Server Environment Variables
This lists all the supported environment variables for the server side of RepoFlow. These variables are required to connect to the database, S3, Hasura, Search Engine (Elasticsearch or OpenSearch) , Redis, SMTP, and other services.
Core Server Configuration
Settings related to the core server, such as ports, URLs, and temporary storage.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| SERVER_PORT | Number | Port for the server to listen on inside the pod container | Yes | |
| SERVER_URL | String | URL of the server from the end user's perspective | Yes | |
| FRONTEND_URL | String | URL of the frontend application from the end user's perspective | Yes | |
| TMP_FOLDER | String | Temporary folder for storing files | /srv/tmp | No |
| TMP_FOLDER_TEST_PERFORMANCE_ON_START | Boolean | Runs a temp folder performance test on startup using TMP_FOLDER, blocking startup until it finishes. Useful for benchmarking, not recommended in production. | false | No |
| COOKIE_SECURE | Boolean | Indicates whether cookies should be marked as Secure. When not explicitly set, the value is automatically derived from FRONTEND_URL. Set this explicitly if you need to override the default behavior. | true if FRONTEND_URL starts with https://, otherwise false | No |
| CORS_WHITELIST | String Array | List of allowed origins for CORS, server URL and frontend URL will be automatically allowed | [] | No |
| COOKIE_DOMAIN | String | Cookie domain attribute. If not explicitly set, it defaults to the hostname of FRONTEND_URL (for example, app.example.com). | Hostname of FRONTEND_URL | No |
| COOKIE_SAME_SITE | String | SameSite attribute for cookies (strict/lax/none) | strict | No |
| COOKIE_HTTP_ONLY | Boolean | Indicates if cookies should be HTTP only | true | No |
| GENERAL_COOKIE_SECRET | String | Secret key used to encrypt specific cookies, such as nonce and state, but not the primary authentication cookie. | YES | |
| IS_REMOTE_CACHE_ENABLED | Boolean | Enable remote cache | true | No |
| MAX_UPLOAD_FILE_SIZE_IN_BYTES | Number | Maximum allowed upload file size in bytes | 10000000000 | No |
| MAX_FILES_AMOUNT_IN_UPLOAD_REQUEST | Number | Maximum number of files allowed per upload request | 30 | No |
| MAX_REQUEST_JSON_SIZE_IN_BYTES | Number | Maximum allowed size (in bytes) for JSON request bodies. Useful for controlling the size of incoming JSON payloads like npm publish or large metadata. | 500000000 | No |
| ALL_REQUESTS_TIME_OUT_IN_SECONDS | Number | Maximum total time in seconds allowed for any incoming request, regardless of activity. This value overrides Node’s default 5-minute timeout. | 600 | No |
| IS_BASIC_SIGNIN_ENABLED | Boolean | Enables or disables the ability for users to sign in using the built-in basic (email/password) authentication. Disabling this is helpful when SSO or other auth systems are in use. | true | No |
| IS_BASIC_SIGNUP_ENABLED | Boolean | Enables or disables the ability for users to sign up using the built-in basic (email/password) authentication. Useful for setups that use external auth methods like SSO or LDAP, or to lock signups after inviting specific users. Even when disabled, a system administrator can still create users manually in the system settings using basic credentials if needed. | true |
Storage Configuration
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| STORAGE_TYPE | String | Defines the active storage backend. Supported values: object-storage (for S3 or compatible systems) and file-system (for local storage). | object-storage | No |
| STORAGE_TEST_PERFORMANCE_ON_START | String | Set to true to enable the performance test. Useful for debugging slowdowns and ensuring your setup is optimized. | false | No |
S3 Storage Settings
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| S3_ACCESS_KEY | String | Access key for S3 | Yes (for Object Storage) | |
| S3_SECRET_KEY | String | Secret key for S3 | Yes (for Object Storage) | |
| S3_PORT | Number | Port for S3 | Yes (for Object Storage) | |
| S3_END_POINT | String | Endpoint for S3 | Yes (for Object Storage) | |
| S3_BUCKET | String | S3 bucket name | Yes (for Object Storage) | |
