Setting up the Fabricate components

Fabricate Docker image

Obtaining the image

The Fabricate Docker image is available on Quay.io.

To pull the image, log in using the credentials that Tonic.ai provided:

docker login -u=username -p='<password>' quay.io

Next, run the following command:

docker pull quay.io/tonicai/fabricate

Generating a secret key base

To run Fabricate, you need to generate a secret key base. To do this, run the following command:

docker run fabricate /fabricate/bin/rails secret

Configuring environment variables

To run Fabricate, you need to create an fabricate.env file that contains the following settings.

SECRET_KEY_BASE= # The secret key base that you generated
FABRICATE_LOG_LEVEL="warn"
FABRICATE_HOST="fabricate.my-domain.com" # The domain on which to host Fabricate
FABRICATE_ORGANIZATION_NAME="My Company" # The name of the default account to assign all users to

# Admin email address
FABRICATE_ADMIN_EMAIL= # Receives feedback and has Admin Console access

# Database Settings
FABRICATE_DB_POOL_SIZE=50
FABRICATE_DATABASE_NAME="fabricate"
FABRICATE_DATABASE_USERNAME=
FABRICATE_DATABASE_PASSWORD=
FABRICATE_DATABASE_HOST=

# Redis Settings
FABRICATE_REDIS_URL=

# Email Settings
FABRICATE_MAIL_ADDRESS=
FABRICATE_MAIL_PORT=
FABRICATE_MAIL_USER_NAME=
FABRICATE_MAIL_PASSWORD=
FABRICATE_MAIL_FROM=

# Cloud storage platform to use for generated data
FABRICATE_BLOCK_STORAGE_SERVICE=(“amazon”, “azure”, or “google”)

# Amazon S3 Settings - If FABRICATE_BLOCK_STORAGE_SERVICE="amazon"
FABRICATE_S3_BUCKET="fabricate" # Change this if needed
FABRICATE_AWS_REGION="us-east-1" # Change this if needed
FABRICATE_AWS_ACCESS_KEY_ID=
FABRICATE_AWS_SECRET_ACCESS_KEY=

# Azure Block Storage Settings - If FABRICATE_BLOCK_STORAGE_SERVICE="azure"
FABRICATE_AZURE_STORAGE_ACCOUNT_NAME=
FABRICATE_AZURE_STORAGE_ACCESS_KEY=
FABRICATE_AZURE_STORAGE_CONTAINER

# Google Cloud Storage Settings - If FABRICATE_BLOCK_STORAGE_SERVICE="google"
FABRICATE_GCS_PROJECT=
FABRICATE_GCS_CREDENTIALS=
FABRICATE_GCS_BUCKET= 

# Optional - Set this to use a service that is compatible with Amazon S3
# AWS_ENDPOINT=<your service endpoint>

# Optional - Set to true to use path-style addressing for services that are not compatible with Amazon S3
# FABRICATE_S3_FORCE_PATH_STYLE=true

# Optional - Set these to allow users to sign in through GitHub
# GITHUB_CLIENT_ID=
# GITHUB_CLIENT_SECRET=

# Optional - Set these to enable users to sign in through Google
# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=

# Optional - Set these to allow users to sign in through Azure
# AZURE_OPENAI_URI=
# AZURE_OPENAI_API_KEY=

# Set the LLM provider to use.
FABRICATE_LLM_PROVIDER=("azure" or "openai")

# If FABRICATE_LLM_PROVIDER="azure"
FABRICATE_AZURE_OPENAI_URI="(Azure OpenAI endpoint)"
FABRICATE_AZURE_OPENAI_API_KEY="(Azure OpenAI key)"

# If FABRICATE_LLM_PROVIDER="openai"
FABRICATE_OPENAI_API_KEY="(OpenAI key)"

Admin email address

The environment variable FABRICATE_ADMIN_EMAIL is the administrator email address.

When users send feedback, this is the email address that it is sent to.

