Skip to main content

Environment variables reference

Environment variables for Self-hosted Retool deployments.

Environment variables control or override certain functions and characteristics of Self-hosted Retool instances. Some Retool features require you to set environment variables, such as SSO or Source Control.

Only configure environment variables when needed. You can configure many environment variables from your organization's Settings rather than directly editing your deployment's configuration file.

You must restart your instance after setting any variables for them to take effect.

ACTIVE_PAGE_SAVE_PROCESSOR_QUEUE

ACTIVE_PAGE_SAVE_PROCESSOR_QUEUE=null

ADMIN_API_ACCESS_TOKEN

string

If non-empty, Retool creates an API access token with the provided string value. Requires ADMIN_USER_EMAIL to be set to a valid email address of an admin user.

ADMIN_API_ACCESS_TOKEN=token

ADMIN_API_ACCESS_TOKEN_SCOPES

string

Comma-separated list of scopes to be assigned to the API access token created using ADMIN_API_ACCESS_TOKEN env variable.

ADMIN_API_ACCESS_TOKEN_SCOPES=source_control:read,source_control:write,groups:read,groups:write,spaces:read,spaces:write,folders:read,folders:write,permissions:all:read,permissions:all:write

ADMIN_SPACE_DOMAINS

ADMIN_SPACE_DOMAINS=null

ADMIN_USER_EMAIL

string

If non-empty, Retool creates an admin user with the provided email in the Admin Space.

ADMIN_USER_EMAIL=admin@example.com

AIRGAPPED

AIRGAPPED=null

AIRTABLE_API_KEY

AIRTABLE_API_KEY=null

ALLOW_SAME_ORIGIN_OPTION

boolean

Whether to use allow-same-origin for iframes and custom components. If this is not true, custom components are heavily restricted in their behavior. Refer to the configure same-origin and sandbox guide to learn more.

Default value is false.

ALLOW_SAME_ORIGIN_OPTION=false

API_CALLS_PER_MIN

API_CALLS_PER_MIN=null

API_CALLS_PER_MINUTE

number

Retool uses a point system for rate limiting where endpoint requests cost a certain number of points. The default is 300 points in a 60 second window. If you exceed this, Retool blocks any subsequent API calls for 60 seconds. You can increase the number of points with the API_CALLS_PER_MIN environment variable.

Default value is 300.

API_CALLS_PER_MINUTE=300

APPLE_SIWA_DEVELOPMENT_KEY

APPLE_SIWA_DEVELOPMENT_KEY=null

APPLE_SIWA_KEY

APPLE_SIWA_KEY=null

APPS_FS_SYNC_ON

APPS_FS_SYNC_ON=null

APPS_FS_SYNC_ORG_ID

APPS_FS_SYNC_ORG_ID=null

APPS_FS_SYNC_WATCHER

APPS_FS_SYNC_WATCHER=null

AUDIT_INSERT_TIMEOUT_SECONDS

AUDIT_INSERT_TIMEOUT_SECONDS=null

AUDIT_LOG_DOWNLOADS_ACCESS_KEY_ID

AUDIT_LOG_DOWNLOADS_ACCESS_KEY_ID=null

AUDIT_LOG_DOWNLOADS_BUCKET

AUDIT_LOG_DOWNLOADS_BUCKET=null

AUDIT_LOG_DOWNLOADS_SECRET_ACCESS_KEY

AUDIT_LOG_DOWNLOADS_SECRET_ACCESS_KEY=null

AUDIT_SELECT_TIMEOUT_SECONDS

AUDIT_SELECT_TIMEOUT_SECONDS=null

AUDIT_TRAILS_FILTER_DEFAULT_DAYS

AUDIT_TRAILS_FILTER_DEFAULT_DAYS=null

AUDIT_TRAILS_POSTGRES_DB

AUDIT_TRAILS_POSTGRES_DB=null

AUDIT_TRAILS_POSTGRES_HOST

AUDIT_TRAILS_POSTGRES_HOST=null

AUDIT_TRAILS_POSTGRES_PASSWORD

AUDIT_TRAILS_POSTGRES_PASSWORD=null

AUDIT_TRAILS_POSTGRES_PORT

AUDIT_TRAILS_POSTGRES_PORT=null

AUDIT_TRAILS_POSTGRES_USER

AUDIT_TRAILS_POSTGRES_USER=null

AUTH_REQS_PER_MINUTE

AUTH_REQS_PER_MINUTE=null

AZURE_QUEUE_STORAGE_CONNECTION_STRING

AZURE_QUEUE_STORAGE_CONNECTION_STRING=null

AZURE_REPOS_MAIN_BRANCH

string

The main branch for the Azure Repos repository.

AZURE_REPOS_MAIN_BRANCH=main

AZURE_REPOS_ORGANIZATION

string

The Azure DevOps organization name.

AZURE_REPOS_ORGANIZATION=my-organization

AZURE_REPOS_PERSONAL_ACCESS_TOKEN

string

The personal access token for the Azure DevOps organization user.

AZURE_REPOS_PERSONAL_ACCESS_TOKEN=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa

AZURE_REPOS_PROJECT

AZURE_REPOS_PROJECT=null

AZURE_REPOS_REPO

string

The Azure DevOps repository name.

AZURE_REPOS_REPO=my-repo

AZURE_REPOS_URL

AZURE_REPOS_URL=null

AZURE_REPOS_USER

string

The username or service account for the for Azure DevOps organization.

AZURE_REPOS_USER=retool

BACKEND_API_PORT

BACKEND_API_PORT=null

BASE_DOMAIN

string

The full URL of your Retool deployment for user invitations and password resets. This also needs to be set if you dynamically set callback URLs on protected resources.

BASE_DOMAIN=retool.example.com

BAZEL_TEST_ENV

BAZEL_TEST_ENV=null

BITBUCKET_APP_PASSWORD

string

The app password for the Bitbucket user.

BITBUCKET_APP_PASSWORD=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa

BITBUCKET_ENTERPRISE_API_URL

BITBUCKET_ENTERPRISE_API_URL=null

BITBUCKET_ENTERPRISE_URL

BITBUCKET_ENTERPRISE_URL=null

BITBUCKET_MAIN_BRANCH

string

The main branch for the Bitbucket repository.

BITBUCKET_MAIN_BRANCH=main

BITBUCKET_REPO

string

The Bitbucket repository name.

BITBUCKET_REPO=my-repo

BITBUCKET_USER

string
BITBUCKET_USER=retool

BITBUCKET_WORKSPACE

string

The Bitbucket workspace name.

BITBUCKET_WORKSPACE=my-workspace

BOOTSTRAP_FROM_SOURCE

BOOTSTRAP_FROM_SOURCE=null

BOOTSTRAP_GITHUB_MAIN_BRANCH

BOOTSTRAP_GITHUB_MAIN_BRANCH=null

BOOTSTRAP_GITHUB_ORGANIZATION_NAME

BOOTSTRAP_GITHUB_ORGANIZATION_NAME=null

BOOTSTRAP_GITHUB_REPOSITORY_NAME

BOOTSTRAP_GITHUB_REPOSITORY_NAME=null

BOOTSTRAP_USER

BOOTSTRAP_USER=null

BUILD_NUMBER

BUILD_NUMBER=null

BUILD_WORKSPACE_DIRECTORY

BUILD_WORKSPACE_DIRECTORY=null

CACHE_CONTROL_PRIVATE

CACHE_CONTROL_PRIVATE=null
string

A Google OAuth client app ID for OAuth-based authentication with Google (e.g., Google SSO with OIDC or using a Google Sheets resource).

CLIENT_ID=123456789012-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com

CLIENT_MAX_BODY_SIZE

string

On the https-portal container, specify the maximum request body size, in bytes, megabytes (M), or kilobytes (K). Any upload that exceeds this limit results in a 413 HTTP error. Set to 0 to allow bodies of any size.

CLIENT_MAX_BODY_SIZE=40M
string

A Google OAuth client app secret for OAuth-based authentication with Google (e.g., Google SSO with OIDC or using a Google Sheets resource).

CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz

CODE_COMMIT_AWS_ACCESS_KEY_ID

string

The AWS access key ID for the IAM user.

CODE_COMMIT_AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE

CODE_COMMIT_AWS_DEFAULT_REGION

string

The AWS region for the CodeCommit repository.

CODE_COMMIT_AWS_DEFAULT_REGION=us-west-2

CODE_COMMIT_AWS_SECRET_ACCESS_KEY

string

The AWS secret access key for the IAM user.

CODE_COMMIT_AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

CODE_COMMIT_HTTPS_PASSWORD

string

The password for HTTPS authentication with the CodeCommit repository.

CODE_COMMIT_HTTPS_PASSWORD=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa

CODE_COMMIT_HTTPS_USERNAME

string

The username for HTTPS authentication with the CodeCommit repository.

CODE_COMMIT_HTTPS_USERNAME=retool

CODE_COMMIT_MAIN_BRANCH

string

The main branch for the CodeCommit repository.

CODE_COMMIT_MAIN_BRANCH=main

CODE_COMMIT_REPOSITORY_NAME

string

The CodeCommit repository name.

