Configuration

All environment variables and how the server loads them.

Overview
Environment Variables
Validation
Reloading Configuration
Example .env File

Overview

Configuration is managed by the ServerConfig dataclass in config.py. It reads environment variables at startup via python-dotenv (from a .env file) and os.getenv() with defaults.

A global singleton config is created at import time and used throughout the application.

Environment Variables

Azure Authentication

Variable	Default	Description
`AZURE_SUBSCRIPTION_ID`	—	Default subscription ID. Can also be set via `set_subscription` tool at runtime.
`AZURE_TENANT_ID`	—	Azure AD tenant ID (for Service Principal auth)
`AZURE_CLIENT_ID`	—	Service Principal application/client ID
`AZURE_CLIENT_SECRET`	—	Service Principal secret
`AZURE_DEFAULT_LOCATION`	`eastus`	Default Azure region for new resources

If AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, and AZURE_TENANT_ID are all set, the server uses Service Principal authentication. Otherwise, it falls back to Azure CLI / Managed Identity.

Server Settings

Variable	Default	Description
`LOG_LEVEL`	`INFO`	Logging verbosity: `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
`LOG_FORMAT`	`%(asctime)s - %(name)s - %(levelname)s - %(message)s`	Python logging format string
`API_TIMEOUT`	`30`	HTTP request timeout in seconds
`API_RETRY_ATTEMPTS`	`3`	Number of retry attempts for API calls
`API_RETRY_DELAY`	`1`	Delay between retries in seconds
`DEBUG`	`false`	Enable debug mode (verbose error messages)

Rate Limiting

Variable	Default	Description
`RATE_LIMIT_ENABLED`	`true`	Enable/disable rate limiting
`RATE_LIMIT_REQUESTS_PER_MINUTE`	`60`	Maximum requests per minute per key
`RATE_LIMIT_BURST_SIZE`	`10`	Burst allowance above the per-minute rate

Docker & Monitoring

Variable	Default	Description
`DOCKER_TIMEOUT`	`30`	Timeout for Docker CLI commands in seconds
`MONITORING_INTERVAL`	`60`	Default interval for monitoring checks in seconds

Security

Variable	Default	Description
`SECRET_KEY`	`default-secret-key-change-in-production`	Application secret key
`ALLOWED_HOSTS`	`localhost,127.0.0.1`	Comma-separated allowed hostnames

Validation

ServerConfig.validate() checks for common misconfigurations and returns a list of error strings:

Check	Condition
Log level	Must be one of `DEBUG`, `INFO`, `WARNING`, `ERROR`, `CRITICAL`
Timeouts	`api_timeout`, `docker_timeout`, `monitoring_interval` must be > 0
Rate limits	`rate_limit_requests_per_minute`, `rate_limit_burst_size` must be > 0
Service Principal	If any of `client_id` / `client_secret` / `tenant_id` is set, all must be set
Subscription	`AZURE_SUBSCRIPTION_ID` is required (warning)

Reloading Configuration

To pick up changed environment variables without restarting:

from azops_mcp.config import reload_config

new_config = reload_config()

This creates a fresh ServerConfig instance and replaces the global config singleton.

Example `.env` File

# Minimal — uses az login credentials
AZURE_SUBSCRIPTION_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

# Optional: Service Principal
# AZURE_TENANT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
# AZURE_CLIENT_ID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
# AZURE_CLIENT_SECRET=your-secret

# Defaults
AZURE_DEFAULT_LOCATION=eastus
LOG_LEVEL=INFO
API_TIMEOUT=30
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REQUESTS_PER_MINUTE=60
DEBUG=false