Update credentials and security toggles. Active configuration is consumed by the Internal API middleware.

Paste these lines into the executor app's .env file. Treat secrets as confidential.

Name *

Friendly label, e.g. "Production Executor" or "Staging Executor".

Slug

Leave blank to auto-generate from the name.

Notes

IP Whitelist Check

Reject calls from any IP not in the trusted list.

API Key Check

Require X-API-Key header on every internal request.

HMAC Signature

Require signed request payloads with replay protection.

Allowed IPs / CIDRs

Comma- or newline-separated list of trusted IPs / CIDR blocks. Empty value rejects all traffic (fail-closed) when IP check is on.

API Keys Show / Hide

Comma- or newline-separated keys. Send via header X-API-Key: <key>. An encrypted value is already set. Leave blank to keep it.

HMAC Secret Show / Hide

Shared secret used to sign request payloads (HMAC-SHA256). An encrypted secret is already set. Leave blank to keep it.

Replay Tolerance (seconds)

Max clock skew between client and server. 300 = 5 min.

AI Calling Enabled

Master switch for the AI Calling feature in the executor app.

SSO Enabled

Allow signed browser SSO landings on /automation/* using the HMAC Secret above.

Active Configuration

Only one configuration may be active. Activating this one deactivates the rest.