| S3_USE_SSL | Boolean | Use SSL for S3 | true | No |
| S3_CREATE_BUCKET_IF_NOT_EXIST | Boolean | Create bucket if it does not exist | true | No |
| S3_IS_AWS_S3 | Boolean | Indicates if S3 is AWS S3 | false | No |
| S3_REGION | String | AWS S3 region | No | |
| S3_AWS_USE_ACCELERATE_ENDPOINT | Boolean | Use the AWS S3 Transfer Acceleration endpoint for faster uploads and downloads to enabled buckets. Only applicable when S3_IS_AWS_S3 is true and the bucket has acceleration enabled. | false | No |
| S3_USE_PATH_STYLE | Boolean | Use path-style URLs (/bucket/object) instead of virtual-hosted-style URLs (bucket.endpoint/object). Must be set to false when S3_AWS_USE_ACCELERATE_ENDPOINT is enabled. | true | No |
| S3_KEEP_ALIVE | Boolean | Keep alive connections to S3 provider | false | No |
| S3_MAX_SOCKETS | Number | Maximum number of simultaneous socket connections to the S3 server 50 | 50 | No |
| S3_USE_PRE_SIGNED_URL | Boolean | Use pre-signed URLs for S3. This means the server will redirect files to S3 whenever possible, reducing server load and bandwidth cost | false | No |
| S3_CHECKSUM_ALGORITHM | String | Checksum algorithm used for data integrity verification. Options: CRC32, CRC32C, CRC64NVME, SHA1, SHA256, NONE. | SHA256 | No |
| S3_REQUEST_CHECKSUM_CALCULATION | String | Defines when request checksum calculation is performed. Options: WHEN_REQUIRED, WHEN_SUPPORTED. | WHEN_REQUIRED | No |
| S3_RESPONSE_CHECKSUM_CALCULATION | String | Defines when response checksum calculation is performed. Options: WHEN_REQUIRED, WHEN_SUPPORTED. | WHEN_REQUIRED | No |
| S3_STORAGE_CLASS | String | Optional AWS S3 storage class to apply to newly created objects (uploads, multipart uploads, health and performance test objects). Only applied when S3_IS_AWS_S3 is true. Use UNSET (default) to disable. Options: UNSET, STANDARD, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, GLACIER_IR, DEEP_ARCHIVE, REDUCED_REDUNDANCY, OUTPOSTS, SNOW, EXPRESS_ONEZONE, FSX_ONTAP, FSX_OPENZFS. | UNSET | No |
File System Storage Settings
Imoportant: File system storage is not recommended for production environments.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| STORAGE_LOCAL_DATA_FOLDER | String | Directory path where files are stored locally. | /data | No |
Database & Hasura Configuration
Settings related to database connections and Hasura.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| HASURA_URL | String | URL for Hasura | Yes | |
| HASURA_URL_REST | String | URL for Hasura REST API | Yes | |
| HASURA_ADMIN_SECRET | String | Admin secret for Hasura | ||
| HASURA_UPGRADE_ON_START | Boolean | Use this to prevent the server from checking for updates on every startup. Set this to true when upgrading the RepoFlow version. | false | No |
| HASURA_UPGRADE_METADATA_FOLDER | Boolean | Specifies the location where the server will copy Hasura files during a database upgrade. Useful for systems running in read-only mode. | ./hasura-runtime | No |
Search Engine Configuration
Settings related to Elasticsearch and OpenSearch.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_SMART_SEARCH_ENABLED | Boolean | Enable smart search (Elasticsearch or OpenSearch) | false | No |
| SMART_SEARCH_TYPE | String | The search engine type elasticsearch or opensearch | elasticsearch | No |
| SMART_SEARCH_CLEAR_INDEX_ON_STARTUP | Boolean | Clear Search Engine index on startup | false | No |
| SMART_SEARCH_URL | String | URL for Elasticsearch or OpenSearch | No | |
| SMART_SEARCH_USERNAME | String | Username for Elasticsearch or OpenSearch | No | |
| SMART_SEARCH_PASSWORD | String | Password for Elasticsearch or OpenSearch | No | |
| SMART_SEARCH_INDEX_NAME | String | Search Engine index name | No | |
| SMART_SEARCH_INDEXING_RUN_ON_STARTUP | Boolean | Run indexing on startup | false | No |
| SMART_SEARCH_INDEXING_PACKAGE_QUERY_LIMIT | Number | Query limit for package indexing | 400 | No |
| SMART_SEARCH_INDEXING_BULK_SIZE | Number | Bulk size for indexing | 20000 | No |
| SMART_SEARCH_INDEXING_CRON | String | Cron schedule for indexing | 0 4 \* \* \* | No |
| SEARCH_RESULTS_QUERY_LIMIT | Number | Query limit for search results | 100 | No |
