Skip to main content
Version: Latest

Environment variables

For production use cases, it is crucial to set all environment variables marked as "Mandatory" to ensure optimal performance, security, and functionality of NocoDB.

Database

VariableMandatoryDescriptionIf Not Set
NC_DBYesThe primary database where all NocoDB metadata and data are stored. Example format: pg://host.docker.internal:5432?u=username&p=password&d=database_name.A local SQLite database will be created in the root folder if NC_DB is not specified.
NC_DB_JSONNoAllows setting the database connection using a valid knex connection JSON string instead of NC_DB.
NC_DB_JSON_FILENoA path to a knex connection JSON file can be used to specify the database connection, as an alternative to NC_DB.
DATABASE_URLNoA JDBC URL string can be used for the database connection instead of NC_DB.
DATABASE_URL_FILENoA path to a file containing a JDBC URL can be specified for the database connection as an alternative to NC_DB.
NC_CONNECTION_ENCRYPT_KEYNoThe key used to encrypt the credentials of external databases.
Warning: Changing this variable may break the application. If you must change it, use the CLI as described in the NocoDB Secret CLI documentation.
Keep connection credentials as plain text in the database if not set.

Authentication

VariableMandatoryDescriptionIf Not Set
NC_AUTH_JWT_SECRETYesThis JWT secret is utilized for generating authentication tokens.A random secret will be generated automatically.
NC_JWT_EXPIRES_INNoSpecifies the expiration time for JWT tokens.Defaults to 10h.
NC_GOOGLE_CLIENT_IDNoGoogle client ID required to activate Google authentication.
NC_GOOGLE_CLIENT_SECRETNoGoogle client secret required to activate Google authentication.
NC_ADMIN_EMAILNoSuper admin email address. This is useful in case you need to recover your username and password.An initial prompt for email and password is required when accessing the UI for the first time.
NC_ADMIN_PASSWORDNoSuper admin password. Must be at least 8 characters long, including one uppercase letter, one number, and one special character from $&+,:;=?@#'.^*()%!_-\". This is useful for username and password recovery.
NC_DISABLE_EMAIL_AUTHNoDisables email and password-based authentication, intended for use when Google authentication variables are configured.

Storage

VariableMandatoryDescriptionIf Not Set
NC_S3_BUCKET_NAMENoThe name of the AWS S3 bucket used for the S3 storage plugin.
NC_S3_REGIONNoThe AWS S3 region where the S3 storage plugin bucket is located. Note that NC_S3_ENDPOINT takes precedence if set (the endpoint URL includes the region).
NC_S3_ENDPOINTNoS3 endpoint for S3 storage plugin.Defaults to s3.<region>.amazonaws.com
NC_S3_ACCESS_KEYNoThe AWS access key ID for the S3 storage plugin. Required if no role access in use.
NC_S3_ACCESS_SECRETNoThe AWS access secret associated with the S3 storage plugin. Required if no role access in use.
NC_S3_FORCE_PATH_STYLENoWhether to force path-style requests for the S3 storage plugin.
NC_S3_ACLNoThe ACL for the objects in S3
NC_ATTACHMENT_FIELD_SIZENoMaximum file size allowed for attachments in bytes.Defaults to 20971520 (20 MiB).
NC_MAX_ATTACHMENTS_ALLOWEDNoMaximum number of attachments allowed per cell.Defaults to 10.
NC_ATTACHMENT_RETENTION_DAYSNoNumber of days to retain attachment on storage after all references deleted. (Set 0 to keep forever)Defaults to 10.
NC_SECURE_ATTACHMENTSNoEnables access to attachments only through pre-signed URLs. Set to true to activate; all other values are treated as false. ⚠ Note: Enabling this will make existing links inaccessible.Defaults to false.
NC_ATTACHMENT_EXPIRE_SECONDSNoTime in seconds after which pre-signed URLs for attachments start to expire. The actual expiration will occur after this time plus an additional 10 minutes. Only applicable if NC_SECURE_ATTACHMENTS is enabled.Defaults to 7200 (2 hours).

