Environment Variables
Production deployments use one canonical file:
.envThe root docker-compose.yml loads this file for platform services.
File Roles
.env: real deployment values, ignored by Git..env.example: committed template for full-platform deployments..env.dev: optional local development values, ignored by Git..env.dev.example: committed development template.services/*/.env.example: standalone service examples only.
Validate Configuration
node scripts/validate-env.jsThe validator checks required platform secrets and warns about recommended operational values.
Important Categories
- Public URLs:
APP_BASE_URL,NEXTAUTH_URL. - Authentication:
NEXTAUTH_SECRETand registration settings. - Internal API secrets: service-to-service API keys.
- Transcription providers: Deepgram, Gladia, Vosk, transcription hub.
- AI providers: Gemini, OpenRouter, Ollama.
- Translation: DeepL.
- Federation: ActivityPub key encryption and delivery secrets.
- TURN/video: STUN/TURN URLs, credentials, and public announced IP.
Rules
- Never commit real
.envfiles. - Do not paste secrets into issues, docs, logs, screenshots, or chat.
- Keep encryption secrets stable across backups and deployments.
- Rotate any secret that was exposed.
- Prefer service-prefixed variables in the root env.