Server Environment Variables
This lists all the supported environment variables for the server side of RepoFlow. These variables are required to connect to the database, storage (S3-compatible object storage, Google Cloud Storage, Azure Blob Storage, or local filesystem), Hasura, Search Engine (Elasticsearch or OpenSearch), Redis, SMTP, and other services.
Core Server Configuration
Settings related to the core server, such as ports, URLs, and temporary storage.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| SERVER_PORT | Number | Port for the server to listen on inside the pod container | Yes | |
| SERVER_URL | String | URL of the server from the end user's perspective | Yes | |
| FRONTEND_URL | String | URL of the frontend application from the end user's perspective | Yes | |
| TMP_FOLDER | String | Temporary folder for storing files | /srv/tmp | No |
| TMP_FOLDER_TEST_PERFORMANCE_ON_START | Boolean | Runs a temp folder performance test on startup using TMP_FOLDER, blocking startup until it finishes. Useful for benchmarking, not recommended in production. | false | No |
| COOKIE_SECURE | Boolean | Indicates whether cookies should be marked as Secure. When not explicitly set, the value is automatically derived from FRONTEND_URL. Set this explicitly if you need to override the default behavior. | true if FRONTEND_URL starts with https://, otherwise false | No |
| CORS_WHITELIST | String Array | List of allowed origins for CORS, server URL and frontend URL will be automatically allowed | [] | No |
| COOKIE_DOMAIN | String | Cookie domain attribute. If not explicitly set, it defaults to the hostname of FRONTEND_URL (for example, app.example.com). | Hostname of FRONTEND_URL | No |
| COOKIE_SAME_SITE | String | SameSite attribute for cookies (strict/lax/none) | strict | No |
| COOKIE_HTTP_ONLY | Boolean | Indicates if cookies should be HTTP only | true | No |
| GENERAL_COOKIE_SECRET | String | Secret key used to encrypt specific cookies, such as nonce and state, but not the primary authentication cookie. | YES | |
| IS_REMOTE_CACHE_ENABLED | Boolean | Enable remote cache | true | No |
| MAX_UPLOAD_FILE_SIZE_IN_BYTES | Number | Maximum allowed upload file size in bytes | 10000000000 | No |
| MAX_FILES_AMOUNT_IN_UPLOAD_REQUEST | Number | Maximum number of files allowed per upload request | 30 | No |
| MAX_REQUEST_JSON_SIZE_IN_BYTES | Number | Maximum allowed size (in bytes) for JSON request bodies. Useful for controlling the size of incoming JSON payloads like npm publish or large metadata. | 500000000 | No |
| ALL_REQUESTS_TIME_OUT_IN_SECONDS | Number | Maximum total time in seconds allowed for any incoming request, regardless of activity. This value overrides Node’s default 5-minute timeout. | 600 | No |
| IS_BASIC_SIGNIN_ENABLED | Boolean | Enables or disables the ability for users to sign in using the built-in basic (email/password) authentication. Disabling this is helpful when SSO or other auth systems are in use. | true | No |
| IS_BASIC_SIGNUP_ENABLED | Boolean | Enables or disables the ability for users to sign up using the built-in basic (email/password) authentication. Useful for setups that use external auth methods like SSO or LDAP, or to lock signups after inviting specific users. Even when disabled, a system administrator can still create users manually in the system settings using basic credentials if needed. | true | |
| ENABLE_LDAP_BASIC_AUTH_FOR_API_CALLS | Boolean | Allows API and package-manager Basic Auth requests to fall back to LDAP when LDAP is enabled in RepoFlow system settings. This only affects request authentication and does not enable LDAP globally. | true | No |
| LDAP_BASIC_AUTH_FOR_API_CALLS_CACHE_TTL_IN_SECONDS | Number | TTL in seconds for the in-memory LDAP Basic Auth cache used only by API and package-manager requests. UI LDAP sign-in still validates directly against LDAP on every login. 0 disables caching. | 5 | No |
Storage Configuration
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| STORAGE_TYPE | String | Defines the active storage backend. Supported values: object-storage (for S3 or compatible systems), google-cloud-storage (for native Google Cloud Storage), azure-blob-storage (for Azure Blob Storage), and file-system (for local storage). | object-storage | No |
| STORAGE_USE_PRE_SIGNED_URL | Boolean | When true, RepoFlow will prefer returning redirects to a signed storage URL (instead of streaming the file through the API server) whenever supported by the active storage backend. | false | No |
| STORAGE_TEST_PERFORMANCE_ON_START | Boolean | Set to true to enable the performance test. Useful for debugging slowdowns and ensuring your setup is optimized. | false | No |
S3 Storage Settings
S3 storage supports any S3-compatible provider (not just AWS S3), such as Google Cloud Storage, MinIO, Ceph and more.