CODE_COMMIT_REPOSITORY_NAME=my-repo

CODE_EXECUTOR_INGRESS_DOMAIN

string

The domain for the code-executor service that executes arbitrary user-defined JavaScript and Python code with installed custom libraries. The value depends on your deployment configuration, but must include a protocol (http:// or https://).

CODE_EXECUTOR_INGRESS_DOMAIN=code-executor.example.com

CODE_EXECUTOR_QUARANTINE_INGRESS_DOMAIN

CODE_EXECUTOR_QUARANTINE_INGRESS_DOMAIN=null

COMMIT_HASH

COMMIT_HASH=null

CONTAINER_UNPRIVILEGED_MODE

boolean

Whether to run the code-executor service in an unprivileged mode and remove any sandboxing of user code.

Default value is false.

CONTAINER_UNPRIVILEGED_MODE=false

CONTENT_TYPE_PARSING_REST_API_ENABLED

CONTENT_TYPE_PARSING_REST_API_ENABLED=null

CREATE_FIRST_ORG

boolean

If set to true, Retool automatically creates the first organization on the instance. This is useful for automated provisioning of Retool instances.

Default value is false.

CREATE_FIRST_ORG=true

CUSTOM_API_KEY

CUSTOM_API_KEY=null

CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_ACCESS_KEY_ID

CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_ACCESS_KEY_ID=null

CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_BUCKET

CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_BUCKET=null

CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_BUCKET_REGION

CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_BUCKET_REGION=null

CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_SECRET_ACCESS_KEY

CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_SECRET_ACCESS_KEY=null

CUSTOM_DOMAINS_BUILDKITE_API_TOKEN

CUSTOM_DOMAINS_BUILDKITE_API_TOKEN=null
string

A URL that users are redirected to after logging out of Retool.

CUSTOM_LOGOUT_REDIRECT=https://example.com/logout/success
number

The lifespan, in minutes, of custom OpenID provider tokens.

Default value is 120.

CUSTOM_OAUTH2_SSO_ACCESS_TOKEN_LIFESPAN_MINUTES=60
string

An identifier for a resource to which users should have access upon completion of an OpenID authorization process.

CUSTOM_OAUTH2_SSO_AUDIENCE=https://retool.auth0.com/api/v2

CUSTOM_OAUTH2_SSO_AUTH_URL

CUSTOM_OAUTH2_SSO_AUTH_URL=null

CUSTOM_OAUTH2_SSO_CLIENT_ID

CUSTOM_OAUTH2_SSO_CLIENT_ID=null

CUSTOM_OAUTH2_SSO_CLIENT_SECRET

CUSTOM_OAUTH2_SSO_CLIENT_SECRET=null

CUSTOM_OAUTH2_SSO_INCLUDE_BASIC_AUTH_IN_HEADERS

CUSTOM_OAUTH2_SSO_INCLUDE_BASIC_AUTH_IN_HEADERS=null

CUSTOM_OAUTH2_SSO_JWT_EMAIL_KEY

CUSTOM_OAUTH2_SSO_JWT_EMAIL_KEY=null

CUSTOM_OAUTH2_SSO_JWT_FIRST_NAME_KEY

CUSTOM_OAUTH2_SSO_JWT_FIRST_NAME_KEY=null

CUSTOM_OAUTH2_SSO_JWT_LAST_NAME_KEY

CUSTOM_OAUTH2_SSO_JWT_LAST_NAME_KEY=null
string

Returns an array of strings where each string represents an OpenID group name. This setting is used with CUSTOM_OAUTH2_SSO_ROLE_MAPPING to map groups to Retool permission groups.

CUSTOM_OAUTH2_SSO_JWT_ROLES_KEY=idToken.groups

CUSTOM_OAUTH2_SSO_NO_SCOPE_IN_AUTHORIZATION_CODE_REQ

CUSTOM_OAUTH2_SSO_NO_SCOPE_IN_AUTHORIZATION_CODE_REQ=null
string

The mapping of roles from your OpenID provider to Retool permission groups.

CUSTOM_OAUTH2_SSO_ROLE_MAPPING=devops -> admin, support -> viewer

CUSTOM_OAUTH2_SSO_ROLE_MAPPING_DISABLED

boolean

Disables the mapping of roles from your OpenID provider to Retool permission groups. Set this variable to true to disable passing roles from JWTs.

CUSTOM_OAUTH2_SSO_ROLE_MAPPING_DISABLED=true

CUSTOM_OAUTH2_SSO_SCOPES

CUSTOM_OAUTH2_SSO_SCOPES=null

CUSTOM_OAUTH2_SSO_TOKEN_URL

CUSTOM_OAUTH2_SSO_TOKEN_URL=null
string

The endpoint for Retool to make an additional request for a fat token containing all available claims from your OpenID SSO provider.

CUSTOM_OAUTH2_SSO_USERINFO_URL=https://yourcompany.okta.com/oauth2/v1/userinfo

CUSTOM_RETOOL_SANDBOX_RESTRICTIONS

enum

The JavaScript sandbox restrictions to allow. Specify space-separated values for multiple restrictions. Only configure custom sandbox restrictions if you are comfortable with the security implications.

allow-downloads

Allow downloads.

allow-popups

Allow popups.

allow-modals

Allow modals.

CUSTOM_RETOOL_SANDBOX_RESTRICTIONS=allow-downloads

CUSTOM_SPECS_DOMAIN

CUSTOM_SPECS_DOMAIN=null

DATABASE_API_BEARER_TOKEN

DATABASE_API_BEARER_TOKEN=null

DATABASE_API_URL

DATABASE_API_URL=null

DATABASE_MIGRATIONS_STATEMENT_TIMEOUT_SECONDS

DATABASE_MIGRATIONS_STATEMENT_TIMEOUT_SECONDS=null

DATABASE_MIGRATIONS_TIMEOUT_SECONDS

number

The timeout, in seconds, for database migrations. If the migration takes longer than this time, the migration fails. Consider setting a higher value if you're upgrading to another major version of Self-hosted Retool or the upgrade includes changes from multiple minor versions.

DATABASE_MIGRATIONS_TIMEOUT_SECONDS=1000

DATABASE_SCHEMA_QUERY_LIMIT

DATABASE_SCHEMA_QUERY_LIMIT=null

DATABASE_URL

DATABASE_URL=null

DATABRICKS_DISABLE_GET_SCHEMA

DATABRICKS_DISABLE_GET_SCHEMA=null

DB_CONNECTOR_HOST

DB_CONNECTOR_HOST=null

DB_CONNECTOR_PORT

DB_CONNECTOR_PORT=null

DB_SSH_CONNECTOR_HOST

DB_SSH_CONNECTOR_HOST=null

DB_SSH_CONNECTOR_PORT

DB_SSH_CONNECTOR_PORT=null

DBCONNECTOR_AUTH

DBCONNECTOR_AUTH=null

DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_ATHENA

DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_ATHENA=null

DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_DYNAMODB

DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_DYNAMODB=null

DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_LAMBDA

DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_LAMBDA=null

DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_S3

DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_S3=null

DBCONNECTOR_AWS_ROLE_ASSUMER_WITH_WEB_IDENTITY

DBCONNECTOR_AWS_ROLE_ASSUMER_WITH_WEB_IDENTITY=null

DBCONNECTOR_AWS_STS_V3

DBCONNECTOR_AWS_STS_V3=null

DBCONNECTOR_CPU_PROFILING_TIME_MS

DBCONNECTOR_CPU_PROFILING_TIME_MS=null

DBCONNECTOR_DOMAIN_AP_SOUTHEAST_1

DBCONNECTOR_DOMAIN_AP_SOUTHEAST_1=null

DBCONNECTOR_DOMAIN_EU_CENTRAL_1

DBCONNECTOR_DOMAIN_EU_CENTRAL_1=null

DBCONNECTOR_DOMAIN_US_WEST_2

DBCONNECTOR_DOMAIN_US_WEST_2=null

DBCONNECTOR_EXTENDED_QUERY_TIMEOUT_ENABLED_RESOURCES

DBCONNECTOR_EXTENDED_QUERY_TIMEOUT_ENABLED_RESOURCES=null

DBCONNECTOR_EXTENDED_QUERY_TIMEOUT_MS

DBCONNECTOR_EXTENDED_QUERY_TIMEOUT_MS=null

DBCONNECTOR_FIREBASE_MEMORY_LIMIT_MB

DBCONNECTOR_FIREBASE_MEMORY_LIMIT_MB=null

DBCONNECTOR_FIREBASE_WORKER_ENDURANCE

DBCONNECTOR_FIREBASE_WORKER_ENDURANCE=null

DBCONNECTOR_HEADERS_TIMEOUT_MS

DBCONNECTOR_HEADERS_TIMEOUT_MS=null

DBCONNECTOR_HTTP_AGENT_MAX_SOCKETS

DBCONNECTOR_HTTP_AGENT_MAX_SOCKETS=null

DBCONNECTOR_INGRESS_PREFIX

DBCONNECTOR_INGRESS_PREFIX=null

DBCONNECTOR_JDBC_POOL_CONNECTION_MAX_IDLE_MS

DBCONNECTOR_JDBC_POOL_CONNECTION_MAX_IDLE_MS=null

DBCONNECTOR_KEEPALIVE_TIMEOUT_MS

DBCONNECTOR_KEEPALIVE_TIMEOUT_MS=null

DBCONNECTOR_MEMORY_LIMIT_PERCENT

DBCONNECTOR_MEMORY_LIMIT_PERCENT=null

DBCONNECTOR_MONGODB_ENABLE_STREAMING_ONPREM

DBCONNECTOR_MONGODB_ENABLE_STREAMING_ONPREM=null

DBCONNECTOR_NUM_WORKERS

number

The number of worker threads for the db-connector container. The default value is Math.min(Math.max(1, numCPUs), 3), where numCPUs is the number of logical CPU cores on the machine determined by Node.js.

