Environment variables reference
Environment variables for Self-hosted Retool deployments.
Environment variables control or override certain functions and characteristics of Self-hosted Retool instances. Some Retool features require you to set environment variables, such as SSO or Source Control.
Only configure environment variables when needed. You can configure many environment variables from your organization's Settings rather than directly editing your deployment's configuration file.
You must restart your instance after setting any variables for them to take effect.
ACCESS_TOKEN_COOKIE_NAME
ACCESS_TOKEN_COOKIE_NAME=null
ACTIVE_PAGE_SAVE_PROCESSOR_QUEUE
ACTIVE_PAGE_SAVE_PROCESSOR_QUEUE=null
ADMIN_API_ACCESS_TOKEN
If non-empty, Retool creates an API access token with the provided string value. Requires ADMIN_USER_EMAIL to be set to a valid email address of an admin user.
ADMIN_API_ACCESS_TOKEN=token
ADMIN_API_ACCESS_TOKEN_SCOPES
Comma-separated list of scopes to be assigned to the API access token created using ADMIN_API_ACCESS_TOKEN env variable.
ADMIN_API_ACCESS_TOKEN_SCOPES=source_control:read,source_control:write,groups:read,groups:write,spaces:read,spaces:write,folders:read,folders:write,permissions:all:read,permissions:all:write
ADMIN_SPACE_DOMAINS
ADMIN_SPACE_DOMAINS=null
ADMIN_USER_EMAIL
If non-empty, Retool creates an admin user with the provided email in the Admin Space.
ADMIN_USER_EMAIL=admin@example.com
AIRGAPPED
AIRGAPPED=null
AIRTABLE_API_KEY
AIRTABLE_API_KEY=null
ALLOW_SAME_ORIGIN_OPTION
Whether to use allow-same-origin for iframes and custom components. If this is not true, custom components are heavily restricted in their behavior. Refer to the configure same-origin and sandbox guide to learn more.
Default value is false.
ALLOW_SAME_ORIGIN_OPTION=false
API_CALLS_PER_MIN
API_CALLS_PER_MIN=null
API_CALLS_PER_MINUTE
Retool uses a point system for rate limiting where endpoint requests cost a certain number of points. The default is 300 points in a 60 second window. If you exceed this, Retool blocks any subsequent API calls for 60 seconds. You can increase the number of points with the API_CALLS_PER_MIN environment variable.
Default value is 300.
API_CALLS_PER_MINUTE=300
APPLE_SIWA_DEVELOPMENT_KEY
APPLE_SIWA_DEVELOPMENT_KEY=null
APPLE_SIWA_KEY
APPLE_SIWA_KEY=null
APPS_FS_SYNC_ON
APPS_FS_SYNC_ON=null
APPS_FS_SYNC_ORG_ID
APPS_FS_SYNC_ORG_ID=null
APPS_FS_SYNC_WATCHER
APPS_FS_SYNC_WATCHER=null
AUDIT_INSERT_TIMEOUT_SECONDS
AUDIT_INSERT_TIMEOUT_SECONDS=null
AUDIT_LOG_DOWNLOADS_ACCESS_KEY_ID
AUDIT_LOG_DOWNLOADS_ACCESS_KEY_ID=null
AUDIT_LOG_DOWNLOADS_BUCKET
AUDIT_LOG_DOWNLOADS_BUCKET=null
AUDIT_LOG_DOWNLOADS_SECRET_ACCESS_KEY
AUDIT_LOG_DOWNLOADS_SECRET_ACCESS_KEY=null
AUDIT_SELECT_TIMEOUT_SECONDS
AUDIT_SELECT_TIMEOUT_SECONDS=null
AUDIT_TRAILS_FILTER_DEFAULT_DAYS
AUDIT_TRAILS_FILTER_DEFAULT_DAYS=null
AUDIT_TRAILS_POSTGRES_DB
AUDIT_TRAILS_POSTGRES_DB=null
AUDIT_TRAILS_POSTGRES_HOST
AUDIT_TRAILS_POSTGRES_HOST=null
AUDIT_TRAILS_POSTGRES_PASSWORD
AUDIT_TRAILS_POSTGRES_PASSWORD=null
AUDIT_TRAILS_POSTGRES_PORT
AUDIT_TRAILS_POSTGRES_PORT=null
AUDIT_TRAILS_POSTGRES_USER
AUDIT_TRAILS_POSTGRES_USER=null
AUTH_REQS_PER_MINUTE
AUTH_REQS_PER_MINUTE=null
AZURE_QUEUE_STORAGE_CONNECTION_STRING
AZURE_QUEUE_STORAGE_CONNECTION_STRING=null
AZURE_REPOS_MAIN_BRANCH=main
AZURE_REPOS_ORGANIZATION=my-organization
AZURE_REPOS_PERSONAL_ACCESS_TOKEN
The personal access token for the Azure DevOps organization user.
