Skip to main content
Environment Variables

Overview

The purpose of this page is to list in detail each of the environment variables that are required to launch neosync services. There are three discrete services in Neosync, and each one has its own purpose. See the Platform Overview section of the docs to understand more about the makeup of Neosync.

Backend API

These environment variables are loaded when running the mgmt serve connect command which starts the main API instance.

VariableDescriptionRequiredDefault Value
DB_HOSTThe database hosttrue
DB_PORTThe port used to connect to the databasetrue
DB_NAMEThe name of the databasetrue
DB_USERThe username that will be used to connect to the databasetrue
DB_PASSThe password that will be used by the DB_USER to connect to the databasetrue
DB_SSL_DISABLEPostgres requires SSL by default. Set this to "true" to disable SSL, which is useful for dev environmentsfalsefalse
DB_AUTO_MIGRATEIf true, will automatically run the database migrations prior to startup. Useful for dev environments or if you don't want to run a separate init container for the migrations. If true, must provide "DB_SCHEMA_DIR"falsefalse
DB_SCHEMA_DIRThe directory where the migrations scripts are found. Only loaded if DB_AUTO_MIGRATE is set to "true"false
HOSTThe host that will be used when binding the HTTP server. Set this to "0.0.0.0" for production environmentsfalse127.0.0.1
PORTThe port that will be used to bind the HTTP serverfalse8080
NUCLEUS_ENVThe environment that is being deployed to. Useful for metricsfalseunknown
SHUTODWN_TIMEOUT_SECONDSConfigures the graceful shutdown of a pod in Kubernetesfalse
LOGS_FORMAT_JSONWhether or not to format logs in JSON or in plaintext to stdoutfalsetrue
AUTH_ENABLEDWhether or not to enable authentication in the API. Should be required for any production environmentfalsefalse
AUTH_BASEURLThe base URL for the authentication server. This is used to find the JWKS URL to validate JWT tokensfalse
AUTH_AUDIENCEThe audience that is to be used for validating JWT tokens. This corresponds with the "aud" in a JWT token. Can pass multiple values using a comma separatorfalse
AUTH_CLIENTID_SECRETThis is a JSON stringified map of clientId:secret that is used to validate authentication requests for JWT tokens. Used today to validate CLI login/refresh requests.false
AUTH_CLI_AUDIENCEUsed to validate which audience the CLI is to use to make requests to the API server. The CLI requests this information from the backend before it logs in. If not provided, falls back to AUTH_AUDIENCEfalse
TEMPORAL_URLThe URL used to connect to the temporal instancefalselocalhost:7233
TEMPORAL_CERT_KEY_PATHThe path on the filesystem where the API can find the mTLS certificate key it will use to authenticate against Temporal. This will be used over the TEMPORAL_CERT_KEY environment variablefalse
TEMPORAL_CERT_PATHThe path on the filesystem where the API can find the mTLS certificate that will be used to authenticate against Temporal. This will be used over the TEMPORAL_CERT environment variablefalse
TEMPORAL_CERTThe Temporal mTLS certificate contents. Use this if you want to load contents directly instead of mounting them to the filesystemfalse
TEMPORAL_CERT_KEYThe Temporal mTLS certificate key contents. Use this if you want to load the contents directly instead of mounting them to the filesystemfalse
TEMPORAL_DEFAULT_NAMESPACEThe default temporal namespace used for any new accountfalsedefault
TEMPORAL_DEFAULT_SYNCJOB_QUEUEThe default Temporal queue name for Neosync jobsfalsesync-job
AUTH_API_CLIENT_IDThe clientID that the API uses to connect to Auth0 to retrieve user data. This is specifically used by the API and must have the proper scopesfalse
AUTH_API_CLIENT_SECRETThe client secret that the API uses to connect to Auth0.false
AUTH_API_BASEURLThe base URL of the authentication server that is used for management operations by the API. This is a separate URL from the AUTH_BASEURL, but generally will be the same valuefalse

Backend API Database Migrations

These environment variables are loaded when running the mgmt migrate up command which runs database migrations.

