Environment variables

Set up the file

The environment variables are used to configure the application. We will use a .env file to store the variables. For the sample environment file, see the example .env file.

The variables are split up into the following sections:

General URLs
Database
Authentication
Access Control
GitHub SSO & Integration
Google SSO
Discord SSO
Custom OAuth/OIDC
SMTP Configuration

Required variables

General URLs

This section will cover all the variables related to the general URLs.

Name	Description
`KANEO_CLIENT_URL`	The URL of the web application.
`KANEO_API_URL`	The URL of the API.

Database

This section will cover all the variables related to the database.

Name	Description
`DATABASE_URL`	The URL of the PostgreSQL database.
`POSTGRES_DB`	The name of the PostgreSQL database.
`POSTGRES_USER`	The username for the PostgreSQL database.
`POSTGRES_PASSWORD`	The password for the PostgreSQL database.

Authentication

This section will cover all the variables related to the authentication.

Name	Description
`AUTH_SECRET`	The secret key for the JWT token. Must be at least 32 characters long, use a long, random value in production. Example: use `openssl rand -base64 32` to generate a secure key in Linux/macOS.

Optional variables

Access Control

Name	Description	Default
`DISABLE_GUEST_ACCESS`	Disable anonymous/guest sign-in. When set to `true`, the guest access button will not be shown on sign-in and sign-up pages.	`false`
`DISABLE_REGISTRATION`	Disable user registration. When set to `true`, the sign-up option will not be shown on the sign-in page.	`false`

GitHub SSO & Integration

Name	Description
`GITHUB_CLIENT_ID`	The GitHub client ID.
`GITHUB_CLIENT_SECRET`	The GitHub client secret.
`GITHUB_APP_ID`	The GitHub app ID.
`GITHUB_WEBHOOK_SECRET`	The GitHub webhook secret.
`GITHUB_PRIVATE_KEY`	The GitHub private key.

Google SSO

Name	Description
`GOOGLE_CLIENT_ID`	The Google client ID.
`GOOGLE_CLIENT_SECRET`	The Google client secret.

Discord SSO

Name	Description
`DISCORD_CLIENT_ID`	The Discord client ID.
`DISCORD_CLIENT_SECRET`	The Discord client secret.

Custom OAuth/OIDC

Name	Description
`CUSTOM_OAUTH_CLIENT_ID`	OAuth client ID from your provider.
`CUSTOM_OAUTH_CLIENT_SECRET`	OAuth client secret from your provider.
`CUSTOM_OAUTH_AUTHORIZATION_URL`	Authorization endpoint URL.
`CUSTOM_OAUTH_TOKEN_URL`	Token exchange endpoint URL.
`CUSTOM_OAUTH_USER_INFO_URL`	User info endpoint URL.
`CUSTOM_OAUTH_DISCOVERY_URL`	(Optional) OpenID Connect discovery document URL.
`CUSTOM_OAUTH_SCOPES`	(Optional) Comma-separated list of OAuth scopes. Default: `profile,email`.
`CUSTOM_OAUTH_RESPONSE_TYPE`	(Optional) OAuth response type. Default: `code`.
`CUSTOM_AUTH_PKCE`	(Optional) Enable/disable PKCE. Default: `true`.

SMTP Configuration

Name	Description
`SMTP_HOST`	The SMTP host.
`SMTP_PORT`	The SMTP port.
`SMTP_SECURE`	Whether to use SSL/TLS.
`SMTP_USER`	The SMTP user.
`SMTP_PASSWORD`	The SMTP password.
`SMTP_FROM`	The SMTP from address.
`SMTP_REQUIRE_TLS`	Whether to explicitly force to use TLS. See more on.

Key points

If you enable GitHub SSO, you need to set up the GitHub app which is used to authenticate users in the GitHub Developer Settings. See the GitHub SSO guide.
If you enable Google SSO, you need to set up the Google app which is used to authenticate users in the Google Cloud Console. See the Google SSO guide.
If you enable Discord SSO, you need to set up the Discord application which is used to authenticate users in the Discord Developer Portal. See the Discord SSO guide.
If you enable Custom OAuth/OIDC, you need to configure your identity provider with the appropriate redirect URI. See the Custom OAuth/OIDC guide.
If you have enabled SMTP, your sign in will be done via email using a magic link.

Environment variables

On this page