Olympus Documentation What is Olympus Architecture Repo Map License Glossary

Athena API Authentication Athena API Errors Athena API Pagination Athena Settings API SDK Settings API

Environment variables

Secrets catalog ENCRYPTION_KEY SESSION_SIGNING_KEY CIAM_RELOAD_API_KEY IAM_RELOAD_API_KEY CIAM_KRATOS_COOKIE_SECRET IAM_KRATOS_COOKIE_SECRET CIAM_KRATOS_CIPHER_SECRET IAM_KRATOS_CIPHER_SECRET CIAM_HYDRA_SYSTEM_SECRET IAM_HYDRA_SYSTEM_SECRET SMTP_USER / SMTP_PASSWORD TURNSTILE_SECRET_KEY DATABASE_URL Postgres CA certificate DEPLOY_SSH_KEY GHCR pull token Daedalus provider tokens

ReferenceSecrets

SESSION_SIGNING_KEY

HMAC for Athena session cookies.

Secret: `SESSION_SIGNING_KEY`

Purpose: HMAC for Athena session cookies.

Source: GitHub Secrets → compose env

Rotation runbook: /docs/operate/rotation/session-signing-key-rotation

⚠️ Critical

This secret is operationally critical. Loss or compromise has significant impact:

If lost: data may be unrecoverable (encryption case).
If compromised: rotate immediately and audit access.

How it's used

Loaded at container startup. Failure to read the secret usually causes a fatal startup error.

How to rotate

See the linked runbook above. Most secrets have a documented zero-downtime rotation procedure.

Related

Security, Secrets management, full inventory.
Operate, Secrets audit, quarterly cadence.

ENCRYPTION_KEY

Master key for SDK settings encryption.

CIAM_RELOAD_API_KEY

Auth for CIAM Kratos schema reload sidecar.

On this page

Secret: SESSION_SIGNING_KEY⚠️ Critical How it's used How to rotate Related