AZURE_REPOS_PERSONAL_ACCESS_TOKEN=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa
AZURE_REPOS_PROJECT
AZURE_REPOS_PROJECT=null
AZURE_REPOS_REPO=my-repo
AZURE_REPOS_URL
AZURE_REPOS_URL=null
AZURE_REPOS_USER=retool
BACKEND_API_PORT
BACKEND_API_PORT=null
BASE_DOMAIN
The full URL of your Retool deployment for user invitations and password resets. This also needs to be set if you dynamically set callback URLs on protected resources.
BASE_DOMAIN=retool.example.com
BAZEL_TEST_ENV
BAZEL_TEST_ENV=null
BITBUCKET_APP_PASSWORD=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa
BITBUCKET_ENTERPRISE_API_URL
BITBUCKET_ENTERPRISE_API_URL=null
BITBUCKET_ENTERPRISE_URL
BITBUCKET_ENTERPRISE_URL=null
BITBUCKET_MAIN_BRANCH=main
BITBUCKET_REPO=my-repo
BITBUCKET_USER=retool
BITBUCKET_WORKSPACE=my-workspace
BOOTSTRAP_FROM_SOURCE
BOOTSTRAP_FROM_SOURCE=null
BOOTSTRAP_GITHUB_MAIN_BRANCH
BOOTSTRAP_GITHUB_MAIN_BRANCH=null
BOOTSTRAP_GITHUB_ORGANIZATION_NAME
BOOTSTRAP_GITHUB_ORGANIZATION_NAME=null
BOOTSTRAP_GITHUB_REPOSITORY_NAME
BOOTSTRAP_GITHUB_REPOSITORY_NAME=null
BOOTSTRAP_USER
BOOTSTRAP_USER=null
BUILD_NUMBER
BUILD_NUMBER=null
BUILD_WORKSPACE_DIRECTORY
BUILD_WORKSPACE_DIRECTORY=null
CACHE_CONTROL_PRIVATE
CACHE_CONTROL_PRIVATE=null
A Google OAuth client app ID for OAuth-based authentication with Google (e.g., Google SSO with OIDC or using a Google Sheets resource).
CLIENT_ID=123456789012-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com
CLIENT_MAX_BODY_SIZE
On the https-portal container, specify the maximum request body size, in bytes, megabytes (M), or kilobytes (K). Any upload that exceeds this limit results in a 413 HTTP error. Set to 0 to allow bodies of any size.
CLIENT_MAX_BODY_SIZE=40M
A Google OAuth client app secret for OAuth-based authentication with Google (e.g., Google SSO with OIDC or using a Google Sheets resource).
CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz
CODE_COMMIT_AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
CODE_COMMIT_AWS_DEFAULT_REGION=us-west-2
CODE_COMMIT_AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
CODE_COMMIT_HTTPS_PASSWORD
The password for HTTPS authentication with the CodeCommit repository.
CODE_COMMIT_HTTPS_PASSWORD=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa
CODE_COMMIT_HTTPS_USERNAME
The username for HTTPS authentication with the CodeCommit repository.
CODE_COMMIT_HTTPS_USERNAME=retool
CODE_COMMIT_MAIN_BRANCH=main
CODE_COMMIT_REPOSITORY_NAME=my-repo
CODE_EXECUTOR_INGRESS_DOMAIN
The domain for the code-executor service that executes arbitrary user-defined JavaScript and Python code with installed custom libraries. The value depends on your deployment configuration, but must include a protocol (http:// or https://).