Pre-signed URL redirects are controlled via STORAGE_USE_PRE_SIGNED_URL.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| S3_ACCESS_KEY | String | Access key for S3 | Yes (for Object Storage) | |
| S3_SECRET_KEY | String | Secret key for S3 | Yes (for Object Storage) | |
| S3_PORT | Number | Port for S3 | Yes (for Object Storage) | |
| S3_END_POINT | String | Endpoint for S3 | Yes (for Object Storage) | |
| S3_BUCKET | String | S3 bucket name | Yes (for Object Storage) | |
| S3_USE_SSL | Boolean | Use SSL for S3 | true | No |
| S3_CREATE_BUCKET_IF_NOT_EXIST | Boolean | Create bucket if it does not exist | true | No |
| S3_IS_AWS_S3 | Boolean | Indicates if S3 is AWS S3 | false | No |
| S3_REGION | String | AWS S3 region | No | |
| S3_AWS_USE_ACCELERATE_ENDPOINT | Boolean | Use the AWS S3 Transfer Acceleration endpoint for faster uploads and downloads to enabled buckets. Only applicable when S3_IS_AWS_S3 is true and the bucket has acceleration enabled. | false | No |
| S3_USE_PATH_STYLE | Boolean | Use path-style URLs (/bucket/object) instead of virtual-hosted-style URLs (bucket.endpoint/object). Must be set to false when S3_AWS_USE_ACCELERATE_ENDPOINT is enabled. | true | No |
| S3_KEEP_ALIVE | Boolean | Keep alive connections to S3 provider | false | No |
| S3_MAX_SOCKETS | Number | Maximum number of simultaneous socket connections to the S3 server 50 | 50 | No |
| S3_CHECKSUM_ALGORITHM | String | Checksum algorithm used for data integrity verification. Options: CRC32, CRC32C, CRC64NVME, SHA1, SHA256, NONE. | SHA256 | No |
| S3_REQUEST_CHECKSUM_CALCULATION | String | Defines when request checksum calculation is performed. Options: WHEN_REQUIRED, WHEN_SUPPORTED. | WHEN_REQUIRED | No |
| S3_RESPONSE_CHECKSUM_CALCULATION | String | Defines when response checksum calculation is performed. Options: WHEN_REQUIRED, WHEN_SUPPORTED. | WHEN_REQUIRED | No |
| S3_STORAGE_CLASS | String | Optional AWS S3 storage class to apply to newly created objects (uploads, multipart uploads, health and performance test objects). Only applied when S3_IS_AWS_S3 is true. Use UNSET (default) to disable. Options: UNSET, STANDARD, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, GLACIER_IR, DEEP_ARCHIVE, REDUCED_REDUNDANCY, OUTPOSTS, SNOW, EXPRESS_ONEZONE, FSX_ONTAP, FSX_OPENZFS. | UNSET | No |
Google Cloud Storage (GCS) Settings
To enable Google Cloud Storage, set STORAGE_TYPE=google-cloud-storage.
Google Cloud Storage can also be used via the S3-compatible settings above (GCS interoperability / S3-compatible API). Use this section if you prefer the native GCS client.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| GOOGLE_CLOUD_STORAGE_BUCKET | String | GCS bucket name when STORAGE_TYPE=google-cloud-storage. | "" | No (Yes, when STORAGE_TYPE=google-cloud-storage) |
| GOOGLE_CLOUD_STORAGE_PROJECT_ID | String | Optional GCP project id override for the GCS client. | "" | No |
| GOOGLE_CLOUD_STORAGE_CREDENTIALS_JSON | String | Inline credentials JSON (plain JSON or base64 JSON). If empty, the server uses Application Default Credentials (Workload Identity/Cloud Run/etc). | "" | No (but required if ADC is not available) |
| GOOGLE_CLOUD_STORAGE_UPLOAD_CHUNK_SIZE_IN_MB | Number | Chunk size (MB) used for chunked resumable uploads to GCS (large uploads become multiple requests). | 8 | No |
Azure Blob Storage Settings
To enable Azure Blob Storage, set STORAGE_TYPE=azure-blob-storage.