| DEFAULT_SEARCH_LIMIT | Number | Default search result limit | 10 | No |
Caching (Redis) Configuration
Settings related to caching with Redis.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_REDIS_ENABLED | Boolean | Enable Redis | false | No |
| REDIS_CONNECTION_STRING | String | Connection string for Redis | No | |
| REDIS_NAMESPACE | String | Namespace for Redis | repoflow | No |
| REDIS_DEFAULT_TTL_IN_STRING | String | Default TTL for Redis | 10d | No |
Authentication & Security
Settings related to authentication and security.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| JWT_SECRET | String | Secret key for JWT | Yes | |
| RESET_PASSWORD_JWT_SECRET | String | Secret key for reset password JWT | Yes | |
| PERSONAL_ACCESS_TOKEN_JWT_SECRET | String | Secret key used to sign personal access tokens. Any change will break all existing personal access tokens. | Yes | |
| COOKIE_EXPIRY_IN_SECONDS | Number | Cookie expiry time in seconds | 604800 | No |
| JWS_ALGORITHM | String | Algorithm for JWS | HS256 | No |
| DEFAULT_ADMIN_USER_NAME | String | Default admin username | admin | No |
| DEFAULT_ADMIN_PASSWORD | String | Default admin password | password | No |
| IS_PASSWORD_SPECIAL_CHARACTERS_ALLOWED | Boolean | Allow special characters in passwords. If false, only letters and numbers are allowed. | false | No |
OIDC
Settings for OpenID Connect (OIDC) refresh token support and caching.
Note:
OIDC provider details are set in the RepoFlow UI, not via environment variables.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| ALLOW_OIDC_REFRESH_TOKENS_AS_PERSONAL_ACCESS_TOKENS | Boolean | Allows using OpenID Connect (OIDC) refresh tokens as personal access tokens (PATs). | false | No |
| ENABLE_OIDC_REFRESH_TOKEN_CACHING | Boolean | Enable in-memory caching for OIDC refresh tokens to reduce calls to the OIDC provider | false | No |
| OIDC_REFRESH_TOKEN_VALID_CACHE_TTL_IN_SECONDS | Number | TTL (in seconds) for valid OIDC refresh tokens in cache | 86400 | No |
| OIDC_REFRESH_TOKEN_INVALID_CACHE_TTL_IN_SECONDS | Number | TTL (in seconds) for invalid OIDC refresh tokens in cache | 86400 | No |
Role Mapping
Configure RepoFlow to automatically map user roles from an external server.
When enabled, user roles are synchronized based on the mapping response at login.
You can also enforce strict mapping by removing any roles not listed in the external response.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| ENABLED_ROLE_MAPPING | Boolean | Enable mapping user roles from external role mapping server. | false | No |
| ROLE_MAPPING_URL | String | Role mapping server URL. Use :user-email as a placeholder for user email (e.g., http://localhost:9085/roles/:user-email). | Yes, if role mapping is enabled | |
| ROLE_MAPPING_SECRET | String | Secret key passed in the X-Auth-Token header when calling the role mapping server. | Yes, if role mapping is enabled | |
| ROLE_MAPPING_REMOVE_EXTRA_ROLES | Boolean | Remove existing user roles not mentioned in the mapping. Set to true to enforce exact mapping. | false | No |
| ROLE_MAPPING_SYNC_CRON_ENABLED | Boolean | Enable periodic sync of user roles from the mapping server based on a cron schedule. | false | No |
| ROLE_MAPPING_SYNC_CRON | String | Cron expression for periodic sync (e.g., 0 * * * * for every hour). Only used if sync is enabled. | 0 * * * * | No |
Logging & Monitoring
Settings for request logging and tracking.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_PRINT_ENV | Boolean | Prints environment configuration on startup if true | false | No |
| CONSOLE_LOG_LEVEL | String | Sets the logging verbosity level for console output. Levels are hierarchical, setting a level includes all levels below it. Possible values (from lowest to highest verbosity): info, warn, error, http, debug, delete, verbose, auth. | http | No |
| ENABLE_IMMEDIATE_REQUEST_LOGGING | Boolean | Immediately logs each request as it is received by the server. These logs will only appear in the console if the console log level is set to http or higher. | false | No |
| ENABLE_ONGOING_REQUEST_TRACKING | Boolean | Tracks ongoing requests and periodically logs their status. These logs will always appear in the console, as they use the info log level. | false | No |