CODE_EXECUTOR_INGRESS_DOMAIN=code-executor.example.com
CODE_EXECUTOR_QUARANTINE_INGRESS_DOMAIN
CODE_EXECUTOR_QUARANTINE_INGRESS_DOMAIN=null
COMMIT_HASH
COMMIT_HASH=null
CONTAINER_UNPRIVILEGED_MODE
Whether to run the code-executor service in an unprivileged mode and remove any sandboxing of user code.
Default value is false.
CONTAINER_UNPRIVILEGED_MODE=false
CONTENT_TYPE_PARSING_REST_API_ENABLED
CONTENT_TYPE_PARSING_REST_API_ENABLED=null
COOKIE_INSECURE
Whether to send authentication requests using insecure cookies. Enable this if your Retool deployment uses a non-HTTPS URL or IP address. This is typically used when a Retool deployment is not yet configured with a custom domain.
Default value is true.
COOKIE_INSECURE=true
CREATE_FIRST_ORG
If set to true, Retool automatically creates the first organization on the instance. This is useful for automated provisioning of Retool instances.
Default value is false.
CREATE_FIRST_ORG=true
CUSTOM_API_KEY
CUSTOM_API_KEY=null
CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_ACCESS_KEY_ID
CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_ACCESS_KEY_ID=null
CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_BUCKET
CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_BUCKET=null
CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_BUCKET_REGION
CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_BUCKET_REGION=null
CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_SECRET_ACCESS_KEY
CUSTOM_COMPONENT_LIBRARY_CODE_BUNDLES_S3_SECRET_ACCESS_KEY=null
CUSTOM_DOMAINS_BUILDKITE_API_TOKEN
CUSTOM_DOMAINS_BUILDKITE_API_TOKEN=null
CUSTOM_LOGOUT_REDIRECT=https://example.com/logout/success
The lifespan, in minutes, of custom OpenID provider tokens.
Default value is 120.
CUSTOM_OAUTH2_SSO_ACCESS_TOKEN_LIFESPAN_MINUTES=60
An identifier for a resource to which users should have access upon completion of an OpenID authorization process.
CUSTOM_OAUTH2_SSO_AUDIENCE=https://retool.auth0.com/api/v2
CUSTOM_OAUTH2_SSO_AUTH_URL
CUSTOM_OAUTH2_SSO_AUTH_URL=null
CUSTOM_OAUTH2_SSO_CLIENT_ID
CUSTOM_OAUTH2_SSO_CLIENT_ID=null
CUSTOM_OAUTH2_SSO_CLIENT_SECRET
CUSTOM_OAUTH2_SSO_CLIENT_SECRET=null
CUSTOM_OAUTH2_SSO_INCLUDE_BASIC_AUTH_IN_HEADERS
CUSTOM_OAUTH2_SSO_INCLUDE_BASIC_AUTH_IN_HEADERS=null
CUSTOM_OAUTH2_SSO_JWT_EMAIL_KEY
CUSTOM_OAUTH2_SSO_JWT_EMAIL_KEY=null
CUSTOM_OAUTH2_SSO_JWT_FIRST_NAME_KEY
CUSTOM_OAUTH2_SSO_JWT_FIRST_NAME_KEY=null
CUSTOM_OAUTH2_SSO_JWT_LAST_NAME_KEY
CUSTOM_OAUTH2_SSO_JWT_LAST_NAME_KEY=null
Returns an array of strings where each string represents an OpenID group name. This setting is used with CUSTOM_OAUTH2_SSO_ROLE_MAPPING to map groups to Retool permission groups.
CUSTOM_OAUTH2_SSO_JWT_ROLES_KEY=idToken.groups
CUSTOM_OAUTH2_SSO_NO_SCOPE_IN_AUTHORIZATION_CODE_REQ
CUSTOM_OAUTH2_SSO_NO_SCOPE_IN_AUTHORIZATION_CODE_REQ=null
The mapping of roles from your OpenID provider to Retool permission groups.
