# memoryoss configuration (example)
# Copy to memoryoss.toml and fill in your keys:
# cp memoryoss.toml.example memoryoss.toml
# On Windows PowerShell:
# Copy-Item memoryoss.toml.example memoryoss.toml
# Keep this file in a user-only directory. On Windows, protect it with NTFS ACLs.
[server]
host = "127.0.0.1"
port = 8000
[tls]
enabled = true
auto_generate = true
[auth]
# Use long random secrets. Anyone who can read this file can impersonate your local memory service.
jwt_secret = "replace-with-a-32+-char-secret"
audit_hmac_secret = "replace-with-a-32+-char-secret"
[[auth.api_keys]]
key = "ek_YOUR_API_KEY_HERE" # Generated by: memoryoss setup
role = "admin"
namespace = "default"
jwt_expiry_secs = 3600
[storage]
# On Windows, prefer a user-local path such as:
# data_dir = 'C:\Users\you\AppData\Local\memoryoss\data'
data_dir = "data"
[embeddings]
# Supported runtime models:
# - "all-minilm-l6-v2" (default, 384-dim)
# - "bge-small-en-v1.5" (384-dim)
# - "bge-base-en-v1.5" (768-dim)
# - "bge-large-en-v1.5" (1024-dim)
model = "all-minilm-l6-v2"
[encryption]
# Supported providers:
# - "local" (default)
# - "vault" (Vault Transit)
# "aws_kms" is intentionally unsupported in this build and fails closed.
provider = "local"
# vault_address = "https://vault.example.com:8200"
# vault_token = "replace-with-a-vault-token"
# vault_mount = "transit"
# vault_key_name = "memoryoss"
# grace_period_secs = 86400
[proxy]
enabled = true
upstream_url = "https://api.openai.com/v1"
upstream_api_key = "sk-proj-YOUR_OPENAI_KEY"
anthropic_api_key = "sk-ant-YOUR_ANTHROPIC_KEY"
passthrough_auth = true
passthrough_local_only = true
# Proxy key mapping: client uses proxy_key, memoryOSS forwards with upstream key
[[proxy.key_mapping]]
proxy_key = "ek_YOUR_API_KEY_HERE"
namespace = "default"
[sharing]
allow_private_webhooks = false
[logging]
level = "info"
json = false