DBCONNECTOR_NUM_WORKERS=4

DBCONNECTOR_POSTGRES_POOL_MAX_SIZE

number

The PostgreSQL connection pool maximum size.

Default value is 10.

DBCONNECTOR_POSTGRES_POOL_MAX_SIZE=20

DBCONNECTOR_QUERY_TIMEOUT_BUFFER_MS

DBCONNECTOR_QUERY_TIMEOUT_BUFFER_MS=null

DBCONNECTOR_QUERY_TIMEOUT_MS

number

The duration, in milliseconds, for queries to run before timing out. If your Retool deployment is behind a load balancer, increase the load balancer's timeout by a proportionate amount.

Default value is 120000.

DBCONNECTOR_QUERY_TIMEOUT_MS=120000

DBCONNECTOR_SHARDING_JITTER_THRESHOLD

DBCONNECTOR_SHARDING_JITTER_THRESHOLD=null

DBCONNECTOR_SHARDING_MAX_JITTER

DBCONNECTOR_SHARDING_MAX_JITTER=null

DBCONNECTOR_SHARDING_MIN_JITTER

DBCONNECTOR_SHARDING_MIN_JITTER=null

DBCONNECTOR_SHARDING_OLD_WINDOW_WEIGHT

DBCONNECTOR_SHARDING_OLD_WINDOW_WEIGHT=null

DBCONNECTOR_SHARDING_RESOURCE_TYPES

DBCONNECTOR_SHARDING_RESOURCE_TYPES=null

DBCONNECTOR_SHARDING_TIME_PERIOD_IN_SECONDS

DBCONNECTOR_SHARDING_TIME_PERIOD_IN_SECONDS=null

DBCONNECTOR_SHARDING_TTL

DBCONNECTOR_SHARDING_TTL=null

DBCONNECTOR_SHOULD_LOG_QUERY_HASHES

DBCONNECTOR_SHOULD_LOG_QUERY_HASHES=null

DEBUG

number

Whether to enable verbose logging for debugging purposes.

Default value is 0.

DEBUG=1
string

The default Retool user group for a Google SSO domain. Default groups only apply to new users who sign up using SSO, not existing users signing in.

DEFAULT_GROUP_FOR_DOMAINS=example1.org -> admin, example2.com -> viewer

DISABLE_AUDIT_TRAILS_LOGGING

boolean

Whether to disable logging of audit trails.

Default value is false.

DISABLE_AUDIT_TRAILS_LOGGING=true

DISABLE_DATABASE_MIGRATIONS

DISABLE_DATABASE_MIGRATIONS=null

DISABLE_DATABASE_MIGRATIONS_TIMEOUT

DISABLE_DATABASE_MIGRATIONS_TIMEOUT=null

DISABLE_GIT_SYNCING

boolean

Whether to disable Git syncing.

Default value is false.

DISABLE_GIT_SYNCING=true

DISABLE_IMAGE_PROXY

boolean

Whether to disable the proxy used for publicly embedded apps.

Default value is false.

DISABLE_IMAGE_PROXY=true

DISABLE_INTERCOM

boolean

Disable Retool's support widget in the frontend. Refer to the Retool Support page to learn how to contact Retool.

Default value is false.

DISABLE_INTERCOM=true

DISABLE_IPTABLES_SECURITY_CONFIGURATION

boolean

Whether to disable the default security configuration for link-local address, which is done by running the following startup commands requiring elevated privileges. Set to true if privileged access (e.g NET_ADMIN) cannot be given to the container running Code executor service.

Default value is false.

DISABLE_IPTABLES_SECURITY_CONFIGURATION=false

DISABLE_MEMORY_AND_CPU_USAGE_LOGGING

boolean

Whether to disable logging of memory and CPU usage.

Default value is false.

DISABLE_MEMORY_AND_CPU_USAGE_LOGGING=true

DISABLE_PAGE_USER_HEARTBEAT

DISABLE_PAGE_USER_HEARTBEAT=null

DISABLE_PROTECTED_APPS_SYNCING

DISABLE_PROTECTED_APPS_SYNCING=null

DISABLE_PUBLIC_PAGES

boolean

Whether to disable public access to Retool apps. If set to true, also set DISABLE_IMAGE_PROXY to true to fully disable public access.

Default value is false.

DISABLE_PUBLIC_PAGES=true

DISABLE_RATE_LIMIT

DISABLE_RATE_LIMIT=null

DISABLE_SOURCE_CONTROL_SYNCING

boolean

Whether to disable Source Control syncing changes with the repository. This only pauses the syncing process and protected items are unaffected.

Default value is false.

DISABLE_SOURCE_CONTROL_SYNCING=true

DISABLE_TEST_RESOURCES

DISABLE_TEST_RESOURCES=null
boolean

Disable username and password authentication. If true, users can only log in using SSO.

DISABLE_USER_PASS_LOGIN=true

DO_HIBP_CHECK

DO_HIBP_CHECK=null

DOMAINS

string

The domains to use for EntityID in SAML requests and obtaining SSL certificates when setting up HTTPS.

DOMAINS=retool.your-domain.com -> http://api:3000

EMAIL_SENDER_AUTH_TOKEN

EMAIL_SENDER_AUTH_TOKEN=null

EMAIL_SENDER_HOST

EMAIL_SENDER_HOST=null

EMAIL_SENDER_IP_RATE_LIMIT_POINTS

EMAIL_SENDER_IP_RATE_LIMIT_POINTS=null

EMAIL_SENDER_WITH_LICENSE_KEY_RATE_LIMIT_POINTS

EMAIL_SENDER_WITH_LICENSE_KEY_RATE_LIMIT_POINTS=null

EMAIL_SENDER_WITHOUT_LICENSE_KEY_RATE_LIMIT_POINTS

EMAIL_SENDER_WITHOUT_LICENSE_KEY_RATE_LIMIT_POINTS=null

EMBEDDING_DAILY_TOKEN_LIMIT

EMBEDDING_DAILY_TOKEN_LIMIT=null

ENABLE_CLIENT_SIDE_CUSTOM_AUTH_BROWSER_CALLS

boolean

Whether to allow custom authentication steps for resources that make REST API calls directly from the browser. If true, these requests include all browser credentials, even cross-origin calls.

ENABLE_CLIENT_SIDE_CUSTOM_AUTH_BROWSER_CALLS=true

ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS

boolean

Whether to allow configuration of custom authentication steps for users to perform whenever they log into Retool.

Default value is false.

ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS=true

ENABLE_DATABASE_MIGRATIONS_CONCURRENT_INDEX_CREATION

ENABLE_DATABASE_MIGRATIONS_CONCURRENT_INDEX_CREATION=null

ENABLE_DBCONNECTOR_FIREBASE_PROCESS_LIMIT

ENABLE_DBCONNECTOR_FIREBASE_PROCESS_LIMIT=null

ENABLE_GLOBAL_QUERY_TIMEOUT

ENABLE_GLOBAL_QUERY_TIMEOUT=null

ENABLE_RUN_QUERY_BY_UUID_METADATA_LOG

ENABLE_RUN_QUERY_BY_UUID_METADATA_LOG=null

ENCRYPTION_KEY

string

The encryption key used to encrypt data stored in the PostgreSQL database (e.g., database credentials, SSH keys, etc). If you change this key, you will lose access to all resources that were created before the change.

ENCRYPTION_KEY=key

EVENT_LOOP_BLOCK_DETECTION_ENABLED

EVENT_LOOP_BLOCK_DETECTION_ENABLED=null

EVENT_LOOP_BLOCK_DETECTION_THRESHOLD_MS

EVENT_LOOP_BLOCK_DETECTION_THRESHOLD_MS=null

FAILED_MONTHLY_LOGINS_PER_IP

FAILED_MONTHLY_LOGINS_PER_IP=null

FAILED_MONTHLY_LOGINS_PER_USER

FAILED_MONTHLY_LOGINS_PER_USER=null

FAILOVER_DOMAIN

FAILOVER_DOMAIN=null

FORWARDABLE_SAME_DOMAIN_COOKIES_ALLOWLIST

string

Whether to send authentication requests using insecure cookies. When you have cookies scoped to your primary domain, you can use this variable to include those cookies in requests from the subdomain you host Retool on to your primary domain.