Authentication: set either AZURE_STORAGE_CONNECTION_STRING or (AZURE_STORAGE_ACCOUNT_NAME + AZURE_STORAGE_ACCOUNT_KEY).
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| AZURE_STORAGE_CONTAINER | String | Container name (Azure’s “bucket”). | Yes | |
| AZURE_STORAGE_CONNECTION_STRING | String | Azure Storage connection string (auth option A). | No | |
| AZURE_STORAGE_ACCOUNT_NAME | String | Storage account name (use with AZURE_STORAGE_ACCOUNT_KEY, auth option B). | No | |
| AZURE_STORAGE_ACCOUNT_KEY | String | Storage account key (use with AZURE_STORAGE_ACCOUNT_NAME, auth option B). | No | |
| AZURE_STORAGE_ACCOUNT_URL | String | Account URL override. | No | |
| AZURE_STORAGE_CREATE_CONTAINER_IF_NOT_EXIST | Boolean | Create container on startup. | true | No |
| AZURE_STORAGE_UPLOAD_CONCURRENCY | Number | Parallel block uploads per file. | 4 | No |
| AZURE_STORAGE_UPLOAD_BLOCK_SIZE_MB | Number | Block size in MB for large uploads. | 8 | No |
File System Storage Settings
Imoportant: File system storage is not recommended for production environments.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| STORAGE_LOCAL_DATA_FOLDER | String | Directory path where files are stored locally. | /data | No |
Database & Hasura Configuration
Settings related to database connections and Hasura.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| HASURA_URL | String | URL for Hasura | Yes | |
| HASURA_URL_REST | String | URL for Hasura REST API | Yes | |
| HASURA_ADMIN_SECRET | String | Admin secret for Hasura | ||
| HASURA_UPGRADE_ON_START | Boolean | Use this to prevent the server from checking for updates on every startup. Set this to true when upgrading the RepoFlow version. | true | No |
| HASURA_FORCE_APPLY_MIGRATIONS_AND_METADATA | Boolean | Forces applying Hasura migrations and metadata on startup regardless of tracked/applied state. Useful for recovery or state drift scenarios, when enabled, seed apply is skipped in force mode. | false | No |
Search Engine Configuration
Settings related to Elasticsearch and OpenSearch.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_SMART_SEARCH_ENABLED | Boolean | Enable smart search (Elasticsearch or OpenSearch) | false | No |
| SMART_SEARCH_TYPE | String | The search engine type elasticsearch or opensearch | elasticsearch | No |
| SMART_SEARCH_CLEAR_INDEX_ON_STARTUP | Boolean | Clear Search Engine index on startup | false | No |
| SMART_SEARCH_URL | String | URL for Elasticsearch or OpenSearch | No | |
| SMART_SEARCH_USERNAME | String | Username for Elasticsearch or OpenSearch | No | |
| SMART_SEARCH_PASSWORD | String | Password for Elasticsearch or OpenSearch | No | |
| SMART_SEARCH_INDEX_NAME | String | Search Engine index name | repoflow | No |
| SMART_SEARCH_INDEXING_RUN_ON_STARTUP | Boolean | Run indexing on startup | false | No |
| SMART_SEARCH_INDEXING_PACKAGE_QUERY_LIMIT | Number | Query limit for package indexing | 400 | No |
| SMART_SEARCH_INDEXING_BULK_SIZE | Number | Bulk size for indexing | 20000 | No |
| SMART_SEARCH_INDEXING_CRON | String | Cron schedule for indexing | 0 4 \* \* \* | No |
| SEARCH_RESULTS_QUERY_LIMIT | Number | Query limit for search results | 100 | No |
| DEFAULT_SEARCH_LIMIT | Number | Default search result limit | 10 | No |
Caching (Redis) Configuration
Settings related to caching with Redis.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_REDIS_ENABLED | Boolean | Enable Redis | false | No |
| REDIS_CONNECTION_STRING | String | Connection string for Redis | No | |
| REDIS_NAMESPACE | String | Namespace for Redis | repoflow | No |
| REDIS_DEFAULT_TTL_IN_STRING | String | Default TTL for Redis | 10d | No |
Authentication & Security
Settings related to authentication and security.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| JWT_SECRET | String | Secret key for JWT | Yes | |
| RESET_PASSWORD_JWT_SECRET | String | Secret key for reset password JWT | Yes | |
| PERSONAL_ACCESS_TOKEN_JWT_SECRET | String | Secret key used to sign personal access tokens. Any change will break all existing personal access tokens. | Yes | |
| COOKIE_EXPIRY_IN_SECONDS | Number | Cookie expiry time in seconds | 604800 | No |
| JWS_ALGORITHM | String | Algorithm for JWS | HS256 | No |
| DEFAULT_ADMIN_USER_NAME | String | Default admin username | admin | No |
| DEFAULT_ADMIN_PASSWORD | String | Default admin password | password | No |
| IS_PASSWORD_SPECIAL_CHARACTERS_ALLOWED | Boolean | Allow special characters in passwords. If false, only letters and numbers are allowed. | false | No |
OIDC
Settings for OpenID Connect (OIDC) refresh token support and caching.