Email Notifications

  • The following SMTP variables are used to send email notifications to users, e.g., invites.
VariableMandatoryDescriptionIf Not Set
NC_SMTP_FROMYesThe email address used as the sender for the SMTP plugin.
NC_SMTP_HOSTYesThe hostname of the email server for the SMTP plugin.
NC_SMTP_PORTYesThe network port of the email server for the SMTP plugin.
NC_SMTP_USERNAMEYesThe username for authentication with the SMTP plugin.
NC_SMTP_PASSWORDYesThe password for authentication with the SMTP plugin.
NC_SMTP_SECUREYesEnables secure authentication for the SMTP plugin. Set to true to enable; all other values are considered false.
NC_SMTP_IGNORE_TLSYesIgnores TLS for the SMTP plugin. Set to true to ignore TLS; all other values are considered false. For more details, see Nodemailer's SMTP documentation.

Backend

VariableMandatoryDescriptionIf Not Set
PORTNoSpecifies the network port on which NocoDB will run.Defaults to 8080.
NODE_OPTIONSNoNode.js options to pass to the instance.

Frontend

VariableMandatoryDescriptionIf Not Set
NC_PUBLIC_URLNoThis is the base URL used for constructing URLs in email templates, generating the Swagger documentation URL, and handling backend URL requirements. It should be set to your public-facing NocoDB URL to ensure consistency across the application.By default, it infers the URL from the incoming request on the backend. If the server is behind a proxy, this may result in incorrect URLs.
NC_DASHBOARD_URLNoDefines a custom dashboard URL path.Defaults to /dashboard.
NUXT_PUBLIC_NC_BACKEND_URLNoSpecifies a custom backend URL.Defaults to http://localhost:8080.

Cache

VariableMandatoryDescriptionIf Not Set
NC_REDIS_URLYesSpecifies the Redis URL used for caching.
Eg: redis://:authpassword@127.0.0.1:6380/4
Caching layer of backend

Product Configuration

VariableMandatoryDescriptionIf Not Set
DB_QUERY_LIMIT_DEFAULTNoDefault pagination limit for data tables.Defaults to 25. Maximum is 100
DB_QUERY_LIMIT_GROUP_BY_GROUPNoNumber of groups per page.Defaults to 10.
DB_QUERY_LIMIT_GROUP_BY_RECORDNoNumber of records per group.Defaults to 10.
DB_QUERY_LIMIT_MAXNoMaximum allowable pagination limit.Defaults to 1000.
DB_QUERY_LIMIT_MINNoMinimum allowable pagination limit.Defaults to 10
NC_CONNECT_TO_EXTERNAL_DB_DISABLEDNoDisables the ability to create bases on external databases.
NC_INVITE_ONLY_SIGNUPNoDisables public signup; signup is possible only via invitations. Integrated into the super admin settings menu as of version 0.99.0.
NC_REQUEST_BODY_SIZENoMaximum bytes allowed in the request body, based on ExpressJS limits.Defaults to 1048576 (1 MB).
NC_EXPORT_MAX_TIMEOUTNoSets a timeout in milliseconds for downloading CSVs in batches if not completed within this period.Defaults to 5000 (5 seconds).
NC_ALLOW_LOCAL_HOOKSNoAllows webhooks to call local network links, posing potential security risks. Set to true to enable; all other values are considered false.Defaults to false.
NC_SANITIZE_COLUMN_NAMENoEnables sanitization of column names during their creation to prevent SQL injection and other security issues.Defaults to true.
NC_TOOL_DIRNoSpecifies the directory to store metadata and app-related files. In Docker setups, this maps to /usr/app/data/ for mounting volumes.Defaults to the current working directory.
NC_DISABLE_PG_DATA_REFLECTIONNoDisables the creation of a schema for each base in PostgreSQL. Click here for more detail
NC_MIGRATIONS_DISABLEDNoDisables NocoDB migrations.
NC_DISABLE_AUDITNoDisables the audit log feature.Defaults to false.
NC_AUTOMATION_LOG_LEVELNoConfigures logging levels for automation features. Possible values: OFF, ERROR, ALL. More details can be found under Webhooks.Defaults to OFF.

Postgres Data Reflection

NocoDB UI is exactly what's in your Postgres database schema. Same tables, same columns—everything is perfectly mirrored. This is done by creating a schema for each base in PostgreSQL. This feature is enabled by default if the user has the required permissions. To disable it, set the NC_DISABLE_PG_DATA_REFLECTION environment variable to false.