CUSTOM_OAUTH2_SSO_ROLE_MAPPING=devops -> admin, support -> viewer
CUSTOM_OAUTH2_SSO_ROLE_MAPPING_DISABLED
Disables the mapping of roles from your OpenID provider to Retool permission groups. Set this variable to true to disable passing roles from JWTs.
CUSTOM_OAUTH2_SSO_ROLE_MAPPING_DISABLED=true
CUSTOM_OAUTH2_SSO_SCOPES
CUSTOM_OAUTH2_SSO_SCOPES=null
CUSTOM_OAUTH2_SSO_TOKEN_URL
CUSTOM_OAUTH2_SSO_TOKEN_URL=null
The endpoint for Retool to make an additional request for a fat token containing all available claims from your OpenID SSO provider.
CUSTOM_OAUTH2_SSO_USERINFO_URL=https://yourcompany.okta.com/oauth2/v1/userinfo
CUSTOM_RETOOL_SANDBOX_RESTRICTIONS
The JavaScript sandbox restrictions to allow. Specify space-separated values for multiple restrictions. Only configure custom sandbox restrictions if you are comfortable with the security implications.
allow-downloads | Allow downloads. |
allow-popups | Allow popups. |
allow-modals | Allow modals. |
CUSTOM_RETOOL_SANDBOX_RESTRICTIONS=allow-downloads
CUSTOM_SPECS_DOMAIN
CUSTOM_SPECS_DOMAIN=null
DATABASE_API_BEARER_TOKEN
DATABASE_API_BEARER_TOKEN=null
DATABASE_API_URL
DATABASE_API_URL=null
DATABASE_MIGRATIONS_STATEMENT_TIMEOUT_SECONDS
DATABASE_MIGRATIONS_STATEMENT_TIMEOUT_SECONDS=null
DATABASE_MIGRATIONS_TIMEOUT_SECONDS
The timeout, in seconds, for database migrations. If the migration takes longer than this time, the migration fails. Consider setting a higher value if you're upgrading to another major version of Self-hosted Retool or the upgrade includes changes from multiple minor versions.
DATABASE_MIGRATIONS_TIMEOUT_SECONDS=1000
DATABASE_SCHEMA_QUERY_LIMIT
DATABASE_SCHEMA_QUERY_LIMIT=null
DATABASE_URL
DATABASE_URL=null
DATABRICKS_DISABLE_GET_SCHEMA
DATABRICKS_DISABLE_GET_SCHEMA=null
DB_CONNECTOR_HOST
DB_CONNECTOR_HOST=null
DB_CONNECTOR_PORT
DB_CONNECTOR_PORT=null
DB_SSH_CONNECTOR_HOST
DB_SSH_CONNECTOR_HOST=null
DB_SSH_CONNECTOR_PORT
DB_SSH_CONNECTOR_PORT=null
DBCONNECTOR_AUTH
DBCONNECTOR_AUTH=null
DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_ATHENA
DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_ATHENA=null
DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_DYNAMODB
DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_DYNAMODB=null
DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_LAMBDA
DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_LAMBDA=null
DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_S3
DBCONNECTOR_AWS_ENABLE_DEFAULT_PROVIDER_S3=null
DBCONNECTOR_AWS_ROLE_ASSUMER_WITH_WEB_IDENTITY
DBCONNECTOR_AWS_ROLE_ASSUMER_WITH_WEB_IDENTITY=null
DBCONNECTOR_AWS_STS_V3
DBCONNECTOR_AWS_STS_V3=null
DBCONNECTOR_CPU_PROFILING_TIME_MS
DBCONNECTOR_CPU_PROFILING_TIME_MS=null
DBCONNECTOR_DOMAIN_AP_SOUTHEAST_1