FORWARDABLE_SAME_DOMAIN_COOKIES_ALLOWLIST=cookieName

GIT_POLL_INTERVAL_SECONDS

GIT_POLL_INTERVAL_SECONDS=null

GITHUB_APP_ID

string

The GitHub App ID for the GitHub repository.

GITHUB_APP_ID=12345

GITHUB_APP_INSTALLATION_ID

string

The GitHub App installation ID for the GitHub repository.

GITHUB_APP_INSTALLATION_ID=12345

GITHUB_APP_PRIVATE_KEY

string

The GitHub App private key for the GitHub repository, formatted as a single-line. If you use Kubernetes Secrets, you must base64-encode this value twice.

GITHUB_APP_PRIVATE_KEY=-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDf7Zz7z7z7z7z7

GITHUB_CLIENT_ID

GITHUB_CLIENT_ID=null

GITHUB_CLIENT_SECRET

GITHUB_CLIENT_SECRET=null

GITHUB_PERSONAL_ACCESS_TOKEN

GITHUB_PERSONAL_ACCESS_TOKEN=null

GITHUB_SYNC_TOKEN

GITHUB_SYNC_TOKEN=null

GITLAB_MAIN_BRANCH

string

The main branch for the GitLab repository.

GITLAB_MAIN_BRANCH=main

GITLAB_ORGANIZATION_NAME

string

The GitLab organization name.

GITLAB_ORGANIZATION_NAME=my-organization

GITLAB_PROJECT_ACCESS_TOKEN

string

The project access token for the GitLab repository.

GITLAB_PROJECT_ACCESS_TOKEN=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa

GITLAB_PROJECT_ID

string

The GitLab project ID.

GITLAB_PROJECT_ID=123

GITLAB_PROJECT_SLUG

string

The path of the GitLab project URL.

GITLAB_PROJECT_SLUG=company/eng/product-dev

GITLAB_REPOSITORY_NAME

string

The GitLab repository name.

GITLAB_REPOSITORY_NAME=my-repo

GITLAB_URL

string

The GitLab URL for the GitLab repository.

GITLAB_URL=https://gitlab.com

GOOGLE_API_KEY

GOOGLE_API_KEY=null

GOOGLE_CLIENT_SECRET

GOOGLE_CLIENT_SECRET=null

GPT_TOKEN_LIMIT

GPT_TOKEN_LIMIT=null

GRPC_MAX_RETRIES

GRPC_MAX_RETRIES=null

HEADER_BASED_AUTH_EMAIL_HEADER

HEADER_BASED_AUTH_EMAIL_HEADER=null

HEADER_BASED_AUTH_ENABLED

HEADER_BASED_AUTH_ENABLED=null

HEADER_BASED_AUTH_METADATA_MAPPING

HEADER_BASED_AUTH_METADATA_MAPPING=null

HEADER_BASED_AUTH_ROLE_MAPPING

HEADER_BASED_AUTH_ROLE_MAPPING=null

HEADER_BASED_AUTH_ROLE_MAPPING_DISABLED

HEADER_BASED_AUTH_ROLE_MAPPING_DISABLED=null

HEADER_BASED_AUTH_ROLES_HEADER

HEADER_BASED_AUTH_ROLES_HEADER=null

HEADER_BASED_AUTH_USERNAME_HEADER

HEADER_BASED_AUTH_USERNAME_HEADER=null

HEADERS_TIMEOUT_MS

HEADERS_TIMEOUT_MS=null

HIBP_API_KEY

HIBP_API_KEY=null

HIDE_ALL_HEADERS_IN_AUDIT_LOG_EVENTS

boolean

Whether to prevent all query headers and cookies from being added to audit log entries.

Default value is false.

HIDE_ALL_HEADERS_IN_AUDIT_LOG_EVENTS=true

HIDE_PROD_AND_STAGING_TOGGLES

boolean

Whether to hide the Production and Staging toggles in the Retool interface.

Default value is false.

HIDE_PROD_AND_STAGING_TOGGLES=true

HOST_HEADER_NAME

string

Retool backend expects Host header to contain the host used in the original request. This is important for Spaces to work properly. If your self-hosted instance has a proxy or load-balancer in front of the Retool backend, you can specify a different header that contains the original host.

Default value is HOST_HEADER_NAME.

HOST_HEADER_NAME=x-forwarded-host

HTML_ESCAPE_RETOOL_EXPRESSIONS

boolean

Whether to escape HTML in {{ }} expressions. If set to true, all HTML in expressions is escaped.

Default value is false.

HTML_ESCAPE_RETOOL_EXPRESSIONS=true

HTTP_PROXY

string

The HTTP proxy to use for all HTTP requests.

HTTP_PROXY=http://proxy.example.com:8080

HTTP_PROXY_STRICT

HTTP_PROXY_STRICT=null

INC_613_GET_RECORD_TRANSIT

INC_613_GET_RECORD_TRANSIT=null

INCLUDE_COOKIES_IN_API_CALLS

INCLUDE_COOKIES_IN_API_CALLS=null

INVITES_PER_DAY

number

The number of invites that can be sent to users.

Default value is 50.

INVITES_PER_DAY=100

IS_ADMIN

IS_ADMIN=null

IS_E2E

IS_E2E=null

JAVA_DB_CONNECTOR_HOST

JAVA_DB_CONNECTOR_HOST=null

JAVA_DB_CONNECTOR_PORT

JAVA_DB_CONNECTOR_PORT=null

JDBC_DIRECTORY_PATH

JDBC_DIRECTORY_PATH=null

JIT_ENABLED

boolean

Whether to enable JIT user provisioning.

Default value is false.

JIT_ENABLED=true

JOBS_SERVER_PORT

JOBS_SERVER_PORT=null

JWT_SECRET

string

The JWT secret token to sign requests for authentication with Retool's backend API server. If changed, all active user login sessions are invalidated.

JWT_SECRET=676765765327645bvbfgbsfhfbgr

K8S_DEPLOYMENT

K8S_DEPLOYMENT=null

K8S_HOSTED

K8S_HOSTED=null

K8S_IMAGE

K8S_IMAGE=null

K8S_NODE_IP

K8S_NODE_IP=null

K8S_NODE_NAME

K8S_NODE_NAME=null

K8S_POD_IP

K8S_POD_IP=null

K8S_POD_NAME

K8S_POD_NAME=null

KEEPALIVE_TIMEOUT

number

The keep alive timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.

KEEPALIVE_TIMEOUT=1000

KEEPALIVE_TIMEOUT_MS

KEEPALIVE_TIMEOUT_MS=null
string

The organization's email domain in DC syntax when syncing Google Groups to Retool.

LDAP_BASE_DOMAIN_COMPONENTS=dc=example,dc=com
string

The mapping of Google LDAP Groups or SAML groups to Retool permission groups used for Google Group syncing and SAML role mapping.

LDAP_ROLE_MAPPING=retool-admins -> admin, support -> Support

LDAP_ROLE_MAPPING_DISABLED

string

Disable syncing SAML groups or Google Groups to Retool permission groups. When LDAP_ROLE_MAPPING is set and LDAP_ROLE_MAPPING_DISABLED is true, Retool logs the groups that would have synced to Retool when a user logs in.

LDAP_ROLE_MAPPING_DISABLED=true
string

The certificate from the downloaded bundle when syncing Google Groups to Retool.

LDAP_SERVER_CERTIFICATE=filename
string

The private key from the downloaded bundle when syncing Google Groups to Retool.

LDAP_SERVER_KEY=filename
string

The LDAP server name when syncing Google Groups to Retool.

LDAP_SERVER_NAME=ldap.google.com
string

The LDAP server URL for Google's Secure LDAP Service when syncing Google Groups to Retool.

LDAP_SERVER_URL=ldaps://ldap.google.com:636

LDAP_SYNC_ALL_GROUPS

boolean

Whether to sync all groups regardless of whether they're configured in the LDAP_ROLE_MAPPING environment variable. When enabled, new groups are created during SAML sync.

LDAP_SYNC_ALL_GROUPS=true

LDAP_SYNC_GROUP_CLAIMS

boolean

Enable syncing Google Groups to Retool.

LDAP_SYNC_GROUP_CLAIMS=true

LICENSE_KEY

string

The license key for your Retool deployment.

LICENSE_KEY=key_1234567890

LICENSING_POSTGRES_HOST

LICENSING_POSTGRES_HOST=null

LICENSING_POSTGRES_PASSWORD

LICENSING_POSTGRES_PASSWORD=null

LICENSING_POSTGRES_PORT

LICENSING_POSTGRES_PORT=null

LICENSING_POSTGRES_USER

LICENSING_POSTGRES_USER=null

LICENSING_SERVER_ENV

LICENSING_SERVER_ENV=null

LICENSING_STATUS_PROPAGATION_ENABLED

LICENSING_STATUS_PROPAGATION_ENABLED=null

LINUX_PERF_PROFILING_ENABLED

LINUX_PERF_PROFILING_ENABLED=null

LIST_ENDPOINTS_SECRET

LIST_ENDPOINTS_SECRET=null

LOG_AUDIT_EVENTS

boolean

Whether to log audit events.

Default value is false.