If the email address has a Fabricate account, then it has access to the Admin Console, which is used to manage the instance.

For more information, go to Using the Admin Console.

PostgreSQL application database

For the application database, Fabricate requires PostgreSQL 15 or later.

We recommend that you host the PostgreSQL database on a managed service such as Amazon RDS or Google Cloud SQL.

Creating the database and user

create user fabricate WITH PASSWORD '<your password>';
create database fabricate owner fabricate;
alter user fabricate with SUPERUSER;

When Fabricate starts, it automatically creates the database tables.

Configuring application database environment variables

After you create your database, in fabricate.env, set the following environment variables:

FABRICATE_DATABASE_NAME="fabricate"
FABRICATE_DATABASE_USERNAME="fabricate"
FABRICATE_DATABASE_PASSWORD="<your password>"
FABRICATE_DATABASE_HOST="<database hostname>" # for example, fabricate.abcdefghijkl.us-east-1.rds.amazonaws.com

Redis

Fabricate uses Redis for background jobs and caching.

We require Redis 7 or later.

For Redis, we recommend that you use a managed service such as Amazon ElastiCache.

In fabricate.env, set the following environment variable:

FABRICATE_REDIS_URL=

Cloud storage

Fabricates stores uploaded and generated data in cloud storage. You can use either Amazon S3 (or compatible), Azure Blob Storage, or Google Cloud Storage.

Identifying the cloud storage platform

To indicate which cloud storage platform to use, in fabricate.env, set the following environment variable:

FABRICATE_BLOCK_STORAGE_SERVICE=("amazon", "azure", or "google")

S3 bucket

To use Amazon S3 to store generated data, in fabricate.env, set FABRICATE_BLOCK_STORAGE_SERVICE="amazon".

You then set up the S3 bucket:

  1. Create an S3 bucket in the AWS Region closest to where Fabricate will run. We recommend that you set the bucket name to fabricate.

  2. To enable Fabricate to upload files to this S3 bucket, either:

    • In fabricate.env, configure the environment variables FABRICATE_AWS_ACCESS_KEY_ID and FABRICATE_AWS_SECRET_ACCESS_KEY.

    • Assign an IAM role to the EC2 instances on which Fabricate runs. The role must be able to write to the S3 bucket. For information on how to do this, go to Enable S3 access from EC2 by IAM role.

  3. In fabricate.env, set the following environment variables:

FABRICATE_S3_BUCKET=("fabricate" or the name of the S3 bucket that you created)
FABRICATE_AWS_REGION=(AWS Region where the S3 bucket is located, such as us-east-1)
# Either set these or assign an IAM role to the Fabricate EC2 instances
FABRICATE_AWS_ACCESS_KEY_ID=(Access key for the AWS account)
FABRICATE_AWS_SECRET_ACCESS_KEY=(Scret access key for the AWS account)

Azure Blob Storage

To use Azure Blob Storage to store generated data, in fabricate.env, set FABRICATE_BLOCK_STORAGE_SERVICE="azure".

To configure the storage location and credentials, set the following environment variables:

FABRICATE_AZURE_STORAGE_ACCOUNT_NAME=(Name of the Azure account)
FABRICATE_AZURE_STORAGE_ACCESS_KEY=(Access key for the Azure account)
FABRICATE_AZURE_STORAGE_CONTAINER=(Path to the Azure storage container to use)

Google Cloud Storage

To use Google Cloud Storage to store generated data, in fabricate.env, set FABRICATE_BLOCK_STORAGE_SERVICE="google".

To configure the storage location and credentials, set the following environment variables:

FABRICATE_GCS_PROJECT=(Name of the Google Cloud Storage project to use)
FABRICATE_GCS_CREDENTIALS=(Credentials to connect to the project)
FABRICATE_GCS_BUCKET=(Name of the bucket to use within the project)

Sign-in options

You can configure Fabricate to enable users to sign in using Google, GitHub, and Azure. You can enable multiple options. On the login page, Fabricate displays an icon for each enabled option.