| ENABLE_AUTH_LOGGING | Boolean | Enables detailed authentication logging for debugging. ⚠️ Use with caution as credentials may appear in the logs. | false | No |
Email (SMTP) Configuration
Settings for email notifications and verification.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_SMTP_ENABLED | Boolean | Enable SMTP | false | No |
| IS_ACCOUNT_VERIFICATION_ENABLED | Boolean | Requires email verification during signup. SMTP must be enabled for this to work. | false | No |
| IS_SIGNUP_WITH_DISPOSABLE_EMAILS_ALLOWED | Boolean | Allow signups with disposable email addresses | true | No |
| SMTP_PORT | Number | Port for SMTP | 465 | No |
| SMTP_SECURE | Boolean | Use secure connection for SMTP | true | No |
| SMTP_SENDER_ADDRESS | String | Sender address for SMTP | No | |
| SMTP_USERNAME | String | Username for SMTP | No | |
| SMTP_PASSWORD | String | Password for SMTP | No | |
| SMTP_ENDPOINT | String | Endpoint for SMTP | No | |
| SMTP_BCC_ADDRESS | String | Email address that receives a blind copy of all outgoing messages | No | |
| SMTP_RATE_LIMIT_ENABLED | Boolean | Enable rate limiting on emails per recipient | false | No |
| SMTP_MAX_EMAILS_PER_INTERVAL | Number | Maximum number of emails allowed to be sent to the same address within the defined window | 5 | No |
| SMTP_RATE_LIMIT_WINDOW_MS | Number | Time window in milliseconds to evaluate the rate limit (e.g. 120000 = 2 minutes) | 120000 | No |
Note: The rate limiting is currently enforced in server memory.
In a high availability (HA) setup with multiple instances (pods), each instance maintains its own limit.
Please adjust the values accordingly based on your deployment scale.
Auto-Created Workspaces
Settings related to automatic workspace creation during user signup, including storage, bandwidth, and package limits.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_AUTO_CREATE_WORKSPACE_ON_SIGNUP | Boolean | Automatically creates a workspace upon user signup | true | No |
| AUTO_CREATED_WORKSPACE_STORAGE_LIMIT_IN_BYTES | Number | Storage limit in bytes for auto-created workspaces | 10000000000 | No |
| AUTO_CREATED_WORKSPACE_BANDWIDTH_LIMIT_IN_BYTES | Number | Bandwidth limit in bytes for auto-created workspaces | 10000000000 | No |
| AUTO_CREATED_WORKSPACE_PACKAGE_AMOUNT_LIMIT | Number | Package amount limit for auto-created workspaces | 100 | No |
| AUTO_CREATED_WORKSPACE_AI_USAGE_LIMIT | Number | AI usage limit for auto-created workspaces | 0 | No |
AI & LLM Configuration
Settings related to AI features and Large Language Models.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| ENABLE_AI_FEATURES | Boolean | Enables AI-related features in the application | false | No |
| LLM_README_AUTO_SUMMARY_ENABLED | Boolean | When enabled, automatically generates and displays an AI summary when visiting a package page (triggers an LLM request). When disabled, the user must click to generate a summary manually. | true | No |
| LLM_REQUEST_TIME_OUT_IN_SECONDS | Number | Timeout for requests sent to the LLM provider (in seconds) | 240 | No |
| LLM_PROVIDER | String | The LLM provider to use (openai, ollama, anthropic, mistral, cohere, huggingface, azure, bedrock) | ollama | No |
| LLM_SERVER_URL | String | URL of the LLM server (only relevant when LLM_PROVIDER is ollama) | No | |
| LLM_API_KEY | String | API key for the selected LLM provider | No | |
| LLM_MODEL_NAME | String | The model name to use for LLM operations | No | |
| LLM_MAX_CONTEXT_SIZE | Number | Maximum number of tokens from the conversation context to send to the LLM in a single request. | 4000 | No |
| LLM_ACCESS_KEY_ID | String | Access key ID (only relevant when LLM_PROVIDER is aws_bedrock) | No | |
| LLM_SECRET_ACCESS_KEY | String | Secret access key (only relevant when LLM_PROVIDER is aws_bedrock) | No | |
| LLM_REGION | String | AWS region (only relevant when LLM_PROVIDER is aws_bedrock) | No |
Vulnerability Scanning
Settings for vulnerability scanning of packages and container images.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_VULNERABILITY_SCANNING_ENABLED | Boolean | Enables vulnerability scanning for packages and container images using Grype. | true | No |
