Skip to content

Environment Variables

The API validates its environment at startup. A missing required variable or an invalid value (for example a non-numeric PORT) causes the process to exit immediately with an error naming the offending variable, rather than failing later at runtime.

Variable Description
DATABASE_URL PostgreSQL connection string, e.g. postgresql://user:pass@localhost:5432/ablebase.
BETTER_AUTH_SECRET Secret used to sign auth tokens. Generate with openssl rand -base64 32.
BETTER_AUTH_URL Must be the web origin (e.g. http://localhost:5173), not the API’s own port. Auth callbacks and session cookies are issued against this URL.

BETTER_AUTH_URL is listed as required because any real deployment needs it for correct auth callbacks and cookies. The app will still boot without it (useful for local/test runs), but set it for anything beyond local development.

Variable Default Description
PORT 3001 Port the API listens on.
HOST 0.0.0.0 Bind address.
CLIENT_ORIGIN http://localhost:4813 Comma-separated list of allowed CORS origins.
TRUST_PROXY Set to "true" when running behind a reverse proxy to get accurate client IPs for rate limiting.
SKIP_MIGRATIONS Set to "1" to skip automatic migrations at startup.
UPLOAD_DIR ./uploads Filesystem path for storing uploaded profile pictures, org logos, and cached integration logos. Must be a persistent volume in containerized deployments.
Variable Default Description
ALLOW_SIGNUP false Set to "true" to allow new email/password account registration.

These credentials power GitHub social login and are separate from the GitHub App used for integrations (below).

Variable Description
GITHUB_CLIENT_ID GitHub OAuth App client ID.
GITHUB_CLIENT_SECRET GitHub OAuth App client secret.

The OAuth callback URL must be <BETTER_AUTH_URL>/api/auth/callback/github.

Credentials for the Integrations feature — linking repositories and importing issues. These are separate from the sign-in credentials above. All are optional: when any is missing, the GitHub integration is disabled and the app still boots. See Integrations.

Variable Description
GITHUB_APP_ID GitHub App ID.
GITHUB_APP_PRIVATE_KEY GitHub App private key (PEM). In env files, encode newlines as \n.
GITHUB_APP_CLIENT_ID GitHub App client ID.
GITHUB_APP_CLIENT_SECRET GitHub App client secret.
GITHUB_APP_WEBHOOK_SECRET Secret used to verify inbound GitHub webhooks. Must match the webhook secret configured on the GitHub App.
GITHUB_APP_SLUG The GitHub App’s URL slug (used to build install links).

Point the GitHub App’s webhook URL at <host>/api/integrations/github/webhooks and subscribe to the Issues, Installation, and Installation repositories events. See GitHub App (integrations) for the full setup.

OAuth client credentials for connecting a Linear workspace via the Integrations feature. Both are optional: when either is missing, the Linear integration is disabled and the app still boots. See Integrations.

Variable Description
LINEAR_CLIENT_ID Linear OAuth application client ID.
LINEAR_CLIENT_SECRET Linear OAuth application client secret.

The OAuth redirect URI registered in the Linear application must be <web-origin>/integrations/linear/setup.

Variable Description
SENTRY_DSN Sentry DSN for server-side error tracking. Optional.
SENTRY_RELEASE Release identifier attached to Sentry events for this deployment. Optional.
Variable Description
FLAGSMITH_ENVIRONMENT_KEY Server-side Flagsmith environment key (secret — do not expose to clients). Optional.
Variable Description
CI Set to any truthy value to disable the global rate limiter during test runs.
PLAYWRIGHT Same effect as CI. Used to disable rate limiting during Playwright end-to-end tests.
Variable Description
RAILWAY_SERVICE__ABLEBASE_WEB_URL Injected automatically by Railway. Ablebase trusts this domain as a CORS and auth origin. No manual configuration needed.

Variable Description
VITE_FLAGSMITH_ENVIRONMENT_ID Client-side Flagsmith environment ID. Safe to ship to the browser. Optional.