Server Environment Variables
This list all the supported environment variables for the server side of RepoFlow. These variables are required to connect to the database, S3, Hasura, Search Engine (Elasticsearch or OpenSearch) , Redis, SMTP, and other services.
Core Server Configuration
Settings related to the core server, such as ports, URLs, and temporary storage.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| SERVER_PORT | Number | Port for the server to listen on inside the pod container | Yes | |
| SERVER_URL | String | URL of the server from the end user's perspective | Yes | |
| FRONTEND_URL | String | URL of the frontend application from the end user's perspective | Yes | |
| TMP_FOLDER | String | Temporary folder for storing files | /srv/tmp | No |
| COOKIE_SECURE | Boolean | Indicates if cookies should be secure | true | No |
| CORS_WHITELIST | String Array | List of allowed origins for CORS; server URL and frontend URL will be automatically allowed | [] | No |
| COOKIE_DOMAIN | String | Domain for the cookies | Derived from FRONTEND_URL | No |
| COOKIE_SAME_SITE | String | SameSite attribute for cookies (strict/lax/none) | strict | No |
| COOKIE_HTTP_ONLY | Boolean | Indicates if cookies should be HTTP only | false | No |
| GENERAL_COOKIE_SECRET | String | Secret key used to encrypt specific cookies, such as nonce and state, but not the primary authentication cookie. | YES | |
| IS_REMOTE_CACHE_ENABLED | Boolean | Enable remote cache | true | No |
| MAX_UPLOAD_FILE_SIZE_IN_BYTES | Number | Maximum allowed upload file size in bytes | 1000000000 | No |
| MAX_FILES_AMOUNT_IN_UPLOAD_REQUEST | Number | Maximum number of files allowed per upload request | 30 | No |
| MAX_REQUEST_JSON_SIZE_IN_BYTES | Number | Maximum allowed size (in bytes) for JSON request bodies. Useful for controlling the size of incoming JSON payloads like npm publish or large metadata. | 500000000 | No |
| ALL_REQUESTS_TIME_OUT_IN_SECONDS | Number | Maximum total time in seconds allowed for any incoming request, regardless of activity. This value overrides Node’s default 5-minute timeout. | 600 | No |
| IS_BASIC_SIGNIN_ENABLED | Boolean | Enables or disables the ability for users to sign in using the built-in basic (email/password) authentication. Disabling this is helpful when SSO or other auth systems are in use. | true | No |
| IS_BASIC_SIGNUP_ENABLED | Boolean | Enables or disables the ability for users to sign up using the built-in basic (email/password) authentication. Useful for setups that use external auth methods like SSO or LDAP, or to lock signups after inviting specific users. | true | No |
Auto-Created Workspaces
Settings related to automatic workspace creation during user signup, including storage, bandwidth, and package limits.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_AUTO_CREATE_WORKSPACE_ON_SIGNUP | Boolean | Automatically creates a workspace upon user signup | true | No |
| AUTO_CREATED_WORKSPACE_STORAGE_LIMIT_IN_BYTES | Number | Storage limit in bytes for auto-created workspaces | 10000000000 | No |
| AUTO_CREATED_WORKSPACE_BANDWIDTH_LIMIT_IN_BYTES | Number | Bandwidth limit in bytes for auto-created workspaces | 10000000000 | No |
| AUTO_CREATED_WORKSPACE_PACKAGE_AMOUNT_LIMIT | Number | Package amount limit for auto-created workspaces | 100 | No |
| AUTO_CREATED_WORKSPACE_AI_USAGE_LIMIT | Number | AI usage limit for auto-created workspaces | 0 | No |
Storage Configuration (S3)
Settings related to S3 storage.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| S3_ACCESS_KEY | String | Access key for S3 | Yes | |
| S3_SECRET_KEY | String | Secret key for S3 | Yes | |
| S3_USE_SSL | Boolean | Use SSL for S3 | true | No |
| S3_PORT | Number | Port for S3 | Yes | |