Note:
OIDC provider details are set in the RepoFlow UI, not via environment variables.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| ALLOW_OIDC_REFRESH_TOKENS_AS_PERSONAL_ACCESS_TOKENS | Boolean | Allows using OpenID Connect (OIDC) refresh tokens as personal access tokens (PATs). | false | No |
| ENABLE_OIDC_REFRESH_TOKEN_CACHING | Boolean | Enable in-memory caching for OIDC refresh tokens to reduce calls to the OIDC provider | false | No |
| OIDC_REFRESH_TOKEN_VALID_CACHE_TTL_IN_SECONDS | Number | TTL (in seconds) for valid OIDC refresh tokens in cache | 86400 | No |
| OIDC_REFRESH_TOKEN_INVALID_CACHE_TTL_IN_SECONDS | Number | TTL (in seconds) for invalid OIDC refresh tokens in cache | 86400 | No |
| OIDC_PKCE_MODE | String | PKCE mode for OIDC auth flow. Allowed values: auto, on, off. | auto | No |
Role Mapping
Configure RepoFlow to automatically map user roles from an external server.
When enabled, user roles are synchronized based on the mapping response at login.
You can also enforce strict mapping by removing any roles not listed in the external response.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| ENABLED_ROLE_MAPPING | Boolean | Enable mapping user roles from external role mapping server. | false | No |
| ROLE_MAPPING_URL | String | Role mapping server URL. Use :user-email as a placeholder for user email (e.g., http://localhost:9085/roles/:user-email). | Yes, if role mapping is enabled | |
| ROLE_MAPPING_SECRET | String | Secret key passed in the X-Auth-Token header when calling the role mapping server. | Yes, if role mapping is enabled | |
| ROLE_MAPPING_REMOVE_EXTRA_ROLES | Boolean | Remove existing user roles not mentioned in the mapping. Set to true to enforce exact mapping. | false | No |
| ROLE_MAPPING_SYNC_CRON_ENABLED | Boolean | Enable periodic sync of user roles from the mapping server based on a cron schedule. | false | No |
| ROLE_MAPPING_SYNC_CRON | String | Cron expression for periodic sync (e.g., 0 * * * * for every hour). Only used if sync is enabled. | 0 * * * * | No |
Logging & Monitoring
Settings for request logging and tracking.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_PRINT_ENV | Boolean | Prints environment configuration on startup if true | false | No |
| CONSOLE_LOG_LEVEL | String | Sets the logging verbosity level for console output. Levels are hierarchical, setting a level includes all levels below it. Possible values (from lowest to highest verbosity): info, warn, error, http, debug, delete, verbose, auth. | http | No |
| ENABLE_IMMEDIATE_REQUEST_LOGGING | Boolean | Immediately logs each request as it is received by the server. These logs will only appear in the console if the console log level is set to http or higher. | false | No |
| ENABLE_ONGOING_REQUEST_TRACKING | Boolean | Tracks ongoing requests and periodically logs their status. These logs will always appear in the console, as they use the info log level. | false | No |
| ENABLE_AUTH_LOGGING | Boolean | Enables detailed authentication logging for debugging. ⚠️ Use with caution as credentials may appear in the logs. | false | No |
Email (SMTP) Configuration
Settings for email notifications and verification.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_SMTP_ENABLED | Boolean | Enable SMTP | false | No |
| IS_ACCOUNT_VERIFICATION_ENABLED | Boolean | Requires email verification during signup. SMTP must be enabled for this to work. | false | No |
| IS_SIGNUP_WITH_DISPOSABLE_EMAILS_ALLOWED | Boolean | Allow signups with disposable email addresses | true | No |
| SMTP_PORT | Number | Port for SMTP | 465 | No |
| SMTP_SECURE | Boolean | Use secure connection for SMTP | true | No |
| SMTP_SENDER_ADDRESS | String | Sender address for SMTP | No | |
| SMTP_USERNAME | String | Username for SMTP | No | |
| SMTP_PASSWORD | String | Password for SMTP | No | |
| SMTP_ENDPOINT | String | Endpoint for SMTP | No | |
| SMTP_BCC_ADDRESS | String | Email address that receives a blind copy of all outgoing messages | No | |
| SMTP_RATE_LIMIT_ENABLED | Boolean | Enable rate limiting on emails per recipient | false | No |
| SMTP_MAX_EMAILS_PER_INTERVAL | Number | Maximum number of emails allowed to be sent to the same address within the defined window | 5 | No |
| SMTP_RATE_LIMIT_WINDOW_MS | Number | Time window in milliseconds to evaluate the rate limit (e.g. 120000 = 2 minutes) | 120000 | No |
Note: The rate limiting is currently enforced in server memory.