Logging & Monitoring

VariableMandatoryDescriptionIf Not Set
NC_SENTRY_DSNNoData Source Name (DSN) for integrating with Sentry for monitoring and error tracking.
NC_DISABLE_ERR_REPORTSNoDisable default Sentry error reporting.TRUE

Debugging Only

VariableMandatoryDescriptionIf Not Set
NC_DISABLE_CACHENoDisables caching to force metadata fetching directly from the database instead of Redis/cache. Recommended only during debugging.Defaults to false.

Telemetry

VariableMandatoryDescriptionIf Not Set
NC_DISABLE_TELENoDisables the telemetry to prevent sending anonymous usage data. Please keep it enabled to help us understand the usage of the product and the impact that any new breaking change can cause.

Litestream

Litestream is used only when NC_DB is set to SQLite. It backs up the SQLite database and stores it in S3.

VariableMandatoryDescriptionIf Not Set
LITESTREAM_S3_ENDPOINTNoURL of an S3-compatible object storage service endpoint for Litestream replication of NocoDB's default SQLite database. Example: s3.eu-central-1.amazonaws.com.Defaults to AWS S3.
LITESTREAM_S3_REGIONNoAWS region of the Litestream replication object storage bucket. Note that LITESTREAM_S3_ENDPOINT takes precedence if configured (the endpoint URL includes the region).Defaults to the default region configured in AWS.
LITESTREAM_S3_BUCKETNoName of the object storage bucket to store the Litestream replication in.Litestream replication is disabled if this variable is not set.
LITESTREAM_S3_PATHNoDirectory path to use within the Litestream replication object storage bucket.Defaults to nocodb.
LITESTREAM_S3_ACCESS_KEY_IDNoAuthentication key ID for the Litestream replication object storage bucket.Litestream replication is disabled if this variable is not set.
LITESTREAM_S3_SECRET_ACCESS_KEYNoAuthentication secret for the Litestream replication object storage bucket.Litestream replication is disabled if this variable is not set.
LITESTREAM_S3_SKIP_VERIFYNoWhether to disable TLS verification for the Litestream replication object storage service. Useful when testing against a local node such as MinIO and you are using self-signed certificates.Defaults to false.
LITESTREAM_RETENTIONNoAmount of time Litestream snapshot and WAL files are kept. After the retention period, a new snapshot is created and the old one is removed. WAL files that exist before the oldest snapshot will also be removed.Defaults to 1440h (60 days).
LITESTREAM_RETENTION_CHECK_INTERVALNoFrequency in which Litestream will check if retention needs to be enforced.Defaults to 72h (3 days).
LITESTREAM_SNAPSHOT_INTERVALNoFrequency in which new Litestream snapshots are created. A higher frequency reduces the time to restore since newer snapshots will have fewer WAL frames to apply. Retention still applies to these snapshots.Defaults to 24h (1 day).
LITESTREAM_SYNC_INTERVALNoFrequency in which frames are pushed to the Litestream replica. Increasing this frequency can increase object storage costs significantly.Defaults to 60s (1 minute).
LITESTREAM_AGE_PUBLIC_KEYNoage public key generated by age-keygen (age1...) or SSH public key (ssh-ed25519 AAAA..., ssh-rsa AAAA...) used to encrypt the Litestream replication for. Refer to the relevant Litestream documentation for details.Litestream replication is unencrypted if this variable is not set.
LITESTREAM_AGE_SECRET_KEYNoage secret key (AGE-SECRET-KEY-1...) used to encrypt the Litestream replication with. Refer to the relevant Litestream documentation for details.Litestream replication is unencrypted if this variable is not set.
AWS_ACCESS_KEY_IDNoDeprecated. Please use LITESTREAM_S3_ACCESS_KEY_ID instead.
AWS_SECRET_ACCESS_KEYNoDeprecated. Please use LITESTREAM_S3_SECRET_ACCESS_KEY instead.
AWS_BUCKETNoDeprecated. Please use LITESTREAM_S3_BUCKET instead.
AWS_BUCKET_PATHNoDeprecated. Please use LITESTREAM_S3_PATH instead.