LOG_AUDIT_EVENTS=true

LOG_LEVEL

enum

The log level for Retool logs.

Default value is info.

debug

Raw level logs.

verbose

More verbose logs for git syncing, authentication, etc.

info

Default logging level.

LOG_LEVEL=debug

MAILGUN_API_KEY

MAILGUN_API_KEY=null

MAILGUN_DOMAIN

MAILGUN_DOMAIN=null

MAILGUN_FROM_EMAIL

MAILGUN_FROM_EMAIL=null

MAILGUN_REPLY_TO

MAILGUN_REPLY_TO=null

MAIN_DOMAIN

MAIN_DOMAIN=null

MARKETPLACE_S3_ACCESS_KEY_ID

MARKETPLACE_S3_ACCESS_KEY_ID=null

MARKETPLACE_S3_SECRET_ACCESS_KEY

MARKETPLACE_S3_SECRET_ACCESS_KEY=null

MOBILE_ARTIFACTS_REGISTRY_SERVICE_API_TOKEN

MOBILE_ARTIFACTS_REGISTRY_SERVICE_API_TOKEN=null

MOBILE_ARTIFACTS_REGISTRY_SERVICE_HOST

MOBILE_ARTIFACTS_REGISTRY_SERVICE_HOST=null

MOBILE_PUSH_NOTIFIER_API_TOKEN

string

The API token for the mobile push notifier service.

MOBILE_PUSH_NOTIFIER_API_TOKEN=token

MOBILE_PUSH_NOTIFIER_APNS_APP_ID

MOBILE_PUSH_NOTIFIER_APNS_APP_ID=null

MOBILE_PUSH_NOTIFIER_APNS_SANDBOX_APP_ID

MOBILE_PUSH_NOTIFIER_APNS_SANDBOX_APP_ID=null

MOBILE_PUSH_NOTIFIER_FCM_APP_ID

MOBILE_PUSH_NOTIFIER_FCM_APP_ID=null

MOBILE_PUSH_NOTIFIER_HOST

string

The host for the mobile push notifier service. Must be `https://spb8yl7d3j.execute-api.us-west-2.amazonaws.com.

MOBILE_PUSH_NOTIFIER_HOST=https://spb8yl7d3j.execute-api.us-west-2.amazonaws.com

MULTIPLAYER_REDIS_ENABLED

MULTIPLAYER_REDIS_ENABLED=null

NEW_RELIC_LICENSE_KEY

NEW_RELIC_LICENSE_KEY=null

NO_PROXY

string

A comma-separated list of hosts that should not be proxied.

NO_PROXY=localhost,*.service.company

NODE_ENV

string

The Node.js environment. Should always be set to production.

NODE_ENV=production

NODE_EXTRA_CA_CERTS

NODE_EXTRA_CA_CERTS=null

NODE_HTTP_AGENT_MAX_SOCKETS

NODE_HTTP_AGENT_MAX_SOCKETS=null

NODE_METRICS_MONTIOR_ENABLED

NODE_METRICS_MONTIOR_ENABLED=null

NODE_METRICS_MONTIOR_MINUTE_INTERVAL

NODE_METRICS_MONTIOR_MINUTE_INTERVAL=null

NODE_OPTIONS

string

Used to specify the maximum heap size for the JavaScript v8 engine.

Default value is --max-old-space-size=1024.

NODE_OPTIONS=--max-old-space-size=1024

NODE_TLS_REJECT_UNAUTHORIZED

number

Whether to reject unauthorized TLS certificates. This setting is insecure and not recommended for production instances

NODE_TLS_REJECT_UNAUTHORIZED=0

NUM_WORKERS

number

The number of worker threads for the api container. The default value is Math.min(Math.max(1, numCPUs), 3), where numCPUs is the number of logical CPU cores on the machine determined by Node.js.

NUM_WORKERS=4

OFFLINE_LICENSE_KEY

OFFLINE_LICENSE_KEY=null

OKTA_CLIENT_ID

OKTA_CLIENT_ID=null

OKTA_CLIENT_SECRET

OKTA_CLIENT_SECRET=null

OKTA_DOMAIN

OKTA_DOMAIN=null

OPEN_API_SPEC_CACHE_TTL_MS

OPEN_API_SPEC_CACHE_TTL_MS=null

OPENAI_PROXY_API_TOKEN

OPENAI_PROXY_API_TOKEN=null

OPENAI_PROXY_HOST

OPENAI_PROXY_HOST=null

OPENAI_SECRET_KEY

OPENAI_SECRET_KEY=null

PARTNERSTACK_BEARER_TOKEN

PARTNERSTACK_BEARER_TOKEN=null

PORT

PORT=null

POSTGRES_CUSTOM_SSL_CA_FILE_NAME

string

The custom SSL CA file name for the PostgreSQL connection. This is required when configuring Google Cloud SQL as the database to use instead of Retool's PostgreSQL database.

POSTGRES_CUSTOM_SSL_CA_FILE_NAME=ca.pem

POSTGRES_CUSTOM_SSL_CERT_ALTNAME_REGEX

POSTGRES_CUSTOM_SSL_CERT_ALTNAME_REGEX=null

POSTGRES_CUSTOM_SSL_CERT_FILE_NAME

POSTGRES_CUSTOM_SSL_CERT_FILE_NAME=null

POSTGRES_CUSTOM_SSL_CERT_PATH

string

The custom SSL certificate path for the PostgreSQL connection. This is required when configuring Google Cloud SQL as the database to use instead of Retool's PostgreSQL database.

POSTGRES_CUSTOM_SSL_CERT_PATH=/path/to/cert

POSTGRES_CUSTOM_SSL_KEY_FILE_NAME

string

The custom SSL key file name for the PostgreSQL connection. This is required when configuring Google Cloud SQL as the database to use instead of Retool's PostgreSQL database.

POSTGRES_CUSTOM_SSL_KEY_FILE_NAME=client-key.pem

POSTGRES_DB

POSTGRES_DB=null

POSTGRES_HOST

POSTGRES_HOST=null

POSTGRES_IDLE_IN_TRANSACTION_SESSION_TIMEOUT

POSTGRES_IDLE_IN_TRANSACTION_SESSION_TIMEOUT=null

POSTGRES_PASSWORD

POSTGRES_PASSWORD=null

POSTGRES_POOL_SIZE_MAX

POSTGRES_POOL_SIZE_MAX=null

POSTGRES_POOL_SIZE_MIN

POSTGRES_POOL_SIZE_MIN=null

POSTGRES_PORT

POSTGRES_PORT=null

POSTGRES_SSL_DISABLED

POSTGRES_SSL_DISABLED=null

POSTGRES_SSL_ENABLED

boolean

Whether to enable SSL for the PostgreSQL connection.

POSTGRES_SSL_ENABLED=true

POSTGRES_SSL_REJECT_UNAUTHORIZED

boolean

Whether to reject unauthorized SSL certificates for the PostgreSQL connection if POSTGRES_SSL_ENABLED is true.

Default value is true.

POSTGRES_SSL_REJECT_UNAUTHORIZED=true

POSTGRES_STATEMENT_TIMEOUT

POSTGRES_STATEMENT_TIMEOUT=null

POSTGRES_TEST_DB

POSTGRES_TEST_DB=null

POSTGRES_USER

POSTGRES_USER=null

PRESERVE_PASSWORDS_FIRST_GOOGLE_LOGIN

boolean

Prevent Retool from resetting your password when logging in with Google for the first time.

PRESERVE_PASSWORDS_FIRST_GOOGLE_LOGIN=true

PRESTO_DISABLE_GET_SCHEMA

PRESTO_DISABLE_GET_SCHEMA=null

PRESTO_DISABLE_QUERY_TIMEOUT

PRESTO_DISABLE_QUERY_TIMEOUT=null

PRESTO_POOL_MAX_CONNECTION_RETRIES

PRESTO_POOL_MAX_CONNECTION_RETRIES=null

PRESTO_POOL_MAX_SIZE

PRESTO_POOL_MAX_SIZE=null

PRESTO_POOL_MIN_SIZE

PRESTO_POOL_MIN_SIZE=null

PROTECTED_APPS_TREE_TRIMMING

PROTECTED_APPS_TREE_TRIMMING=null

PROTECTED_APPS_TREE_TRIMMING_CHUNK_SIZE

PROTECTED_APPS_TREE_TRIMMING_CHUNK_SIZE=null

PROTO_DIRECTORY_PATH

PROTO_DIRECTORY_PATH=null

PROTO_IMPORT_DIRECTORY_PATH

PROTO_IMPORT_DIRECTORY_PATH=null

PROXY_CONNECT_TIMEOUT

number

The proxy connect timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.

PROXY_CONNECT_TIMEOUT=1000

PROXY_READ_TIMEOUT

number

The proxy read timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.

PROXY_READ_TIMEOUT=1000

PROXY_SEND_TIMEOUT

number

The proxy send timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.

PROXY_SEND_TIMEOUT=1000

REDIS_DB

number

The database number for read and write operations, between 0 and 15.

Default value is 0.

REDIS_DB=0

REDIS_HOST

string

The hostname of the Redis reader endpoint that connects the Redis instance as a caching layer.

