Environment Variables
Complete reference for Supascale environment variables.
Supascale is configured through environment variables stored in .env.local. This reference covers all available options.
Required Variables
These must be set for Supascale to function:
Authentication
| Variable | Description | Example |
|---|---|---|
NEXTAUTH_URL | Base URL of your Supascale installation | https://supascale.example.com |
NEXTAUTH_SECRET | Secret key for session encryption | openssl rand -base64 32 |
Database Encryption
| Variable | Description | Example |
|---|---|---|
DB_ENCRYPTION_KEY | 64-character hex key for encrypting stored credentials | openssl rand -hex 32 |
Directory Configuration
| Variable | Default | Description |
|---|---|---|
PROJECTS_BASE_DIR | User home directory | Where Supabase projects are stored |
BACKUPS_BASE_DIR | ~/.supascale_backups | Where backups are stored |
SUPASCALE_DATA_DIR | ./data | SQLite database location |
Application Settings
| Variable | Default | Description |
|---|---|---|
PORT | 3000 | Application port |
NODE_ENV | development | Environment mode (production or development) |
Admin Account (Install Only)
Set during installation, then removed:
| Variable | Description |
|---|---|
ADMIN_USERNAME | Initial admin username |
ADMIN_PASSWORD | Initial admin password (immediately hashed) |
Remove ADMIN_PASSWORD from environment after installation. Passwords are hashed in the database.
Email Configuration
For email notifications (optional):
| Variable | Default | Description |
|---|---|---|
SMTP_HOST | - | SMTP server hostname |
SMTP_PORT | 587 | SMTP port |
SMTP_USER | - | SMTP username |
SMTP_PASSWORD | - | SMTP password |
SMTP_FROM | - | From email address |
NOTIFICATION_EMAIL | - | Admin notification email |
Example SMTP Configuration
# Gmail SMTP_HOST=smtp.gmail.com SMTP_PORT=587 SMTP_USER=your-email@gmail.com SMTP_PASSWORD=your-app-password SMTP_FROM=your-email@gmail.com # SendGrid SMTP_HOST=smtp.sendgrid.net SMTP_PORT=587 SMTP_USER=apikey SMTP_PASSWORD=your-api-key SMTP_FROM=noreply@yourdomain.com
License Configuration
| Variable | Description |
|---|---|
LICENSE_EMAIL | Email associated with your license |
UPDATE_TOKEN | Token for automatic updates |
Get these from your license dashboard.
Development Options
For development only:
| Variable | Default | Description |
|---|---|---|
SKIP_LICENSE_CHECK | false | Skip license validation (dev only) |
Never use SKIP_LICENSE_CHECK in production. This is for development testing only.
Generating Secrets
NEXTAUTH_SECRET
openssl rand -base64 32
Output: K7gNU3sdo+OL0wNhqoVWhr3g6s1xYv72ol/pe/Unols=
DB_ENCRYPTION_KEY
openssl rand -hex 32
Output: a1b2c3d4e5f6... (64 characters)
Complete Example
# /opt/supascale-web/.env.local # === Required === NEXTAUTH_URL=https://supascale.example.com NEXTAUTH_SECRET=your-generated-secret DB_ENCRYPTION_KEY=your-64-char-hex-key # === Directories === PROJECTS_BASE_DIR=/var/supascale/projects BACKUPS_BASE_DIR=/var/supascale/backups # === Application === PORT=3000 NODE_ENV=production # === License === LICENSE_EMAIL=you@example.com UPDATE_TOKEN=your-update-token # === Email (Optional) === SMTP_HOST=smtp.sendgrid.net SMTP_PORT=587 SMTP_USER=apikey SMTP_PASSWORD=your-sendgrid-key SMTP_FROM=noreply@example.com NOTIFICATION_EMAIL=admin@example.com
Applying Changes
After modifying environment variables:
# Restart Supascale pm2 restart supascale-web # Verify it's running pm2 status
Security Best Practices
- Never commit
.env.localto version control - Use strong secrets generated with cryptographic tools
- Rotate secrets periodically by generating new ones
- Limit file permissions:
chmod 600 .env.local - Back up your configuration securely