Environment Variables
Comprehensive reference for all configuration options across the VeriWorkly ecosystem.
VeriWorkly utilizes environment variables for secure, flexible configuration across its multiple services. This guide provides a detailed breakdown of all available configuration keys.
These variables should be defined in the root .env file for local development.
| Variable | Required | Description | Example / Default |
|---|
SITE_URL | Yes | The primary public URL of the application. | https://veriworkly.com |
NEXT_PUBLIC_BACKEND_URL | Yes | The public API endpoint utilized by the browser. | http://localhost:8080/api/v1 |
BACKEND_INTERNAL_URL | No | Internal API address utilized by the frontend for Server-Side Rendering (SSR). | http://api:8080/api/v1 |
ADMIN_EMAIL | Yes | Primary administrator email for system notifications. | [email protected] |
AUTH_SECRET | Yes | Security secret for session encryption (must match backend). | secure-random-string |
These variables are specific to the backend service and should be placed in apps/server/.env.
| Variable | Description | Default |
|---|
NODE_ENV | Operational environment (development or production). | development |
PORT | Port the API server listens on. | 8080 |
TRUST_PROXY | Set to true when operating behind a reverse proxy. | true |
ALLOWED_ORIGINS | Comma-separated list of permitted CORS origins. | http://localhost:3000 |
| Variable | Required | Description | Example |
|---|
DATABASE_URL | Yes | PostgreSQL connection string. | postgresql://user:pass@host:5432/db |
REDIS_URL | No | Connection string for rate limiting and API caching. | redis://localhost:6379 |
REDIS_HOST | No | Redis hostname (if URL is not utilized). | localhost |
REDIS_PORT | No | Redis port (if URL is not utilized). | 6379 |
| Variable | Description | Default / Example |
|---|
AUTH_SECRET | Security secret (must match frontend). | |
AUTH_BASE_URL | The base URL of the API for authentication callbacks. | http://localhost:8080 |
AUTH_SESSION_TTL_SECONDS | Maximum session duration (seconds). | 2592000 (30 days) |
AUTH_OTP_TTL_SECONDS | Validity duration for Email OTP tokens (seconds). | 600 (10 minutes) |
AUTH_OTP_ALLOWED_ATTEMPTS | Maximum permitted failed verification attempts. | 3 |
| Variable | Description | Default / Example |
|---|
API_KEY_HASH_SECRET | Secret used to hash API keys before storage. | strong-random-secret |
API_KEY_AUTH_CACHE_TTL_SECONDS | Redis cache TTL for successful auth lookups. | 300 |
API_KEY_LAST_USED_TOUCH_INTERVAL_SECONDS | Minimum interval between lastUsed DB updates for a given key. | 300 |
API_KEY_DEFAULT_RATE_LIMIT | Default per-key limit if none is provided at creation. | 20 |
API_KEY_DEFAULT_SCOPES | Comma-separated default scopes for new keys. | user:read |
API_KEY_DEFAULT_LIFETIME_DAYS | Default key lifetime when no expiry is supplied. | 365 |
| Variable | Description | Example |
|---|
AUTH_EMAIL_FROM | Dispatcher email address and display name. | VeriWorkly <[email protected]> |
AUTH_EMAIL_PROVIDER | Email driver selection (smtp, resend, etc.). | smtp |
AUTH_SMTP_HOST | SMTP server address. | smtp.resend.com |
AUTH_SMTP_PORT | SMTP server port. | 587 |
AUTH_SMTP_USER / PASS | SMTP authentication credentials. | |
| Variable | Description | Default |
|---|
GITHUB_SYNC_ENABLED | Enables automated synchronization with GitHub. | false |
GITHUB_TOKEN | Personal Access Token with repository scope. | |
GITHUB_OWNER / REPO | Target repository for synchronization. | |
GITHUB_SYNC_CRON | Cron schedule for the synchronization task. | 0 0,12 * * * |