In a high availability (HA) setup with multiple instances (pods), each instance maintains its own limit.
Please adjust the values accordingly based on your deployment scale.
Auto-Created Workspaces
Settings related to automatic workspace creation during user signup, including storage, bandwidth, and package limits.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_AUTO_CREATE_WORKSPACE_ON_SIGNUP | Boolean | Automatically creates a workspace upon user signup | false | No |
| AUTO_CREATED_WORKSPACE_STORAGE_LIMIT_IN_BYTES | Number | Storage limit in bytes for auto-created workspaces | 10000000000 | No |
| AUTO_CREATED_WORKSPACE_BANDWIDTH_LIMIT_IN_BYTES | Number | Bandwidth limit in bytes for auto-created workspaces | 10000000000 | No |
| AUTO_CREATED_WORKSPACE_PACKAGE_AMOUNT_LIMIT | Number | Package amount limit for auto-created workspaces | 100 | No |
| AUTO_CREATED_WORKSPACE_AI_USAGE_LIMIT | Number | AI usage limit for auto-created workspaces | 0 | No |
AI & LLM Configuration
Settings related to AI features and Large Language Models.
RepoFlow supports openai, ollama, anthropic, mistral, cohere, huggingface, azure, bedrock, and vertex.
In most setups, openai, anthropic, mistral, cohere, and azure use the general settings below with LLM_MODEL_NAME and LLM_API_KEY.
Additional provider-specific environment variables are only needed for ollama, huggingface, bedrock, and vertex.
General LLM Settings
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| ENABLE_AI_FEATURES | Boolean | Enables AI-related features in the application | false | No |
| LLM_README_AUTO_SUMMARY_ENABLED | Boolean | When enabled, automatically generates and displays an AI summary when visiting a package page (triggers an LLM request). When disabled, the user must click to generate a summary manually. | true | No |
| LLM_REQUEST_TIME_OUT_IN_SECONDS | Number | Timeout for requests sent to the LLM provider (in seconds) | 240 | No |
| LLM_PROVIDER | String | The LLM provider to use (openai, ollama, anthropic, mistral, cohere, huggingface, azure, bedrock, vertex) | ollama | No |
| LLM_API_KEY | String | API key for providers that use key-based authentication. For LLM_PROVIDER=vertex, this is the no-service-account option and takes precedence over LLM_GOOGLE_CLOUD_CREDENTIALS_JSON if both are set. | No | |
| LLM_MODEL_NAME | String | The model name to use for LLM operations. For Vertex, this would typically be a Gemini model such as gemini-2.5-flash. | No | |
| LLM_MAX_CONTEXT_SIZE | Number | Maximum number of tokens from the conversation context to send to the LLM in a single request. | 4000 | No |
Ollama and Hugging Face Settings
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| LLM_SERVER_URL | String | URL of the LLM server when LLM_PROVIDER=ollama or LLM_PROVIDER=huggingface. For Hugging Face, this should point to a TGI server or endpoint root, not /models. | No |
AWS Bedrock Settings
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| LLM_ACCESS_KEY_ID | String | Access key ID when LLM_PROVIDER=bedrock | No | |
| LLM_SECRET_ACCESS_KEY | String | Secret access key when LLM_PROVIDER=bedrock | No | |
| LLM_REGION | String | AWS region when LLM_PROVIDER=bedrock | No |
Vertex AI and Gemini Settings