VariableDescriptionRequiredDefault Value
DB_HOSTThe database hosttrue
DB_PORTThe port used to connect to the databasetrue
DB_NAMEThe name of the databasetrue
DB_USERThe username that will be used to connect to the databasetrue
DB_PASSThe password that will be used by the DB_USER to connect to the databasetrue
DB_SSL_DISABLEPostgres requires SSL by default. Set this to "true" to disable ssl, which is useful for dev environmentsfalsefalse
DB_SCHEMA_DIRThe directory where the migrations scripts are found.false
DB_MIGRATIONS_TABLEThe name of the table where the migrations will be tracked. Useful if you want to override the default, or put into a different schemafalse
DB_MIGRATIONS_TABLE_QUOTEDIf the table set in DB_MIGRATIONS_TABLE contains quotesfalse

Frontend App

VariableDescriptionIs RequiredDefault Value
AUTH_ENABLEDWhether or not to enable authentication in the App. Should be required for any production environmentfalsefalse
NEXTAUTH_URLThis the base url that the app will be accessible from. Note: this is not the base url for the auth service, but for the app itself. Required if AUTH_ENABLED is truefalse
NEXTAUTH_SECRETThis is a secret value that is used to encrypt the next-auth cookie that is stored in the browser. This should change per environment.true
AUTH0_CLIENT_IDThe client id that will be used to authenticate via auth0. Required if AUTH_ENABLED is truefalse
AUTH0_CLIENT_SECRETThe client secret that will be used to authenticate via auth0. Required if AUTH_ENABLED is truefalse
AUTH0_ISSUERThe issuer url for auth0. This is typically the baseurl for the auth instance. Required if AUTH_ENABLED is truefalse
AUTH0_SCOPEThe space separated list of scopes that will be requested when issuing an access token. Required if AUTH_ENABLED is truefalse
AUTH0_AUDIENCEThe audience that will be used when requesting the access token. Required if AUTH_ENABLED is truefalse
NEXT_PUBLIC_APP_BASE_URLThe url of the app. This is typically the same as NEXTAUTH_URL. Used for generating invite urls, among other things. This is not baked into the HTML or the image.false
NEOSYNC_API_BASE_URLThe base url of the Neosync API. This can be overridden to connect to different Neosync API environmentsfalsehttp://localhost:8080

Worker

These environment variables are loaded when running the worker serve command which starts the main worker instance.

VariableDescriptionIs RequiredDefault Value
HOSTThe host that will be used when binding the http server. Set this to "0.0.0.0" for production environmentsfalse127.0.0.1
PORTThe port that will be used to bind the http serverfalse8080
TEMPORAL_URLThe url used to connect to the temporal instancefalselocalhost:7233
TEMPORAL_NAMESPACEThe Temporal namespace to connect tofalsedefault
TEMPORAL_TASK_QUEUEThe Temporal task queue name to connect to for Neosync jobstrue
TEMPORAL_CERT_KEY_PATHThe path on the filesystem where the worker can find the mTLS certificate key it will use to authenticate against Temporal. This will be used over the TEMPORAL_CERT_KEY environment variablefalse
TEMPORAL_CERT_PATHThe path on the filesystem where the worker can find the mTLS certificate that will be used to authenticate against Temporal. This will be used over the TEMPORAL_CERT environment variablefalse
TEMPORAL_CERTThe Temporal mTLS certificate contents. Use this if you want to load contents directly instead of mounting them to the filesystemfalse
TEMPORAL_CERT_KEYThe Temporal mTLS certificate key contents. Use this if you want to load the contents directly instead of mounting them to the filesystemfalse
NEOSYNC_URLThe base url of the Neosync API that the worker will use to connect tofalselocalhost:8080
NEOSYNC_API_KEYThe API key that will be provided as a bearer token in the Authentication header when making requests to the Neosync APIfalse

CLI

There are some environment variables that the CLI accepts to override default behavior to accomodate different environments.

VariableDescriptionIs RequiredDefault Value
NEOSYNC_API_URLThe base url of the Neosync API. This can be overridden to connect to different Neosync API environmentsfalsehttp://localhost:8080
NEOSYNC_API_KEYThe api key for Neosync API.false
LOGIN_HOSTThe http server that is booted up running `neosync login` via an oauth flowfalse127.0.0.1
LOGIN_REDIRECT_HOSTThe redirect host that is sent alongside the oauth flow when running `neosync login`false127.0.0.1
LOGIN_PORTThe port the http server runs on when running `neosync login`false4242
NEOSYNC_CONFIG_DIRThe config directory to store Neosync-specific credentials. For Linux users, `$XDG_CONFIG_HOME` is also respected.false~/.neosync