SERVICENOW_PASSWORD`
`EVIDENTIA_SERVICENOW_TABLE`
`EVIDENTIA_SERVICENOW_USER`
`EVIDENTIA_SKIP_FRONTEND_BUILD`
`EVIDENTIA_SMTP_PASSWORD`
`EVIDENTIA_SQLITE_SAFE_ROOT`
`EVIDENTIA_TEST_MODE`
`EVIDENTIA_TRUST_PROXY_HEADERS`
`EVIDENTIA_VENDOR_STORE_DIR`
`EVIDENTIA_WEBHOOK_SECRET`
`EVIDENTIA_WORKFLOW_STORE_DIR`

LLM provider keys

The LLM-backed commands (evidentia risk generate, evidentia explain) read the standard provider SDK keys via LiteLLM. Evidentia does not define these; set whichever matches your configured model. evidentia doctor reports which are detected.

Environment variable	Provider
`OPENAI_API_KEY`	OpenAI
`ANTHROPIC_API_KEY`	Anthropic
`GOOGLE_API_KEY`	Google
`AZURE_OPENAI_API_KEY`	Azure OpenAI

Configuration

Configuration

evidentia.yaml

Environment variables

LLM provider keys

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Evidentia wiki

Clone this wiki locally

`evidentia.yaml`