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| LLM_PROJECT_ID | String | Google Cloud project ID for Vertex authentication flows that use LLM_GOOGLE_CLOUD_CREDENTIALS_JSON or Application Default Credentials (ADC) / Workload Identity. Usually not required when LLM_API_KEY is used. | No | |
| LLM_GOOGLE_CLOUD_CREDENTIALS_JSON | String | Inline Google Cloud service account credentials for Vertex. Supports plain JSON or base64-encoded JSON. If empty and LLM_API_KEY is not set, RepoFlow uses Application Default Credentials (ADC) / Workload Identity. RepoFlow also repairs common newline formatting issues in private_key. | No | |
| LLM_REGION | String | Vertex location when LLM_PROVIDER=vertex, for example global or us-central1. Recommended to set explicitly. | No |
Vulnerability Scanning
Settings for vulnerability scanning of packages and container images.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| IS_VULNERABILITY_SCANNING_ENABLED | Boolean | Enables vulnerability scanning for packages and container images using Grype. | true | No |
| VULNERABILITY_SCANNING_MAX_PARALLEL_SCANS | Number | Maximum number of vulnerability scans to run in parallel. | 1 | No |
| VULNERABILITY_SCANNING_ON_UPLOAD_ENABLED | Boolean | When enabled, triggers vulnerability scanning as part of package uploads. | false | No |
| VULNERABILITY_SCANNING_SCHEDULED_ENABLED | Boolean | When enabled, runs scheduled vulnerability scans. | false | No |
| VULNERABILITY_SCANNING_SCHEDULED_CRON | String | Cron expression for scheduled vulnerability scans. | 0 0 * * * | No |
| VULNERABILITY_SCANNING_SCHEDULED_RESCAN_ENABLED | Boolean | When enabled, scheduled scans will also re-scan previously scanned artifacts. | false | No |
| VULNERABILITY_SCANNING_SCHEDULED_RESCAN_MIN_AGE_IN_HOURS | Number | Minimum age (in hours) before an artifact is eligible for scheduled re-scan. | 5 | No |
| GRYPE_AUTO_UPDATE | Boolean | Automatically updates Grype's vulnerability database. For offline or air-gapped environments, set this to false. | true | No |
| GRYPE_AUTO_UPDATE_CRON | String | Cron expression to control how often Grype's vulnerability database is updated. | 0 0 * * * | No |
Retention Rules
Settings for enabling retention rules and configuring how they run.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| ENABLE_RETENTION_RULES | Boolean | Enables retention rules. | true | No |
| RETENTION_RULES_ENABLE_FILE_RULES | Boolean | Enables retention rules that target specific files (file-based rules). Not recommended unless you fully understand RepoFlow’s file structure—misuse may break package functionality. | false | No |
| RETENTION_RULES_CONCURRENCY_LIMIT | Number | Maximum number of retention rules the server may run in parallel. Use this to limit CPU/memory load and avoid impacting normal operations. | 2 | No |
| RETENTION_RULES_MAX_RULES_PER_REPOSITORY | Number | Maximum number of retention rules allowed per repository. Helps prevent over usage of retention rules that add unnecessary load to the server. | 10 | No |
Networking (Proxy & Custom CA Certificates)
Settings for outbound HTTP(S) networking (proxies) and custom TLS certificate authorities (CAs).
Proxy
These environment variables follow the standard proxy conventions used by many HTTP clients/libraries.