| GRYPE_AUTO_UPDATE | Boolean | Automatically updates Grype's vulnerability database. For offline or air-gapped environments, set this to false. | true | No |
| GRYPE_AUTO_UPDATE_CRON | String | Cron expression to control how often Grype's vulnerability database is updated. | 0 0 * * * | No |
Retention Rules
Settings for enabling retention rules and configuring how they run.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| ENABLE_RETENTION_RULES | Boolean | Enables retention rules. | true | No |
| RETENTION_RULES_ENABLE_FILE_RULES | Boolean | Enables retention rules that target specific files (file-based rules). Not recommended unless you fully understand RepoFlow’s file structure—misuse may break package functionality. | false | No |
| RETENTION_RULES_CONCURRENCY_LIMIT | Number | Maximum number of retention rules the server may run in parallel. Use this to limit CPU/memory load and avoid impacting normal operations. | 3 | No |
| RETENTION_RULES_MAX_RULES_PER_REPOSITORY | Number | Maximum number of retention rules allowed per repository. Helps prevent over usage of retention rules that add unnecessary load to the server. | 10 | No |
Docker Authentication Configuration
Settings related to Docker authentication and authorization.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| DOCKER_AUTH_USE_REQUEST_HOST | Boolean | If true, uses the request's host and protocol for authentication. Otherwise, it defaults to SERVER_URL, which is recommended. | false | No |
NPM Manifest Response
Control how much of package.json (the npm manifest) is returned in API responses like npm info.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| NPM_MANIFEST_MODE | String | Options: summary, allowlist, full. summary is best for download speed and bandwidth. allowlist adds the listed fields plus the default ones. full adds the entire manifest except fields RepoFlow already includes separately. | summary | No |
| NPM_MANIFEST_FIELDS_ALLOWLIST | String | Comma separated list of top level fields when mode is allowlist. Example: keywords,deployment,repository. | No |
Note: Any change to
NPM_MANIFEST_MODErequires re-uploading all npm packages for it to take full effect.
Scheduled Tasks & Cron Jobs
Settings for automated background tasks.
⚠ Caution: Modifying these settings without a full understanding of their impact can disrupt essential maintenance, cleanup, or system processes. Only change them if you are sure of their effect on your system.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| SCHEDUAL_TASKS_FILES_GARBAGE_CRON | String | Cron schedule for garbage collection tasks | 0 3 * * * | No |
| SCHEDUAL_TASKS_MAX_TIME_FOR_INACTIVE_TASK | String | Max time for inactive tasks | 2m | No |
| SCHEDUAL_TASKS_CLEAN_INACTIVE_TASKS_CRON | String | Cron schedule for cleaning inactive tasks | */5 * * * * | No |
| SCHEDUAL_TASKS_RESET_WORKSPACE_TRANSFER_USAGE_CRON | String | Cron schedule for resetting workspace transfer usage | 0 1 * * * | No |
| SCHEDUAL_TASKS_DELETE_PACKAGES_WITHOUT_VERSIONS_CRON | String | Cron schedule for deleting packages that have no versions (currently applicable only for Docker repositories) | 0 */5 * * * | No |
| SCHEDUAL_TASKS_CLEAN_INACIVE_RUNNING_RETENTION_RULES_CRON | String | Cron schedule for marking “running” retention rules as failed when they stop reporting status updates. | */5 * * * * | No |
| SCHEDUAL_TASKS_RUN_RETENTION_RULES_CRON | String | Cron schedule for checking which retention rules are due to run and executing them. | */4 * * * * | No |
| SCHEDUAL_TASKS_DELETE_OLD_SCHEDUAL_TASKS_CRON | String | Cron schedule for deleting old scheduled task history records. | 0 1 * * * | No |
| CHECK_FOR_INACTIVE_MANUAL_TASKS_CRON | String | Cron schedule for checking inactive manual tasks | */5 * * * * | No |
| CHECK_FOR_PENDING_MANUAL_TASKS_CRON | String | Cron schedule for checking pending manual tasks | */5 * * * * | No |
| TIME_TILL_MANUAL_TASKS_INACTIVE | String | Time until manual tasks become inactive | 2m | No |
| SCHEDUAL_TASKS_HISTORY_DAYS_LIMIT | Number | Number of days to keep scheduled task history records (helps prevent database clutter). | 30 | No |