Skip to content

Evidentia

Configuration

Polycentric-Labs/evidentia

Configuration¶

Auto-generated page. This page is generated from the live Evidentia codebase by scripts/wiki/sync_reference.py. Do not edit it by hand; change the underlying code/data and re-run the generator (uv run python scripts/wiki/sync_reference.py).

Evidentia is configured through three layers, in precedence order: CLI flag > environment variable > evidentia.yaml > built-in default. There is no global config daemon or hidden state — every knob is one of the items below.

`evidentia.yaml`¶

An optional project config file discovered by walking the current directory up to the filesystem root for the first evidentia.yaml. String values support ${ENV_VAR} interpolation. Honored keys (schema: evidentia_core.config.EvidentiaConfig):

Key	Type	Description
`organization`	`str \\| None`	Organization name — seeds `gap analyze`'s inventory.organization when the inventory file lacks one.
`system_name`	`str \\| None`	System / product name surfaced in reports alongside organization.
`frameworks`	`list[str]`	Default framework IDs for `gap analyze` when --frameworks is omitted. CLI replaces, never unions.
`llm.model`	`str \\| None`	Default LLM model name (e.g. 'claude-sonnet-4-6'). Overridden by --model or $EVIDENTIA_LLM_MODEL.
`llm.temperature`	`float \\| None`	Default LLM temperature. Overridden by $EVIDENTIA_LLM_TEMPERATURE.

Environment variables¶

Evidentia reads the following 48 EVIDENTIA_* environment variables. Variables whose name ends in _PASSWORD, _SECRET, or _TOKEN_FILE carry credential material — set them in your shell/secret store, never commit their values.

Environment variable
`EVIDENTIA_AI_OPERATOR`
`EVIDENTIA_AI_REGISTRY_DIR`
`EVIDENTIA_API_AUTH_TOKEN_FILE`
`EVIDENTIA_API_DEV`
`EVIDENTIA_API_OFFLINE`
`EVIDENTIA_API_SECURITY_HEADERS`
`EVIDENTIA_AUDIT_RO`
`EVIDENTIA_CATALOG_DIR`
`EVIDENTIA_CHALLENGE_STORE_DIR`
`EVIDENTIA_CONMON_ALERT_DEDUP_FILE`
`EVIDENTIA_CONMON_DAEMON_HISTORY_FILE`
`EVIDENTIA_CONMON_DAEMON_STATUS_FILE`
`EVIDENTIA_CONMON_STATE_FILE`
`EVIDENTIA_EDITOR_ALLOW_ANY`
`EVIDENTIA_EVIDENCE_AUTO_MIRROR_WORM`
`EVIDENTIA_EVIDENCE_STORE_DIR`
`EVIDENTIA_EVIDENCE_WORM_BACKEND_FACTORY`
`EVIDENTIA_EXPLAIN_CACHE_DIR`
`EVIDENTIA_GAP_STORE_DIR`
`EVIDENTIA_LLM_API_BASE`
`EVIDENTIA_LLM_MODEL`
`EVIDENTIA_LLM_TEMPERATURE`
`EVIDENTIA_MCP_SIGNER_FACTORY`
`EVIDENTIA_MCP_SIGN_OUTPUTS`
`EVIDENTIA_METRIC_STORE_DIR`
`EVIDENTIA_MODEL_STORE_DIR`
`EVIDENTIA_MSSQL_PASSWORD`
`EVIDENTIA_MYSQL_PASSWORD`
`EVIDENTIA_ORACLE_PASSWORD`
`EVIDENTIA_OSCAL_NS`
`EVIDENTIA_POAM_STORE_DIR`
`EVIDENTIA_POSTGRES_PASSWORD`
`EVIDENTIA_RBAC_IDENTITY`
`EVIDENTIA_RBAC_POLICY_FILE`
`EVIDENTIA_RBAC_TENANT`
`EVIDENTIA_RETENTION_STORE_DIR`
`EVIDENTIA_SERVICENOW_INSTANCE_URL`
`EVIDENTIA_SERVICENOW_PASSWORD`
`EVIDENTIA_SERVICENOW_TABLE`
`EVIDENTIA_SERVICENOW_USER`
`EVIDENTIA_SKIP_FRONTEND_BUILD`
`EVIDENTIA_SMTP_PASSWORD`
`EVIDENTIA_SQLITE_SAFE_ROOT`
`EVIDENTIA_TEST_MODE`
`EVIDENTIA_TRUST_PROXY_HEADERS`
`EVIDENTIA_VENDOR_STORE_DIR`
`EVIDENTIA_WEBHOOK_SECRET`
`EVIDENTIA_WORKFLOW_STORE_DIR`

LLM provider keys¶

The LLM-backed commands (evidentia risk generate, evidentia explain) read the standard provider SDK keys via LiteLLM. Evidentia does not define these; set whichever matches your configured model. evidentia doctor reports which are detected.

Environment variable	Provider
`OPENAI_API_KEY`	OpenAI
`ANTHROPIC_API_KEY`	Anthropic
`GOOGLE_API_KEY`	Google
`AZURE_OPENAI_API_KEY`	Azure OpenAI