When a proxy is configured, RepoFlow applies it to outbound network requests by default. In most self-hosted setups, you should use a NO_PROXY list so internal services are reached directly instead of through the proxy. This is usually needed in the default self-hosted deployments, where services such as the database, Hasura, and object storage are typically internal. You generally only skip a bypass list when all dependent services are external.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| HTTP_PROXY | String | Proxy URL to use for outbound HTTP requests. | "" | No |
| HTTPS_PROXY | String | Proxy URL to use for outbound HTTPS requests. | "" | No |
| NO_PROXY | String | Comma-separated list of hosts/IPs (optionally with ports) that should bypass the proxy. When OUTGOING_PROXY_BYPASS_INTERNAL is enabled, RepoFlow appends deployment-specific internal entries to this value automatically. | "" | No |
| OUTGOING_PROXY_BYPASS_INTERNAL | Boolean | When enabled, RepoFlow appends an internal NO_PROXY list based on the active installation method. This keeps local/internal traffic from being routed through the outbound proxy. | true | No |
| OUTGOING_PROXY_STARTUP_CHECK | Boolean | When enabled, performs an outbound networking check on startup (useful to validate proxy configuration). | true | No |
When OUTGOING_PROXY_BYPASS_INTERNAL=true, RepoFlow preserves any value you set in NO_PROXY and appends these additional entries automatically based on the installation method:
- Helm / Kubernetes:
localhost,127.0.0.1,::1,.svc,.cluster.local - Docker Compose:
localhost,127.0.0.1,::1,host.docker.internal - Docker all-in-one:
localhost,127.0.0.1,::1
Custom CA certificates
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| REPOFLOW_CUSTOM_CA_PEM | String | Additional CA certificate(s) to trust for outbound TLS verification. Supports either PEM text or base64-encoded PEM. | "" | No |
Docker Configuration
Settings related to Docker behavior, including registry/auth handling and image path structure.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| DOCKER_AUTH_USE_REQUEST_HOST | Boolean | If true, uses the request's host and protocol for authentication. Otherwise, it defaults to SERVER_URL, which is recommended. | false | No |
| DOCKER_MAX_IMAGE_DEPTH | Number | Maximum allowed Docker image path depth for upload routes. Use this to allow multi-level image paths like team/backend/api. Minimum value is 2. | 4 | No |
NPM Configuration
Settings related to npm behavior, including how much of package.json is returned in API responses like npm info.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| NPM_MANIFEST_MODE | String | Options: summary, allowlist, full. summary is best for download speed and bandwidth. allowlist adds the listed fields plus the default ones. full adds the entire manifest except fields RepoFlow already includes separately. | summary | No |
| NPM_MANIFEST_FIELDS_ALLOWLIST | String | Comma separated list of top level fields when mode is allowlist. Example: keywords,deployment,repository. | No |
Note: Any change to
NPM_MANIFEST_MODErequires re-uploading all npm packages for it to take full effect.
Scheduled Tasks & Cron Jobs
Settings for automated background tasks.
⚠ Caution: Modifying these settings without a full understanding of their impact can disrupt essential maintenance, cleanup, or system processes. Only change them if you are sure of their effect on your system.
| Name | Type | Description | Default | Required |
|---|---|---|---|---|
| SCHEDUAL_TASKS_FILES_GARBAGE_CRON | String | Cron schedule for garbage collection tasks | 0 3 * * * | No |
| SCHEDUAL_TASKS_MAX_TIME_FOR_INACTIVE_TASK | String | Max time for inactive tasks | 2m | No |
| SCHEDUAL_TASKS_CLEAN_INACTIVE_TASKS_CRON | String | Cron schedule for cleaning inactive tasks | */5 * * * * | No |
| SCHEDUAL_TASKS_RESET_WORKSPACE_TRANSFER_USAGE_CRON | String | Cron schedule for resetting workspace transfer usage | 0 1 * * * | No |
| SCHEDUAL_TASKS_DELETE_PACKAGES_WITHOUT_VERSIONS_CRON | String | Cron schedule for deleting packages that have no versions (currently applicable only for Docker repositories) | 0 */5 * * * | No |
| SCHEDUAL_TASKS_CLEAN_INACIVE_RUNNING_RETENTION_RULES_CRON | String | Cron schedule for marking “running” retention rules as failed when they stop reporting status updates. | */5 * * * * | No |
| SCHEDUAL_TASKS_RUN_RETENTION_RULES_CRON | String | Cron schedule for checking which retention rules are due to run and executing them. | */4 * * * * | No |
| SCHEDUAL_TASKS_DELETE_OLD_SCHEDUAL_TASKS_CRON | String | Cron schedule for deleting old scheduled task history records. | 0 1 * * * | No |
| CHECK_FOR_INACTIVE_MANUAL_TASKS_CRON | String | Cron schedule for checking inactive manual tasks | */5 * * * * | No |
| CHECK_FOR_PENDING_MANUAL_TASKS_CRON | String | Cron schedule for checking pending manual tasks | */5 * * * * | No |
| TIME_TILL_MANUAL_TASKS_INACTIVE | String | Time until manual tasks become inactive | 2m | No |
| SCHEDUAL_TASKS_HISTORY_DAYS_LIMIT | Number | Number of days to keep scheduled task history records (helps prevent database clutter). | 30 | No |