Skip to main content
Environment variables for the CORE webapp container.
NameRequiredDefaultDescription
Version
VERSIONNo0.1.12CORE version identifier
Secrets
SESSION_SECRETYesnoneSession encryption secret. Run: openssl rand -hex 16
MAGIC_LINK_SECRETYesnoneMagic link encryption secret. Run: openssl rand -hex 16
ENCRYPTION_KEYYesnoneData encryption key. Run: openssl rand -hex 16
Application & Domains
REMIX_APP_PORTNo3033Application port number
APP_ENVNoproductionApplication environment (development, production)
NODE_ENVNoproductionNode.js environment
APP_ORIGINYeshttp://localhost:3033Application origin URL
LOGIN_ORIGINYeshttp://localhost:3033Login origin URL (usually same as APP_ORIGIN)
API_BASE_URLNoAPP_ORIGINAPI base URL
Database - PostgreSQL
DB_HOSTNolocalhostDatabase host (use container name for Docker)
DB_PORTNo5432Database port
POSTGRES_USERYesdockerPostgreSQL username
POSTGRES_PASSWORDYesdockerPostgreSQL password
POSTGRES_DBYescorePostgreSQL database name
DATABASE_URLYespostgresql://docker:docker@postgres:5432/core?schema=corePostgreSQL connection string
DIRECT_URLYesDATABASE_URLDirect DB connection string for migrations
Database - Neo4j (Memory Graph)
NEO4J_URIYesbolt://neo4j:7687Neo4j connection URI
NEO4J_USERNAMEYesneo4jNeo4j username
NEO4J_PASSWORDYesnoneNeo4j password. Run: openssl rand -hex 16
NEO4J_AUTHYesneo4j/passwordNeo4j authentication (username/password format)
Redis
REDIS_HOSTYesredisRedis host (use container name for Docker)
REDIS_PORTYes6379Redis port
REDIS_TLS_DISABLEDNotrueDisable Redis TLS for local development
Authentication
ENABLE_EMAIL_LOGINNotrueEnable email-based authentication
AUTH_GOOGLE_CLIENT_IDNononeGoogle OAuth client ID
AUTH_GOOGLE_CLIENT_SECRETNononeGoogle OAuth client secret
AI Providers
OPENAI_API_KEYNononeOpenAI API key. Required for OpenAI; for many OpenAI-compatible proxies any non-empty value works
OPENAI_BASE_URLNononeOpenAI-compatible API base URL (e.g. proxy endpoint)
OPENAI_API_MODENoresponsesOpenAI API mode: responses (default) or chat_completions (common for proxies)
GOOGLE_GENERATIVE_AI_API_KEYNononeGoogle AI API key (required when CHAT_PROVIDER=google or EMBEDDINGS_PROVIDER=google)
ANTHROPIC_API_KEYNononeAnthropic API key (required when CHAT_PROVIDER=anthropic)
MODELNogpt-4-turbo-2024-04-09Default chat model
CHAT_PROVIDERNoopenaiChat provider: openai (default), anthropic, google, or ollama
EMBEDDINGS_PROVIDERNoopenaiEmbeddings provider: openai (default), google, or ollama. See Embedding Models
EMBEDDING_MODELNotext-embedding-3-smallModel for text embeddings
EMBEDDING_MODEL_SIZENo1536Embedding dimension (must match pgvector schema/index dimension)
OLLAMA_URLNohttp://ollama:11434Ollama server URL for local models
Background Jobs
QUEUE_PROVIDERNotriggerQueue provider: “trigger” for Trigger.dev or “bullmq” for BullMQ (Redis-based)
TRIGGER_PROJECT_IDConditionalnoneTrigger.dev project identifier (required only when QUEUE_PROVIDER=trigger)
TRIGGER_SECRET_KEYConditionalnoneTrigger.dev authentication secret (required only when QUEUE_PROVIDER=trigger)
TRIGGER_API_URLConditionalhttp://host.docker.internal:8030Trigger.dev API endpoint (required only when QUEUE_PROVIDER=trigger)
TRIGGER_DBNotriggerDatabase name for Trigger.dev
Telemetry
POSTHOG_PROJECT_KEYNophc_SwfGIzzX5gh5bazVWoRxZTBhkr7FwvzArS0NRyGXm1aPostHog project key for usage analytics
TELEMETRY_ENABLEDNotrueEnable (true) or disable (false) telemetry collection
TELEMETRY_ANONYMOUSNofalseSend anonymous telemetry (true) or include user email (false)
Provider Configuration
GRAPH_PROVIDERNoneo4jGraph database provider: “neo4j”, “falkordb”, or “helix”
VECTOR_PROVIDERNopgvectorVector store provider: “pgvector”, “turbopuffer”, or “qdrant”
MODEL_PROVIDERNovercel-aiModel provider abstraction layer
Reranking
RERANK_PROVIDERNononeReranking provider: “cohere”, “ollama”, or “none”
COHERE_API_KEYNononeCohere API key (required when RERANK_PROVIDER=cohere)
COHERE_RERANK_MODELNorerank-english-v3.0Cohere reranking model
COHERE_SCORE_THRESHOLDNo0.3Minimum score threshold for Cohere reranking
OLLAMA_RERANK_MODELNodengcao/Qwen3-Reranker-8B:Q4_K_MOllama reranking model
OLLAMA_SCORE_THRESHOLDNo0.3Minimum score threshold for Ollama reranking
Email / SMTP
EMAIL_TRANSPORTNononeEmail transport: “smtp” or “resend”
FROM_EMAILNononeSender email address
REPLY_TO_EMAILNononeReply-to email address
RESEND_API_KEYNononeResend API key (required when EMAIL_TRANSPORT=resend)
RESEND_WEBHOOK_SECRETNononeResend webhook signing secret
SMTP_HOSTNononeSMTP server hostname
SMTP_PORTNononeSMTP server port
SMTP_SECURENononeUse TLS for SMTP (true/false)
SMTP_USERNononeSMTP authentication username
SMTP_PASSWORDNononeSMTP authentication password
Channels
SLACK_SIGNING_SECRETNononeSlack app signing secret for webhook verification
TWILIO_ACCOUNT_SIDNononeTwilio account SID (required for WhatsApp channel)
TWILIO_AUTH_TOKENNononeTwilio auth token (required for WhatsApp channel)
TWILIO_WHATSAPP_NUMBERNononeTwilio WhatsApp number (e.g. whatsapp:+14155238886)
Other
EXA_API_KEYNononeExa API key for web search capabilities

Security Considerations

Required Secrets

These secrets must be generated and kept secure: 
# Generate secure random secrets
openssl rand -hex 16  # For SESSION_SECRET
openssl rand -hex 16  # For MAGIC_LINK_SECRET  
openssl rand -hex 16  # For ENCRYPTION_KEY
openssl rand -hex 16  # For NEO4J_PASSWORD

Production Recommendations

  • Change all default passwords before deploying to production
  • Use environment-specific secrets - never reuse secrets across environments
  • Store secrets securely - use a secrets manager in production
  • Enable TLS for all database connections in production
  • Restrict CORS origins to your actual domains
  • Use strong authentication - configure OAuth providers for production use

Docker Compose Networks

When using Docker Compose, service names are used as hostnames:
  • postgres for PostgreSQL
  • neo4j for Neo4j
  • redis for Redis
  • ollama for Ollama (if using local models)
For external services (like Trigger.dev), use host.docker.internal to access services running on the host machine.