Skip to content

Environment variables

Set these in Settings → Environment Variables in the menu-bar tray.

DefaultEffect
unsetFrigate+ Subscription not enabled
Frigate+ API KeyFrigate+ Subscription enabled

Needed to take advantage of a Frigate+ subscription, if you have one.

These are the env vars introduced by the Fregata port itself.

DefaultEffect
computedCeiling for the Basic RAM disk size in megabytes (1024 MB max). Default is a per-camera-config formula; set explicitly to lock a value. Does not apply to the Smart memory (tmpfs) cache backing — that one has a fixed 1 GB sparse cap that’s not user-tunable. See Performance → RAM-disk cache for the two modes and how you picked one in the welcome wizard.
DefaultEffect
unsetPort 5000 bound to 127.0.0.1 only (loopback).
1Port 5000 bound to all interfaces (0.0.0.0), reachable from your LAN.

Accepts 1, true, or yes. Any other value (or unset) keeps the default loopback binding. A warning is written to the Fregata log at startup whenever this is active.

If port 5000 is already bound by something else — most commonly macOS’s AirPlay Receiver, which holds it permanently whenever enabled — Fregata detects the conflict and automatically serves the same unauthenticated endpoint on port 5050 instead, leaving port 5000 itself loopback-only. You don’t need to disable AirPlay Receiver; check the Fregata log at startup to confirm which port is active. See Port 5000 already in use? for details.

DefaultEffect
5050Port used for LAN-exposed unauthenticated access when port 5000 can’t be bound (see FREGATA_EXPOSE_INTERNAL_PORT above).
<port>Use this port instead, e.g. if 5050 is also taken on your network.

Only relevant when FREGATA_EXPOSE_INTERNAL_PORT=1 and port 5000 is unavailable. Has no effect otherwise. Same no-authentication warning as FREGATA_EXPOSE_INTERNAL_PORT applies to whichever port ends up active.

Can’t be set to a port Fregata already uses internally — 5000, 5001, 5002, 8082, 8971, 1984, 8554, or 8555. An override matching one of those is ignored (with a warning in the log) and the default (5050) is used instead.

DefaultEffect
unsetPort 1984 (go2rtc’s admin API) bound to 127.0.0.1 only (loopback).
1Port 1984 bound to all interfaces (0.0.0.0), reachable from your LAN.

Accepts 1, true, or yes. Any other value (or unset) keeps the default loopback binding. A warning is written to the Fregata log at startup whenever this is active.

Unlike FREGATA_EXPOSE_INTERNAL_PORT, there’s no conflict fallback here — go2rtc is its own process, so a failed bind only stops go2rtc, not the rest of Fregata, and port 1984 isn’t known to collide with anything on macOS. If you’ve set go2rtc.api.listen explicitly in your own config.yml, that takes precedence over this env var.

DefaultEffect
unsetPort 8554 (go2rtc’s RTSP restream) bound to all interfaces (0.0.0.0), reachable from your LAN.
0Port 8554 bound to 127.0.0.1 only (loopback) — locks the RTSP restream down to the same Mac.

Accepts 0, false, or no to disable LAN exposure. Any other value (or unset) keeps the default LAN-open binding. A warning is written to the Fregata log at startup whenever the port is locked to loopback, so you always have a visible reminder that it’s disabled.

Unlike FREGATA_EXPOSE_INTERNAL_PORT, there’s no conflict fallback here — go2rtc is its own process, so a failed bind only stops go2rtc, not the rest of Fregata, and port 8554 isn’t known to collide with anything on macOS. If you’ve set go2rtc.rtsp.listen explicitly in your own config.yml, that takes precedence over this env var.

To require a login instead of relying on network exposure alone, set go2rtc.rtsp.username/password in config.yml:

go2rtc:
rtsp:
username: "admin"
password: "pass"

Clients then connect with rtsp://admin:pass@<mac-ip>:8554/<camera_name>. This is go2rtc’s own credential check — independent of FREGATA_EXPOSE_RTSP_PORT, independent of Frigate’s auth.enabled, and separate from whatever username/password your cameras use upstream.

DefaultEffect
unsetPrivacy-respecting Telemetry included in license check.
1Telemetry omitted.

The contents of the telemetry are listed at Privacy & telemetry. Setting this to 1 is a complete opt-out — nothing telemetry-shaped leaves the Mac.

These are read by config.yml via the {} YAML tag, not by Fregata or the launcher. They exist because writing secrets in plaintext into a file is generally a bad habit.

Conventional name for the MQTT broker password. Reference in config.yml:

mqtt:
password: {FREGATA_MQTT_PASSWORD}

You’re free to use any other name — it’s just variable Frigate’s config loader will look up. Pick a convention and stick with it.

The same pattern works for any secret your config references: FREGATA_GENAI_KEY, FREGATA_HOMEASSISTANT_TOKEN, FREGATA_FRIGATE_PLUS_KEY, etc. Set them in the in-app editor and reference them with {NAME} in config.yml.