GitHub

To allow your users to sign in through GitHub, uncomment and configure the following environment variables:

GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

Google

To allow your users to sign in through Google, uncomment and configure the following environment variables:

GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=

Azure

To allow your users to sign in through Azure, uncomment and configure the following environment variables:

AZURE_OPENAI_URI=
AZURE_OPENAI_API_KEY=

Email service

Fabricate sends email messages when users are invited to an account or need to reset their password.

To use Amazon Simple Email Service (Amazon SES) to send email messages:

  1. Under Identity Management > Domains, add the domain where Fabricate will be hosted. You later set this as the value of the environment variable FABRICATE_DOMAIN.

  2. Under Identity Management > Emails, add a no-reply@(your domain) email address.

  3. Under Email Sending > SMTP Settings, create your SMTP credentials. You use these to configure the following environment variables:

FABRICATE_MAIL_ADDRESS=(Email host) # Typically similar to
                                        # "email-smtp.us-west-2.amazonaws.com"
FABRICATE_MAIL_PORT=587
FABRICATE_MAIL_USER_NAME=(Email username) # Typically similar to
                                              #"AKIAIOSFODNN7EXAMPLE"
FABRICATE_MAIL_PASSWORD=(Email password) # Typically similar to
                                             # "wJarXUtnFMI/K7MDNG/bPxRfiCYEXAMPLEKEY"
FABRICATE_MAIL_FROM=no-reply@(your domain)

LLM provider

To support the many Fabricate features that rely on AI, you need a connection to an LLM provider.

You can use OpenAI, Azure OpenAI, or a provider that is compatible with OpenAI.

Identifying the LLM provider

To indicate which LLM provider to use, in fabricate.env, set the following environment variable:

FABRICATE_LLM_PROVIDER=("azure" or "openai")

Azure OpenAI

To use Azure OpenAI as your LLM provider, in fabricate.env, set FABRICATE_LLM_PROVIDER="azure".

Configure the following environment variables:

FABRICATE_AZURE_OPENAI_URI=  # The hostname from "Azure OpenAI endpoint" in the 
                             # Azure UI. For example: "fabricate.openai.azure.com"
FABRICATE_AZURE_OPENAI_API_KEY= # The Azure OpenAI key

OpenAI

To use OpenAI as your LLM provider, in fabricate.env, set FABRICATE_LLM_PROVIDER="openai".

Configure the following environment variable:

FABRICATE_OPENAI_API_KEY=  # The OpenAI key

OpenAI-compatible LLM provider

To use an LLM provider that is compatible with OpenAI, set FABRICATE_LLM_PROVIDER="openai".

Configure the following environment variables:

FABRICATE_OPENAI_URI= # The URL for the LLM provider.
                      # For example, for OpenRouter: "https://openrouter.ai/api/v1"
FABRICATE_OPENAI_API_KEY= # API key for the LLM provider
FABRICATE_LLM_CHEAP_MODEL= # The model to use for simple operations such as
                           # generating SQL expressions. For example, to use 
                           # Claude Haiku 3.5: "anthropic/claude-3.5-haiku"
FABRICATE_LLM_EXPENSIVE_MODEL= # The model to use for complex operations such as
                               # parsing DDL. For example, to use 
                               # Claude Sonnet 4: "anthropic/claude-4-sonnet-20250522"

Load balancer

Even if you run a single Fabricate application instance, to provide TLS, you might want to put a load balancer in front of Fabricate.

AWS

If you use AWS, you can create an Application Load Balancer with a TLS certificate in front of your Fabricate instance.

You can either:

  • Use a free SSL/TLS certificate from AWS Certificate Manager

  • Bring your own certificate

Other providers

If you use a different cloud provider, use their equivalent of an Application Load Balancer.

Last updated