REDIS_HOST=redis-retool

REDIS_PASSWORD

string

The password for the Redis instance.

REDIS_PASSWORD=password

REDIS_PORT

number

The port number of the Redis reader endpoint that connects the Redis instance as a caching layer.

Default value is 6379.

REDIS_PORT=6379

REDIS_TIMEOUT_MS

REDIS_TIMEOUT_MS=null

REDIS_TLS

boolean

Whether to use TLS for the Redis connection.

Default value is false.

REDIS_TLS=true

REDIS_USER_CACHE_DB

REDIS_USER_CACHE_DB=null

REDIS_USER_CACHE_HOST

REDIS_USER_CACHE_HOST=null

REDIS_USER_CACHE_PASSWORD

REDIS_USER_CACHE_PASSWORD=null

REDIS_USER_CACHE_PORT

REDIS_USER_CACHE_PORT=null

REDIS_USER_CACHE_TLS

REDIS_USER_CACHE_TLS=null

REQUIRE_PASSWORD_TO_DISABLE_MFA

REQUIRE_PASSWORD_TO_DISABLE_MFA=null

REST_API_MIME_TO_EXTENSION_PARSING_ENABLED

REST_API_MIME_TO_EXTENSION_PARSING_ENABLED=null
string

Restrict users from logging in unless they use SSO for the specified domain. Specify comma-separated values for multiple domains.

RESTRICTED_DOMAIN=example.com,example.org

RETOOL_ASANA_CONNECTED_APP_CLIENT_ID

RETOOL_ASANA_CONNECTED_APP_CLIENT_ID=null

RETOOL_ASANA_CONNECTED_APP_CLIENT_SECRET

RETOOL_ASANA_CONNECTED_APP_CLIENT_SECRET=null

RETOOL_AZURE_STORAGE_CONNECTION_STRING

RETOOL_AZURE_STORAGE_CONNECTION_STRING=null

RETOOL_CACHE_FEATURE_FLAGS_IN_REDIS

RETOOL_CACHE_FEATURE_FLAGS_IN_REDIS=null

RETOOL_CUSTOM_COMPONENT_COLLECTIONS_ENABLED

RETOOL_CUSTOM_COMPONENT_COLLECTIONS_ENABLED=null

RETOOL_EMAIL_DAILY_LIMIT_FREETOOL

RETOOL_EMAIL_DAILY_LIMIT_FREETOOL=null

RETOOL_EMAIL_HOST

RETOOL_EMAIL_HOST=null

RETOOL_EMAIL_HOURLY_LIMIT

RETOOL_EMAIL_HOURLY_LIMIT=null

RETOOL_EMAIL_PASSWORD

RETOOL_EMAIL_PASSWORD=null

RETOOL_EMAIL_PORT

RETOOL_EMAIL_PORT=null

RETOOL_EMAIL_USERNAME

RETOOL_EMAIL_USERNAME=null

RETOOL_ENV

RETOOL_ENV=null

RETOOL_ENVIRONMENT

string

The environment for SCIM provisioning and Source Control alerts.

Default value is production.

RETOOL_ENVIRONMENT=production

RETOOL_EXPOSED_{NAME}

string

Use the RETOOL_EXPOSED_ prefix to store secrets that you can use when configuring resources. Only underscores and alphanumeric characters are supported.

RETOOL_EXPOSED_{NAME}=RETOOL_EXPOSED_DB_USERNAME=db_user

RETOOL_FRONT_CONNECTED_APP_CLIENT_ID

RETOOL_FRONT_CONNECTED_APP_CLIENT_ID=null

RETOOL_FRONT_CONNECTED_APP_CLIENT_SECRET

RETOOL_FRONT_CONNECTED_APP_CLIENT_SECRET=null

RETOOL_FULLSTORY_ORG_ID

RETOOL_FULLSTORY_ORG_ID=null

RETOOL_HOSTED

RETOOL_HOSTED=null

RETOOL_INTERNAL_TEMPORAL_CLUSTER_FRONTEND_HOST

RETOOL_INTERNAL_TEMPORAL_CLUSTER_FRONTEND_HOST=null

RETOOL_INTERNAL_TEMPORAL_CLUSTER_FRONTEND_PORT

RETOOL_INTERNAL_TEMPORAL_CLUSTER_FRONTEND_PORT=null

RETOOL_INTERNAL_TEMPORAL_CLUSTER_NAMESPACE

RETOOL_INTERNAL_TEMPORAL_CLUSTER_NAMESPACE=null

RETOOL_INTERNAL_TEMPORAL_TLS_CRT

RETOOL_INTERNAL_TEMPORAL_TLS_CRT=null

RETOOL_INTERNAL_TEMPORAL_TLS_ENABLED

RETOOL_INTERNAL_TEMPORAL_TLS_ENABLED=null

RETOOL_INTERNAL_TEMPORAL_TLS_KEY

RETOOL_INTERNAL_TEMPORAL_TLS_KEY=null

RETOOL_MAX_MEMORY_MB

RETOOL_MAX_MEMORY_MB=null

RETOOL_MICROSOFT_CONNECTED_APP_CLIENT_ID

RETOOL_MICROSOFT_CONNECTED_APP_CLIENT_ID=null

RETOOL_MICROSOFT_CONNECTED_APP_CLIENT_SECRET

RETOOL_MICROSOFT_CONNECTED_APP_CLIENT_SECRET=null

RETOOL_QUERY_MAX_RESPONSE_SIZE_MB

RETOOL_QUERY_MAX_RESPONSE_SIZE_MB=null

RETOOL_RPC_REDIS_DB

RETOOL_RPC_REDIS_DB=null

RETOOL_RPC_REDIS_HOST

RETOOL_RPC_REDIS_HOST=null

RETOOL_RPC_REDIS_PASSWORD

RETOOL_RPC_REDIS_PASSWORD=null

RETOOL_RPC_REDIS_PORT

RETOOL_RPC_REDIS_PORT=null

RETOOL_RPC_REDIS_TLS

RETOOL_RPC_REDIS_TLS=null

RETOOL_SALESFORCE_CONNECTED_APP_CLIENT_ID

RETOOL_SALESFORCE_CONNECTED_APP_CLIENT_ID=null

RETOOL_SALESFORCE_CONNECTED_APP_CLIENT_SECRET

RETOOL_SALESFORCE_CONNECTED_APP_CLIENT_SECRET=null

RETOOL_SDK_QUERY_CACHE_TTL_SEC

RETOOL_SDK_QUERY_CACHE_TTL_SEC=null

RETOOL_SDK_QUERY_DEFAULT_TIMEOUT_MS

RETOOL_SDK_QUERY_DEFAULT_TIMEOUT_MS=null

RETOOL_SLACK_CONNECTED_APP_CLIENT_ID

RETOOL_SLACK_CONNECTED_APP_CLIENT_ID=null

RETOOL_SLACK_CONNECTED_APP_CLIENT_SECRET

RETOOL_SLACK_CONNECTED_APP_CLIENT_SECRET=null

RETOOL_STORAGE_S3_ACCESS_KEY_ID

RETOOL_STORAGE_S3_ACCESS_KEY_ID=null

RETOOL_STORAGE_S3_BUCKET

RETOOL_STORAGE_S3_BUCKET=null

RETOOL_STORAGE_S3_BUCKET_REGION

RETOOL_STORAGE_S3_BUCKET_REGION=null

RETOOL_STORAGE_S3_SECRET_ACCESS_KEY

RETOOL_STORAGE_S3_SECRET_ACCESS_KEY=null

RETOOL_USE_FEATURE_FLAGS_DEFAULT_VALUE_FROM_CONFIG

RETOOL_USE_FEATURE_FLAGS_DEFAULT_VALUE_FROM_CONFIG=null

RETOOL_VECTOR_INTERVAL_CAP

RETOOL_VECTOR_INTERVAL_CAP=null

RETOOL_VECTOR_INTERVAL_MS

RETOOL_VECTOR_INTERVAL_MS=null

RETOOL_VECTOR_MAX_REQUESTS

RETOOL_VECTOR_MAX_REQUESTS=null

RETOOL_VECTOR_MAX_VISITED_URLS

RETOOL_VECTOR_MAX_VISITED_URLS=null

RETOOL_VECTOR_QUEUE_TIMEOUT_MS

RETOOL_VECTOR_QUEUE_TIMEOUT_MS=null

RETOOL_WORKFLOW_IN_SANDBOX

RETOOL_WORKFLOW_IN_SANDBOX=null

RETOOL_WORKFLOW_ON_PREM_LOG_TO_CLOUDWATCH

RETOOL_WORKFLOW_ON_PREM_LOG_TO_CLOUDWATCH=null

RETOOLDB_ENABLE_STRICT_PASSWORD_SETTINGS

RETOOLDB_ENABLE_STRICT_PASSWORD_SETTINGS=null

RETOOLDB_POSTGRES_DB

RETOOLDB_POSTGRES_DB=null

RETOOLDB_POSTGRES_HOST

RETOOLDB_POSTGRES_HOST=null

RETOOLDB_POSTGRES_PASSWORD

RETOOLDB_POSTGRES_PASSWORD=null

RETOOLDB_POSTGRES_PORT

RETOOLDB_POSTGRES_PORT=null

RETOOLDB_POSTGRES_SSL

RETOOLDB_POSTGRES_SSL=null

RETOOLDB_POSTGRES_USER

RETOOLDB_POSTGRES_USER=null

RTEL_ENABLED

RTEL_ENABLED=null

RTEL_SERVICE_NAME

RTEL_SERVICE_NAME=null

SAML_AUTH_TOKEN

SAML_AUTH_TOKEN=null
string

The first name attribute in the SAML response.

