python-dotenv. config.py reads the local .env in the pipeline directory; shell variables take precedence.
Required variables
Microsoft Graph (Outlook fetch)
| Variable | Purpose |
|---|---|
AZURE_TENANT_ID | Your Azure AD tenant ID — used to build the OAuth2 authority URL |
AZURE_CLIENT_ID | App registration’s client ID |
AZURE_CLIENT_SECRET | App registration’s client secret |
OUTLOOK_USER_EMAIL | Mailbox address the script reads from (e.g. metaweave-forms@yourcompany.com) |
Mail.ReadMail.ReadWrite(to mark messages as read)
ValueError: AZURE_TENANT_ID is required.
PostgreSQL (Cloud SQL)
| Variable | Purpose |
|---|---|
GOOGLE_SERVICE_ACCOUNT_BASE64 | Base64-encoded service account JSON. Decoded in-memory and passed to Cloud SQL Connector |
CLOUD_SQL_INSTANCE_CONNECTION_NAME | project:region:instance — your Cloud SQL instance |
POSTGRES_USER | Database user |
POSTGRES_PASSWORD | Database password (shell-escape $ as \$) |
POSTGRES_DB | Database name |
cloudsql.instances.connect and cloudsql.client IAM roles on the instance.
If any are missing, the writer fails when the first session is opened with a Cloud SQL Connector error.
Optional variables
Encryption key
| Variable | Default | Purpose |
|---|---|---|
MW_AES_KEY | mw7k2x9p4q8n3v5h | 16-byte UTF-8 string used as AES-128-CBC key + IV |
- Generate a new 16-character ASCII string
- Update
MW_AES_KEYin the pipeline env - Update the form’s embedded key constant
- Re-export the configured HTML for each vessel
- Distribute the new HTML to the fleet
- Existing emails encrypted with the old key will fail decryption — keep both keys for the transition window if needed
Other constants
These live insrc/config.py as module constants (not env vars). Override by editing the file.
Markers
Subject regex
Report type mapping
metaweave_report.report_type. Add new entries here when the form ships a new report type.
Sample .env
cat service-account.json | base64 | tr -d '\n')
How config is loaded
What’s not configurable
The pipeline does not support:- Multiple Outlook mailboxes per run (one mailbox per invocation)
- Multiple databases per run
- Different schema per environment (use different
POSTGRES_DB) - Different table prefix (the
metaweave_prefix is hardcoded)
See also
- Installation — initial setup
- Running — operational invocation