| S3_END_POINT | String | Endpoint for S3 | Yes | |
| S3_BUCKET | String | S3 bucket name | Yes | |
| S3_CREATE_BUCKET_IF_NOT_EXIST | Boolean | Create bucket if it does not exist | true | No |
| S3_IS_AWS_S3 | Boolean | Indicates if S3 is AWS S3 | false | No |
| S3_REGION | String | AWS S3 region | us-east-1 | No |
| S3_KEEP_ALIVE | Boolean | Keep alive connections to S3 provider | false | No |
| S3_MAX_SOCKETS | Number | Maximum number of simultaneous socket connections to the S3 server 50 | 50 | No |
| S3_USE_PRE_SIGNED_URL | Boolean | Use pre-signed URLs for S3. This means the server will redirect files to S3 whenever possible, reducing server load and bandwidth cost | true | No |
| S3_TEST_PERFORMANCE_ON_START | String | Set to true to enable the performance test. Useful for debugging slowdowns and ensuring your setup is optimized. | false | No |
| S3_CHECKSUM_ALGORITHM | String | Checksum algorithm used for data integrity verification. Options: CRC32, CRC32C, CRC64NVME, SHA1, SHA256, NONE. | SHA256 | No |
| S3_REQUEST_CHECKSUM_CALCULATION | String | Defines when request checksum calculation is performed. Options: WHEN_REQUIRED, WHEN_SUPPORTED. | WHEN_SUPPORTED | No |
| S3_RESPONSE_CHECKSUM_CALCULATION | String | Defines when response checksum calculation is performed. Options: WHEN_REQUIRED, WHEN_SUPPORTED. | WHEN_SUPPORTED | No |
Database & Hasura Configuration
Settings related to database connections and Hasura.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| HASURA_URL | String | URL for Hasura | Yes | |
| HASURA_URL_REST | String | URL for Hasura REST API | Yes | |
| HASURA_ADMIN_SECRET | String | Admin secret for Hasura | ||
| HASURA_UPGRADE_ON_START | Boolean | Use this to prevent the server from checking for updates on every startup. Set this to true when upgrading the RepoFlow version. | false | No |
| HASURA_UPGRADE_METADATA_FOLDER | Boolean | Specifies the location where the server will copy Hasura files during a database upgrade. Useful for systems running in read-only mode. | ./hasura-runtime | No |
Search Engine Configuration
Settings related to Elasticsearch and OpenSearch.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_SMART_SEARCH_ENABLED | Boolean | Enable smart search (Elasticsearch or OpenSearch) | false | No |
| SMART_SEARCH_TYPE | String | The search engine type elasticsearch or opensearch | elasticsearch | No |
| SMART_SEARCH_CLEAR_INDEX_ON_STARTUP | Boolean | Clear Search Engine index on startup | false | No |
| SMART_SEARCH_URL | String | URL for Elasticsearch or OpenSearch | No | |
| SMART_SEARCH_USERNAME | String | Username for Elasticsearch or OpenSearch | No | |
| SMART_SEARCH_PASSWORD | String | Password for Elasticsearch or OpenSearch | No | |
| SMART_SEARCH_INDEX_NAME | String | Search Engine index name | No | |
| SMART_SEARCH_INDEXING_RUN_ON_STARTUP | Boolean | Run indexing on startup | false | No |
| SMART_SEARCH_INDEXING_PACKAGE_QUERY_LIMIT | Number | Query limit for package indexing | 400 | No |
| SMART_SEARCH_INDEXING_BULK_SIZE | Number | Bulk size for indexing | 20000 | No |
| SMART_SEARCH_INDEXING_CRON | String | Cron schedule for indexing | 0 4 * * * | No |
| SEARCH_RESULTS_QUERY_LIMIT | Number | Query limit for search results | 100 | No |
| DEFAULT_SEARCH_LIMIT | Number | Default search result limit | 10 | No |
Caching (Redis) Configuration
Settings related to caching with Redis.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_REDIS_ENABLED | Boolean | Enable Redis | false | No |
| REDIS_CONNECTION_STRING | String | Connection string for Redis | No | |
| REDIS_NAMESPACE | String | Namespace for Redis | repoflow | No |
| REDIS_DEFAULT_TTL_IN_STRING | String | Default TTL for Redis | 10d | No |
Scheduled Tasks & Cron Jobs
Settings for automated background tasks.