Default value is firstName.

SAML_FIRST_NAME_ATTRIBUTE=nameFirst
string

The groups attribute in the SAML response.

Default value is groups.

SAML_GROUPS_ATTRIBUTE=userGroups
string

An XML document that contains information necessary for configuring SAML-enabled identity or service providers.

SAML_IDP_METADATA=<md:EntityDescriptor xmlns:md="urn:desert:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/your_entity_id"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:desert:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>your_certificate</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:desert:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:desert:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example-98123.okta.com/app/company/jfdu90324f/sso/saml"/><md:SingleSignOnService Binding="urn:desert:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example-98123.okta.com/app/company/your_entity_id/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>"
string

The last name attribute in the SAML response.

Default value is lastName.

SAML_LAST_NAME_ATTRIBUTE=nameLast

SAML_SP_ENTITY_ID

SAML_SP_ENTITY_ID=null

SAML_SYNC_GROUP_CLAIMS

boolean

Sync Retool group memberships using the retool- prefix with the groups listed in SAML_GROUPS_ATTRIBUTE. The prefix is not shown in the Retool interface.

SAML_SYNC_GROUP_CLAIMS=true

SAMLIFY_DRIFT_TOLERANCE_FUTURE

SAMLIFY_DRIFT_TOLERANCE_FUTURE=null

SAMLIFY_DRIFT_TOLERANCE_PAST

SAMLIFY_DRIFT_TOLERANCE_PAST=null

SAMPLE_DATABASES_API_BEARER_TOKEN

SAMPLE_DATABASES_API_BEARER_TOKEN=null

SAMPLE_DATABASES_SERVER_URL

SAMPLE_DATABASES_SERVER_URL=null

SANDBOX_DOMAIN

string

The sandbox domain to use.

SANDBOX_DOMAIN=https://not-your-primary-domain.com

SANDBOX_LAMBDA_API_KEY

SANDBOX_LAMBDA_API_KEY=null

SANDBOX_MAX_FILE_DESCRIPTORS

number

The maximum number of file descriptors within a single sandbox.

Default value is 256.

SANDBOX_MAX_FILE_DESCRIPTORS=256

SANDBOX_MOUNT_DIR

string

Used to configure where files will be mounted into the sandbox.

Default value is /tmp.

SANDBOX_MOUNT_DIR=/tmp

SCIM_AUTH_TOKEN

string

A secret token shared with your SSO provider to provision user accounts. If you use Spaces, this token only applies to the admin Space.

SCIM_AUTH_TOKEN=token

SCIM_ENABLE_GROUP_PUT

SCIM_ENABLE_GROUP_PUT=null

SCIM_LOG_FULL_REQUESTS

boolean

Log SCIM requests to the Retool API container logs.

SCIM_LOG_FULL_REQUESTS=true

SENDING_INVITES_WITH_EMAIL_DISABLED

boolean

Allow user invites without pinging Retool's user invitation server. You must enable this if you have an airgapped deployment.

SENDING_INVITES_WITH_EMAIL_DISABLED=true

SENTRY_DSN

SENTRY_DSN=null

SENTRY_DSN_DBCONNECTOR

SENTRY_DSN_DBCONNECTOR=null

SENTRY_DSN_JOBS_RUNNER

SENTRY_DSN_JOBS_RUNNER=null

SEQUELIZE_ACQUIRE

SEQUELIZE_ACQUIRE=null

SEQUELIZE_EVICT

SEQUELIZE_EVICT=null

SEQUELIZE_IDLE

SEQUELIZE_IDLE=null

SEQUELIZE_MAX_USES

SEQUELIZE_MAX_USES=null

SERVE_LOCAL_SPECS

SERVE_LOCAL_SPECS=null

SERVICE_TYPE

enum

Comma-separated list of Retool services to run within a container. If unset, all services run in the same container.

MAIN_BACKEND

The api service.

JOBS_RUNNER

The jobs-runner service.

DB_CONNECTOR

The db_connector service.

DB_SSH_CONNECTOR

The db_ssh_connector service.

WORKFLOW_BACKEND

The db_ssh_connector service.

WORKFLOW_TEMPORAL_WORKER

The db_ssh_connector service.

SERVICE_TYPE=MAIN_BACKEND,JOBS_RUNNER

SESSION_DURATION_MINUTES

SESSION_DURATION_MINUTES=null

SNOWFLAKE_POOL_ACQUIRE_TIMEOUT_MS

SNOWFLAKE_POOL_ACQUIRE_TIMEOUT_MS=null

SNOWFLAKE_POOL_MAX_SIZE

SNOWFLAKE_POOL_MAX_SIZE=null

SNOWFLAKE_POOL_MAX_TRIES

SNOWFLAKE_POOL_MAX_TRIES=null

SNOWFLAKE_POOL_MIN_SIZE

SNOWFLAKE_POOL_MIN_SIZE=null

SNOWFLAKE_VALIDATION_DISABLE_HEARTBEAT

SNOWFLAKE_VALIDATION_DISABLE_HEARTBEAT=null

SNS_TOPIC_ARN

SNS_TOPIC_ARN=null

SNS_TOPIC_REGION

SNS_TOPIC_REGION=null

STATSD_HOST

STATSD_HOST=null

STATSD_PORT

STATSD_PORT=null

STATSD_PROTOCOL

STATSD_PROTOCOL=null

STATSD_SOCKET_PATH

STATSD_SOCKET_PATH=null

STRIPE_SECRET_KEY

STRIPE_SECRET_KEY=null

STRIPE_WEBHOOK_SECRET

STRIPE_WEBHOOK_SECRET=null

TEMP_APPSTATE_AZURE_BLOB_STORAGE_CONNECTION_STRING

TEMP_APPSTATE_AZURE_BLOB_STORAGE_CONNECTION_STRING=null

TEMPORAL_TASKQUEUE_INTERNAL

TEMPORAL_TASKQUEUE_INTERNAL=null

TEMPORAL_TASKQUEUE_WORKFLOW

string

The task queue for the Temporal cluster. Used by clients connecting to Temporal for all Retool Workflow-related requests (enqueue, query, etc.). This value should match WORKER_TEMPORAL_TASKQUEUE.

Default value is workflows.

TEMPORAL_TASKQUEUE_WORKFLOW=workflows

TEMPORAL_TASKQUEUE_WORKFLOW_CANARY

TEMPORAL_TASKQUEUE_WORKFLOW_CANARY=null

TEMPORAL_TASKQUEUE_WORKFLOW_INTERNAL

TEMPORAL_TASKQUEUE_WORKFLOW_INTERNAL=null

TEMPORAL_TASKQUEUE_WORKFLOW_QUARANTINE

TEMPORAL_TASKQUEUE_WORKFLOW_QUARANTINE=null
boolean

Automatically start the Oauth 2 SSO login flow when users navigate to your Retool instance. Use either TRIGGER_OAUTH_2_SSO_LOGIN_AUTOMATICALLY or TRIGGER_SAML_LOGIN_AUTOMATICALLY, you cannot enable both.

TRIGGER_OAUTH_2_SSO_LOGIN_AUTOMATICALLY=true
boolean

Automatically start the SAML SSO login flow when users navigate to your Retool instance. Use either TRIGGER_SAML_LOGIN_AUTOMATICALLY or TRIGGER_OAUTH_2_SSO_LOGIN_AUTOMATICALLY, you cannot enable both.

TRIGGER_SAML_LOGIN_AUTOMATICALLY=true

TRUNCATE_LONG_AUDIT_LOG_DATA

TRUNCATE_LONG_AUDIT_LOG_DATA=null

USAGE_API_TOKEN

string

The access token to enable Usage Analytics. Please reach out to your Retool account manager to obtain this token.

USAGE_API_TOKEN=accessToken

USE_AUDIT_TRAILS_POSTGRES_DB

USE_AUDIT_TRAILS_POSTGRES_DB=null

USE_GCM_ENCRYPTION

boolean

Whether to use AES-192-GCM authenticated encryption method instead of AES-192-CBC. If set to true, you must also set ENCRYPTION_KEY.

Default value is false.

USE_GCM_ENCRYPTION=true

USE_REDIS_HEARTBEATS

USE_REDIS_HEARTBEATS=null
boolean

Restrict session length to 12 hours. If unset, session length is one week.

USE_SHORT_SESSIONS=true

USE_STAGING_LICENSING_SERVER

USE_STAGING_LICENSING_SERVER=null

VERSION_CONTROL_LOCKED

boolean

Whether to enable version control and create a read-only Retool instance. If enabled, users cannot create, edit, or protect apps and workflows.

