Skip to main content

Environment Variables

Environment variables for the CORE webapp container.
NameRequiredDefaultDescription
Version
VERSIONNo0.1.12CORE version identifier
Secrets
SESSION_SECRETYesSession encryption secret. Run: openssl rand -hex 16
MAGIC_LINK_SECRETYesMagic link encryption secret. Run: openssl rand -hex 16
ENCRYPTION_KEYYesData encryption key. Run: openssl rand -hex 16
Application & Domains
REMIX_APP_PORTNo3033Application port number
APP_ENVNoproductionApplication environment (development, production)
NODE_ENVNoproductionNode.js environment
APP_ORIGINYeshttp://localhost:3033Application origin URL
LOGIN_ORIGINYeshttp://localhost:3033Login origin URL (usually same as APP_ORIGIN)
API_BASE_URLNoAPP_ORIGINAPI base URL
Database - PostgreSQL
DB_HOSTNolocalhostDatabase host (use container name for Docker)
DB_PORTNo5432Database port
POSTGRES_USERYesdockerPostgreSQL username
POSTGRES_PASSWORDYesdockerPostgreSQL password
POSTGRES_DBYescorePostgreSQL database name
DATABASE_URLYespostgresql://docker:docker@postgres:5432/core?schema=corePostgreSQL connection string
DIRECT_URLYesDATABASE_URLDirect DB connection string for migrations
Database - Neo4j (Memory Graph)
NEO4J_URIYesbolt://neo4j:7687Neo4j connection URI
NEO4J_USERNAMEYesneo4jNeo4j username
NEO4J_PASSWORDYesNeo4j password. Run: openssl rand -hex 16
NEO4J_AUTHYesneo4j/passwordNeo4j authentication (username/password format)
Redis
REDIS_HOSTYesredisRedis host (use container name for Docker)
REDIS_PORTYes6379Redis port
REDIS_TLS_DISABLEDNotrueDisable Redis TLS for local development
Authentication
ENABLE_EMAIL_LOGINNotrueEnable email-based authentication
AUTH_GOOGLE_CLIENT_IDNoGoogle OAuth client ID
AUTH_GOOGLE_CLIENT_SECRETNoGoogle OAuth client secret
AI Providers
OPENAI_API_KEYNoOpenAI API key for memory processing
MODELNogpt-4-turbo-2024-04-09Default language model
EMBEDDING_MODELNotext-embedding-3-smallModel for text embeddings
OLLAMA_URLNohttp://ollama:11434Ollama server URL for local models
Background Jobs
QUEUE_PROVIDERNotriggerQueue provider: “trigger” for Trigger.dev or “bullmq” for BullMQ (Redis-based)
TRIGGER_PROJECT_IDConditionalTrigger.dev project identifier (required only when QUEUE_PROVIDER=trigger)
TRIGGER_SECRET_KEYConditionalTrigger.dev authentication secret (required only when QUEUE_PROVIDER=trigger)
TRIGGER_API_URLConditionalhttp://host.docker.internal:8030Trigger.dev API endpoint (required only when QUEUE_PROVIDER=trigger)
TRIGGER_DBNotriggerDatabase name for Trigger.dev
Telemetry
POSTHOG_PROJECT_KEYNophc_SwfGIzzX5gh5bazVWoRxZTBhkr7FwvzArS0NRyGXm1aPostHog project key for usage analytics
TELEMETRY_ENABLEDNotrueEnable (true) or disable (false) telemetry collection
TELEMETRY_ANONYMOUSNofalseSend anonymous telemetry (true) or include user email (false)

Security Considerations

Required Secrets

These secrets must be generated and kept secure: 
# Generate secure random secrets
openssl rand -hex 16  # For SESSION_SECRET
openssl rand -hex 16  # For MAGIC_LINK_SECRET  
openssl rand -hex 16  # For ENCRYPTION_KEY
openssl rand -hex 16  # For NEO4J_PASSWORD

Production Recommendations

  • Change all default passwords before deploying to production
  • Use environment-specific secrets - never reuse secrets across environments
  • Store secrets securely - use a secrets manager in production
  • Enable TLS for all database connections in production
  • Restrict CORS origins to your actual domains
  • Use strong authentication - configure OAuth providers for production use

Docker Compose Networks

When using Docker Compose, service names are used as hostnames:
  • postgres for PostgreSQL
  • neo4j for Neo4j
  • redis for Redis
  • ollama for Ollama (if using local models)
For external services (like Trigger.dev), use host.docker.internal to access services running on the host machine.