| TOOLJET_HOST | the public URL of ToolJet client ( eg: https://app.tooljet.com ) |
### Lockbox configuration ( required )
ToolJet server uses lockbox to encrypt datasource credentials. You should set the environment variable `LOCKBOX_MASTER_KEY` with a 32 byte hexadecimal string.
### Application Secret ( required )
ToolJet server uses a secure 64 byte hexadecimal string to encrypt session cookies. You should set the environment variable `SECRET_KEY_BASE`.
:::tip
If you have `openssl` installed, you can run the following commands to generate the value for `LOCKBOX_MASTER_KEY` and `SECRET_KEY_BASE`.
For `LOCKBOX_MASTER_KEY` use `openssl rand -hex 32`
For `SECRET_KEY_BASE` use `openssl rand -hex 64`
:::
### Database configuration ( required )
ToolJet server uses PostgreSQL as the database.
| variable | description |
| -------- | ---------------------- |
| PG_HOST | postgres database host |
| PG_DB | name of the database |
| PG_USER | username |
| PG_PASS | password |
| PG_PORT | port |
:::tip
If you are using docker-compose setup, you can set PG_HOST as `postgres` which will be DNS resolved by docker
:::
:::info
If you intent you use the DB connection url and if the connection does not support ssl. Please use the below format using the variable DATABASE_URL.
### Disable database and extension creation (optional)
ToolJet by default tries to create database based on `PG_DB` variable set and additionally my try to create postgres extensions. This requires the postgres user to have CREATEDB permission. If this cannot be granted you can disable this behaviour by setting `PG_DB_OWNER` as `false` and will have to manually run them.
### Check for updates ( optional )
Self-hosted version of ToolJet pings our server to fetch the latest product updates every 24 hours. You can disable this by setting the value of `CHECK_FOR_UPDATES` environment variable to `0`. This feature is enabled by default.
### Comment feature enable ( optional )
Use this environment variable to enable/disable the feature that allows you to add comments on the canvas. To configure this environment variable, ensure that multiplayer editing is enabled in the Settings.
| variable | value |
| ---------------------- | ----------------- |
| COMMENT_FEATURE_ENABLE | `true` or `false` |
### Marketplace
#### Marketplace feature enable ( optional )
Use this environment variable to enable/disable the feature that allows users to use the marketplace.
| USER_SESSION_EXPIRY | This variable controls the user session expiry time. By default, the session expires after **10** days. The variable expects the value in minutes. ex: USER_SESSION_EXPIRY = 120 which is 2 hours |
| PGRST_JWT_SECRET | JWT token client provided for authentication |
| PGRST_HOST | postgrest database host |
Use `ENABLE_TOOLJET_DB` to enable/disable the feature that allows users to work with inbuilt data store to build apps with. In order to set it up, [follow the instructions here](/docs/tooljet-database#enabling-the-tooljet-database-for-your-instance).
:::tip
When this feature is enabled, the database name provided for `TOOLJET_DB` will be utilized to create a new database during server boot process in all of our production deploy setups.
Incase you want to trigger it manually, use the command `npm run db:create` on ToolJet server.
:::
:::info
If you intent you use the DB connection url and if the connection does not support ssl. Please use the below format using the variable TOOLJET_DB_URL.
| SERVER_HOST | Configure a hostname for the server as a proxy pass. If no value is set, it defaults to `server`. |
### Hide account setup link
If you want to hide account setup link from admin in manage user page, set the environment variable `HIDE_ACCOUNT_SETUP_LINK` to `true`, please make sure you have configured SMTP to receive welcome mail for users.
### Disabling signups ( optional )
If you want to restrict the signups and allow new users only by invitations, set the environment variable `DISABLE_SIGNUPS` to `true`.
:::tip
You will still be able to see the signup page but won't be able to successfully submit the form.
:::
### Serve client as a server end-point ( optional )
By default, the `SERVE_CLIENT` variable will be unset and the server will serve the client at its `/` end-point.
You can set `SERVE_CLIENT` to `false` to disable this behaviour.
### Serve client at subpath
If ToolJet is hosted on a domain subpath, you can set the environment variable `SUB_PATH` to support it.
Please note the subpath is to be set with trailing `/` and is applicable only when the server is serving the frontend client.
### SMTP configuration ( optional )
ToolJet uses SMTP services to send emails ( Eg: invitation email when you add new users to your workspace ).
| TOOLJET_SERVER_URL | the URL of ToolJet server ( eg: https://server.tooljet.com ) |
### RELEASE VERSION ( optional)
Once set any APM provider that supports segregation with releases will track it.
### NODE_EXTRA_CA_CERTS (optional)
Tooljet needs to be configured for custom CA certificate to be able to trust and establish connection over https. This requires you to configure an additional env var `NODE_EXTRA_CA_CERTS` to have absolute path to your CA certificates. This file named `cert.pem` needs to be in PEM format and can have more than one certificates.
Pings our server to update the total user count every 24 hours. You can disable this by setting the value of `DISABLE_TOOLJET_TELEMETRY` environment variable to `true`. This feature is enabled by default.
### Password Retry Limit (Optional)
The maximum retry limit of login password for a user is by default set to 5, account will be locked after 5 unsuccessful login attempts. Use the variables mentioned below to control this behavior:
| PGRST_JWT_SECRET | JWT token client provided for authentication |
| PGRST_DB_URI | database connection string for tooljet database |
| PGRST_LOG_LEVEL | `info` |
If you intent to make changes in the above configuration. Please refer [PostgREST configuration docs](https://postgrest.org/en/stable/configuration.html#environment-variables).
Please make sure that DB_URI is given in the format `postgrest://[USERNAME]:[PASSWORD]@[HOST]:[PORT]/[DATABASE]`
:::
## Log file path ( Optional )
If a log file path is specified in environment variables, a log file containing all the data from audit logs will be created at the specified path. The file will be updated every time a new audit log is created.