Default value is false.

VERSION_CONTROL_LOCKED=true

VERSION_NUMBER

VERSION_NUMBER=null

WORKER_TEMPORAL_TASKQUEUE

string

The task queue for the Temporal worker. Used by workers connecting to Temporal for all Retool Workflow-related requests (enqueue, query, etc.). This value should match TEMPORAL_TASKQUEUE_WORKFLOW.

Default value is workflows.

WORKER_TEMPORAL_TASKQUEUE=workflows

WORKFLOW_API_PERFORMANCE_CACHE_ENABLED

WORKFLOW_API_PERFORMANCE_CACHE_ENABLED=null

WORKFLOW_BACKEND_HOST

string

The hostname for all Retool Workflow-related backend requests, such as querying resources, updating workflow status, and storing block results and logs. The value depends on your deployment configuration, but must include a protocol (http:// or https://).

WORKFLOW_BACKEND_HOST=http://workflow-backend

WORKFLOW_BLOCK_STORAGE_LOCATION

WORKFLOW_BLOCK_STORAGE_LOCATION=null

WORKFLOW_CPU_LIMIT

number

The maximum number of CPUs a workflow can use when running. Requires WORKFLOW_MONITOR_PROCESS_ENABLED to be true.

Default value is 1.

WORKFLOW_CPU_LIMIT=1

WORKFLOW_DEV_FORCE_USE_CLOUD_EXECUTION_PATH

WORKFLOW_DEV_FORCE_USE_CLOUD_EXECUTION_PATH=null

WORKFLOW_ENABLE_QUERY_SYNC_CRON

WORKFLOW_ENABLE_QUERY_SYNC_CRON=null

WORKFLOW_LOAD_TEST_CACHE_SIZE

WORKFLOW_LOAD_TEST_CACHE_SIZE=null

WORKFLOW_LOGGING_ACCESS_KEY_ID

WORKFLOW_LOGGING_ACCESS_KEY_ID=null

WORKFLOW_LOGGING_GROUP_NAME

WORKFLOW_LOGGING_GROUP_NAME=null

WORKFLOW_LOGGING_REGION

WORKFLOW_LOGGING_REGION=null

WORKFLOW_LOGGING_SECRET_ACCESS_KEY

WORKFLOW_LOGGING_SECRET_ACCESS_KEY=null

WORKFLOW_MEMORY_LIMIT_MBS

number

The maximum amount of memory, in megabytes, a workflow can use when running. Requires WORKFLOW_MONITOR_PROCESS_ENABLED to be true.

Default value is 2147.

WORKFLOW_MEMORY_LIMIT_MBS=2147

WORKFLOW_MONITOR_PROCESS_ENABLED

boolean

Whether to limit the memory and CPUs available to a workflow while running. If enabled, WORKFLOW_MEMORY_LIMIT_MIBS(#variable-WORKFLOW_MEMORY_LIMIT_MBS) and WORKFLOW_CPU_LIMIT can be set.

Default value is false.

WORKFLOW_MONITOR_PROCESS_ENABLED=true

WORKFLOW_REDIS_DB

WORKFLOW_REDIS_DB=null

WORKFLOW_REDIS_HOST

WORKFLOW_REDIS_HOST=null

WORKFLOW_REDIS_PASSWORD

WORKFLOW_REDIS_PASSWORD=null

WORKFLOW_REDIS_PORT

WORKFLOW_REDIS_PORT=null

WORKFLOW_REDIS_TLS

WORKFLOW_REDIS_TLS=null

WORKFLOW_S3_ACCESS_KEY_ID

WORKFLOW_S3_ACCESS_KEY_ID=null

WORKFLOW_S3_BUCKET

WORKFLOW_S3_BUCKET=null

WORKFLOW_S3_REGION

WORKFLOW_S3_REGION=null

WORKFLOW_S3_SECRET_ACCESS_KEY

WORKFLOW_S3_SECRET_ACCESS_KEY=null

WORKFLOW_SCHEDULING_ENABLED

WORKFLOW_SCHEDULING_ENABLED=null

WORKFLOW_TEMPORAL_ACTIVITY_TASK_POLLERS

number

The number of Temporal activity task pollers that concurrently run.

Default value is 2.

WORKFLOW_TEMPORAL_ACTIVITY_TASK_POLLERS=2

WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_HOST

string

The hostname for the Temporal cluster. If you're using Temporal Cloud, your host may end with .tmprl.cloud. This environment variable does not need to be set if using Retool-managed Temporal cluster.

WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_HOST=org.example.tmprl.cloud

WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_PORT

number

The port for the Temporal cluster.

Default value is 7233.

WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_PORT=7233

WORKFLOW_TEMPORAL_CLUSTER_NAMESPACE

string

The namespace for the Temporal cluster.

Default value is workflows.

WORKFLOW_TEMPORAL_CLUSTER_NAMESPACE=workflows

WORKFLOW_TEMPORAL_CONCURRENT_ACTIVITIES_LIMIT

number

The maximum number of concurrent activities that can be executed by a single workflow. Refer to the Temporal documentation for more information.

Default value is 10.

WORKFLOW_TEMPORAL_CONCURRENT_ACTIVITIES_LIMIT=10

WORKFLOW_TEMPORAL_CONCURRENT_TASKS_LIMIT

number

The maximum number of concurrent tasks that can be executed by a single workflow. Refer to the Temporal documentation for more information.

Default value is 10.

WORKFLOW_TEMPORAL_CONCURRENT_TASKS_LIMIT=10

WORKFLOW_TEMPORAL_ENCRYPTION_ENABLED

WORKFLOW_TEMPORAL_ENCRYPTION_ENABLED=null

WORKFLOW_TEMPORAL_OPENTELEMETRY_COLLECTOR

string
WORKFLOW_TEMPORAL_OPENTELEMETRY_COLLECTOR=http://open-telemetry-collector-opentelemetry-collector:4318

WORKFLOW_TEMPORAL_SEND_CUSTOM_SEARCH_ATTRIBUTES

WORKFLOW_TEMPORAL_SEND_CUSTOM_SEARCH_ATTRIBUTES=null

WORKFLOW_TEMPORAL_SERVER_NAME_OVERRIDE

string

The server name override for the Temporal cluster. This overrides the target name (SNI) used for TLS host name checking. It can be useful if you have reverse proxy in front of Temporal server and you need to override the SNI to direct traffic to the appropriate backend server based on custom routing rules. Connections can be refused if the provided SNI does not match the expected host. Adding this override should be done with care. This does not need to be set if using Retool-managed Temporal cluster.

WORKFLOW_TEMPORAL_SERVER_NAME_OVERRIDE=other.domain.tmprl.cld

WORKFLOW_TEMPORAL_SERVER_ROOT_CA_CRT

string

Base64 encoded PEM certificate for the root CA of the Temporal cluster. This does not need to be set if using Retool-managed Temporal cluster.

WORKFLOW_TEMPORAL_SERVER_ROOT_CA_CRT=UXVpcyBjb21tb2RvIGV4ZXJjaXRhd

WORKFLOW_TEMPORAL_STICKY_CACHE_SIZE

number

Default value is 200.

WORKFLOW_TEMPORAL_STICKY_CACHE_SIZE=100

WORKFLOW_TEMPORAL_TLS_CRT

string

Base64 encoded certificate for TLS client certification pair. See Temporal documentation for more details. This does not need to be set if using Retool-managed Temporal cluster.

WORKFLOW_TEMPORAL_TLS_CRT=UXVpcyBjb21tb2RvIGV4ZXJjaXRhd

WORKFLOW_TEMPORAL_TLS_ENABLED

boolean

Whether to enable TLS for the Temporal cluster. You can set this to true if you use your own Temporal Cloud. This does not need to be set if using Retool-managed Temporal cluster.

Default value is false.

WORKFLOW_TEMPORAL_TLS_ENABLED=true

WORKFLOW_TEMPORAL_TLS_KEY

string

Base64 encoded private key for TLS client certification pair. This does not need to be set if using Retool-managed Temporal cluster.

WORKFLOW_TEMPORAL_TLS_KEY=c2VjcmV0X2tleQ==

WORKFLOW_TEMPORAL_WORKER_SHUTDOWN_GRACE_TIME

number

The timeout, in minutes, to wait for pending workflows to complete before the Temporal worker gracefully shuts down. If the worker does not shut down within this time, it is forcefully terminated.

Default value is 15.

WORKFLOW_TEMPORAL_WORKER_SHUTDOWN_GRACE_TIME=15

WORKFLOW_TEMPORAL_WORKFLOW_TASK_POLLERS

number

The number of Temporal workflow task pollers that concurrently run.

Default value is 10.

WORKFLOW_TEMPORAL_WORKFLOW_TASK_POLLERS=10

WORKFLOW_WORKER_HEALTHCHECK_PORT

number

The port for the /api/checkHealth health check endpoint for the Temporal worker.

Default value is 3005.

WORKFLOW_WORKER_HEALTHCHECK_PORT=3005

WORKFLOWS_CANARY_ENABLED

WORKFLOWS_CANARY_ENABLED=null