General environment variables
General environment variables available for use with Self-hosted Retool deployments.
BASE_DOMAIN
The full URL of your Retool deployment for user invitations and password resets. This also needs to be set if you dynamically set callback URLs on protected resources.
If unset, Retool attempts to determine the base domain automatically but cannot do so if your deployment is behind a proxy server.
BASE_DOMAIN=https://retool.example.com
CUSTOM_API_KEY
A Custom API key to override Retool-generated API keys. This doesn't apply to access tokens for embedding web apps, you still need to use the token generated in Retool.
CUSTOM_API_KEY=key_545567563
CUSTOM_RETOOL_SANDBOX_RESTRICTIONS
Only configure custom sandbox restrictions if you are comfortable with the security implications.
The JavaScript sandbox restrictions to allow. Specify space-separated values for multiple restrictions.
allow-downloads
: Allow downloadsallow-popups
: Allow pop-upsallow-modals
: Allow modals
If unset, no restrictions are allowed.
CUSTOM_RETOOL_SANDBOX_RESTRICTIONS=allow-downloads allow-modals
DEBUG
Whether to enable verbose logging for debugging purposes. Set DEBUG
to 1
to enable verbose logging.
DEBUG=1
DISABLE_IMAGE_PROXY
Disable the proxy used for public apps.
DISABLE_IMAGE_PROXY=true
DISABLE_INTERCOM
Requires Self-hosted Retool v2.72.28 or later.
Disable Retool's support widget in the frontend. See Retool Support guidelines to learn how to contact Retool.
DISABLE_INTERCOM=true
DISABLE_MEMORY_AND_CPU_USAGE_LOGGING
Disable logging of CPU and memory usage.
DISABLE_MEMORY_AND_CPU_USAGE_LOGGING=true
DISABLE_PUBLIC_PAGES
Disable public access of Retool apps. When set to true
, set DISABLE_IMAGE_PROXY
to true
as well to fully disable public access.
DISABLE_PUBLIC_PAGES=true
DISABLE_FORWARDABLE_COOKIE_DECODING
Requires Self-hosted Retool v2.90 or later.
Disable automatic cookie decoding when using forwardable cookies.
DISABLE_FORWARDABLE_COOKIE_DECODING=true
DOMAINS
Used to set EntityID in SAML requests and obtain SSL certificate when setting up HTTPS.
DOMAINS=retool.your-domain.com -> http://api:3000
HIDE_PROD_AND_STAGING_TOGGLES
Hide Production and Staging toggles in creator and user mode interfaces.
HIDE_PROD_AND_STAGING_TOGGLES=true
HTML_ESCAPE_RETOOL_EXPRESSIONS
Escape HTML expressions within curly braces ({{ }}
). If unset, the default is false
.
HTML_ESCAPE_RETOOL_EXPRESSIONS=true
HTTP_PROXY
The URL and port number for proxying HTTP connections.
HTTP_PROXY=http://example.com:8080
LOG_AUDIT_EVENTS
Log all audit events.
LOG_AUDIT_EVENTS=true
LOG_LEVEL
The level of information logged to stdout. Specify space-separated values for multiple restrictions.
info
: Default logging level.verbose
: More verbose logs for git syncing, authentication, etc.debug
: Raw debug logs.
LOG_LEVEL=debug
DISABLE_AUDIT_TRAILS_LOGGING
Requires Self-hosted Retool v3.18 or later.
Disable all writes to audit logs.
DISABLE_AUDIT_TRAILS_LOGGING=true
NO_PROXY
Skip proxying HTTP requests from the specified URLs. Used when HTTP_PROXY
is set.
NO_PROXY=localhost,*.service.company
NODE_ENV
The environment of the instance. Must always be set to production
.
NODE_ENV=production
NODE_TLS_REJECT_UNAUTHORIZED
When set to 0, disables certificate validation for TLS connections. This setting is insecure and not recommended for production instances.
NODE_TLS_REJECT_UNAUTHORIZED=0
NUM_WORKERS
The number of worker threads for the api
container. The default value is Math.min(Math.max(1, numCPUs), 3)
, where numCPUs
is the number of logical CPU cores on the machine determined by Node.js.
NUM_WORKERS=4
RETOOL_EXPOSED_{NAME}
Use the RETOOL_EXPOSED_
prefix to store secrets that you can use when configuring resources.
RETOOL_EXPOSED_DB_USERNAME=db_user
RETOOL_EXPOSED_DB_PASSWORD=4356748i7rkjthrtHBHNHRFB
Only use underscores to separate characters and words. Other separators, including hyphens, cannot be used.
RETOOL_ENV
Used in SCIM provisioning and Source Control alerting to specify the environment name. Defaults to production
.
RETOOL_ENV=production
SERVICE_TYPE
Used to set the Retool services a container runs. Separate multiple values with commas with no spaces. If no SERVICE_TYPE
is specified, all services are run.
Acceptable values
MAIN_BACKEND
JOBS_RUNNER
DB_CONNECTOR
DB_SSH_CONNECTOR
WORKFLOW_BACKEND
WORKFLOW_TEMPORAL_WORKER
SERVICE_TYPE=MAIN_BACKEND,JOBS_RUNNER