Skip to content

Environment and configuration

Configuration lives in a .env file, copied from .env.example. Values are validated when the app boots, so a missing or malformed value fails fast.

Core

  • APP_URL: the public URL of your instance.
  • NODE_ENV: development or production.

Database

  • DATABASE_URL: the Postgres connection string. Postgres must have the pgvector extension.

Authentication

  • BETTER_AUTH_SECRET: a strong random secret. Change this for production.
  • BETTER_AUTH_URL: the auth base URL, usually the same as APP_URL.
  • GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET, GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET: optional social sign-in. Leave blank for email and password only.

Storage

  • STORAGE_DRIVER: minio for the self-host default, or s3 for a cloud bucket.
  • S3_ENDPOINT, S3_REGION, S3_BUCKET, S3_ACCESS_KEY, S3_SECRET_KEY, S3_FORCE_PATH_STYLE: the storage connection.

Billing

  • BILLING_ENABLED: false on self-host, which makes all quotas unlimited and skips payment processing. The STRIPE_* values are only needed if you turn billing on.

Email

  • EMAIL_PROVIDER: console logs email for development, smtp sends through your mail server, resend uses a hosted service.
  • EMAIL_FROM, and SMTP_HOST, SMTP_PORT, SMTP_USER, SMTP_PASS for SMTP.

AI and stock

  • AI_VECTOR: pgvector, so AI search uses your Postgres database.
  • STOCK_UNSPLASH_KEY, STOCK_PEXELS_KEY, STOCK_PIXABAY_KEY: optional stock media search keys.

Tenancy

  • MULTI_TENANT: false for a single-organization self-host.

Keep secrets in .env only

Never commit real secrets. Keep them in .env, which is ignored by version control, and rotate anything that leaks.