Skip to content

Environment Variables

Production deployments use one canonical file:

.env

The root docker-compose.yml loads this file for platform services.

File Roles

  • .env: real deployment values, ignored by Git.
  • .env.example: committed template for full-platform deployments.
  • .env.dev: optional local development values, ignored by Git.
  • .env.dev.example: committed development template.
  • services/*/.env.example: standalone service examples only.

Validate Configuration

Terminal window
node scripts/validate-env.js

The validator checks required platform secrets and warns about recommended operational values.

Important Categories

  • Public URLs: APP_BASE_URL, NEXTAUTH_URL.
  • Authentication: NEXTAUTH_SECRET and registration settings.
  • Internal API secrets: service-to-service API keys.
  • Transcription providers: Deepgram, Gladia, Vosk, transcription hub.
  • AI providers: Gemini, OpenRouter, Ollama.
  • Translation: DeepL.
  • Federation: ActivityPub key encryption and delivery secrets.
  • TURN/video: STUN/TURN URLs, credentials, and public announced IP.

Rules

  • Never commit real .env files.
  • Do not paste secrets into issues, docs, logs, screenshots, or chat.
  • Keep encryption secrets stable across backups and deployments.
  • Rotate any secret that was exposed.
  • Prefer service-prefixed variables in the root env.