⚠ Caution: Modifying these settings without a full understanding of their impact can disrupt essential maintenance, cleanup, or system processes. Only change them if you are sure of their effect on your system.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| SCHEDUAL_TASKS_FILES_GARBAGE_CRON | String | Cron schedule for garbage collection tasks | 0 3 * * * | No |
| SCHEDUAL_TASKS_MAX_TIME_FOR_INACTIVE_TASK | String | Max time for inactive tasks | 2m | No |
| SCHEDUAL_TASKS_CLEAN_INACTIVE_TASKS_CRON | String | Cron schedule for cleaning inactive tasks | */5 * * * * | No |
| SCHEDUAL_TASKS_RESET_WORKSPACE_TRANSFER_USAGE_CRON | String | Cron schedule for resetting workspace transfer usage | 0 1 * * * | No |
| SCHEDUAL_TASKS_DELETE_PACKAGES_WITHOUT_VERSIONS_CRON | String | Cron schedule for deleting packages that have no versions (currently applicable only for Docker repositories) | 0 */5 * * * | No |
| CHECK_FOR_INACTIVE_MANUAL_TASKS_CRON | String | Cron schedule for checking inactive manual tasks | */5 * * * * | No |
| CHECK_FOR_PENDING_MANUAL_TASKS_CRON | String | Cron schedule for checking pending manual tasks | */5 * * * * | No |
| TIME_TILL_MANUAL_TASKS_INACTIVE | String | Time until manual tasks become inactive | 2m | No |
Authentication & Security
Settings related to authentication and security.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| JWT_SECRET | String | Secret key for JWT | Yes | |
| RESET_PASSWORD_JWT_SECRET | String | Secret key for reset password JWT | Yes | |
| PERSONAL_ACCESS_TOKEN_JWT_SECRET | String | Secret key used to sign personal access tokens. Any change will break all existing personal access tokens. | Yes | |
| COOCKIE_EXPIRY_IN_SECONDS | Number | Cookie expiry time in seconds | 604800 | No |
| JWS_ALGORITHM | String | Algorithm for JWS | HS256 | No |
| DEFAULT_ADMIN_USER_NAME | String | Default admin username | admin | No |
| DEFAULT_ADMIN_PASSWORD | String | Default admin password | password | No |
Logging & Monitoring
Settings for request logging and tracking.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_PRINT_ENV | Boolean | Prints environment configuration on startup if true | false | No |
| CONSOLE_LOG_LEVEL | String | Sets the logging verbosity level for console output. Levels are hierarchical, setting a level includes all levels below it. Possible values (from lowest to highest verbosity): info, warn, error, http, debug, delete, verbose. | http | No |
| ENABLE_IMMEDIATE_REQUEST_LOGGING | Boolean | Immediately logs each request as it is received by the server. These logs will only appear in the console if the console log level is set to http or higher. | false | No |
| ENABLE_ONGOING_REQUEST_TRACKING | Boolean | Tracks ongoing requests and periodically logs their status. These logs will always appear in the console, as they use the info log level. | false | No |
Email (SMTP) Configuration
Settings for email notifications and verification.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_SMTP_ENABLED | Boolean | Enable SMTP | false | No |
| IS_ACCOUNT_VERIFICATION_ENABLED | Boolean | Requires email verification during signup. SMTP must be enabled for this to work. | false | No |
| SMTP_PORT | Number | Port for SMTP | 465 | No |
| SMTP_SECURE | Boolean | Use secure connection for SMTP | true | No |
| SMTP_SENDER_ADDRESS | String | Sender address for SMTP | No | |
| SMTP_USERNAME | String | Username for SMTP | No | |
| SMTP_PASSWORD | String | Password for SMTP | No | |
| SMTP_ENDPOINT | String | Endpoint for SMTP | No |
AI & LLM Configuration
Settings related to AI features and Large Language Models.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| ENABLE_AI_FEATURES | Boolean | Enables AI-related features in the application | false | No |
| LLM_REQUEST_TIME_OUT_IN_SECONDS | Number | Timeout for requests sent to the LLM provider (in seconds) | 240 | No |
| LLM_PROVIDER | String | The LLM provider to use (openai, ollama, anthropic, mistral, cohere, huggingface, azure, bedrock) | ollama | No |
| LLM_SERVER_URL | String | URL of the LLM server (only relevant when LLM_PROVIDER is ollama) | No | |
| LLM_API_KEY | String | API key for the selected LLM provider | No | |
| LLM_MODEL_NAME | String | The model name to use for LLM operations | No | |
| LLM_ACCESS_KEY_ID | String | Access key ID (only relevant when LLM_PROVIDER is aws_bedrock) | No | |
| LLM_SECRET_ACCESS_KEY | String | Secret access key (only relevant when LLM_PROVIDER is aws_bedrock) | No | |
| LLM_REGION | String | AWS region (only relevant when LLM_PROVIDER is aws_bedrock) | No |
Vulnerability Scanning
Settings for vulnerability scanning of packages and container images.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_VULNERABILITY_SCANNING_ENABLED | Boolean | Enables vulnerability scanning for packages and container images using Grype. | true | No |
| GRYPE_AUTO_UPDATE | Boolean | Automatically updates Grype's vulnerability database. For offline or air-gapped environments, set this to false. | true | No |
| GRYPE_AUTO_UPDATE_CRON | String | Cron expression to control how often Grype's vulnerability database is updated. | 0 0 * * * | No |
Docker Authentication Configuration
Settings related to Docker authentication and authorization.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| DOCKER_AUTH_USE_REQUEST_HOST | Boolean | If true, uses the request's host and protocol for authentication. Otherwise, it defaults to SERVER_URL, which is recommended. | false | No |