DBCONNECTOR_DOMAIN_AP_SOUTHEAST_1=null
DBCONNECTOR_DOMAIN_EU_CENTRAL_1
DBCONNECTOR_DOMAIN_EU_CENTRAL_1=null
DBCONNECTOR_DOMAIN_US_WEST_2
DBCONNECTOR_DOMAIN_US_WEST_2=null
DBCONNECTOR_EXTENDED_QUERY_TIMEOUT_ENABLED_RESOURCES
DBCONNECTOR_EXTENDED_QUERY_TIMEOUT_ENABLED_RESOURCES=null
DBCONNECTOR_EXTENDED_QUERY_TIMEOUT_MS
DBCONNECTOR_EXTENDED_QUERY_TIMEOUT_MS=null
DBCONNECTOR_FIREBASE_MEMORY_LIMIT_MB
DBCONNECTOR_FIREBASE_MEMORY_LIMIT_MB=null
DBCONNECTOR_FIREBASE_WORKER_ENDURANCE
DBCONNECTOR_FIREBASE_WORKER_ENDURANCE=null
DBCONNECTOR_HEADERS_TIMEOUT_MS
DBCONNECTOR_HEADERS_TIMEOUT_MS=null
DBCONNECTOR_HTTP_AGENT_MAX_SOCKETS
DBCONNECTOR_HTTP_AGENT_MAX_SOCKETS=null
DBCONNECTOR_INGRESS_PREFIX
DBCONNECTOR_INGRESS_PREFIX=null
DBCONNECTOR_JDBC_POOL_CONNECTION_MAX_IDLE_MS
DBCONNECTOR_JDBC_POOL_CONNECTION_MAX_IDLE_MS=null
DBCONNECTOR_KEEPALIVE_TIMEOUT_MS
DBCONNECTOR_KEEPALIVE_TIMEOUT_MS=null
DBCONNECTOR_MEMORY_LIMIT_PERCENT
DBCONNECTOR_MEMORY_LIMIT_PERCENT=null
DBCONNECTOR_MONGODB_ENABLE_STREAMING_ONPREM
DBCONNECTOR_MONGODB_ENABLE_STREAMING_ONPREM=null
DBCONNECTOR_NUM_WORKERS
The number of worker threads for the db-connector container. The default value is Math.min(Math.max(1, numCPUs), 3), where numCPUs is the number of logical CPU cores on the machine determined by Node.js.
DBCONNECTOR_NUM_WORKERS=4
DBCONNECTOR_POSTGRES_POOL_MAX_SIZE
The PostgreSQL connection pool maximum size.
Default value is 10.
DBCONNECTOR_POSTGRES_POOL_MAX_SIZE=20
DBCONNECTOR_QUERY_TIMEOUT_BUFFER_MS
DBCONNECTOR_QUERY_TIMEOUT_BUFFER_MS=null
DBCONNECTOR_QUERY_TIMEOUT_MS
The duration, in milliseconds, for queries to run before timing out. If your Retool deployment is behind a load balancer, increase the load balancer's timeout by a proportionate amount.
Default value is 120000.
DBCONNECTOR_QUERY_TIMEOUT_MS=120000
DBCONNECTOR_SHARDING_JITTER_THRESHOLD
DBCONNECTOR_SHARDING_JITTER_THRESHOLD=null
DBCONNECTOR_SHARDING_MAX_JITTER
DBCONNECTOR_SHARDING_MAX_JITTER=null
DBCONNECTOR_SHARDING_MIN_JITTER
DBCONNECTOR_SHARDING_MIN_JITTER=null
DBCONNECTOR_SHARDING_OLD_WINDOW_WEIGHT
DBCONNECTOR_SHARDING_OLD_WINDOW_WEIGHT=null
DBCONNECTOR_SHARDING_RESOURCE_TYPES
DBCONNECTOR_SHARDING_RESOURCE_TYPES=null
DBCONNECTOR_SHARDING_TIME_PERIOD_IN_SECONDS
DBCONNECTOR_SHARDING_TIME_PERIOD_IN_SECONDS=null
DBCONNECTOR_SHARDING_TTL
DBCONNECTOR_SHARDING_TTL=null
DBCONNECTOR_SHOULD_LOG_QUERY_HASHES
DBCONNECTOR_SHOULD_LOG_QUERY_HASHES=null
DEBUG=1
The default Retool user group for a Google SSO domain. Default groups only apply to new users who sign up using SSO, not existing users signing in.
DEFAULT_GROUP_FOR_DOMAINS=example1.org -> admin, example2.com -> viewer
DISABLE_AUDIT_TRAILS_LOGGING
Whether to disable logging of audit trails.
Default value is false.
DISABLE_AUDIT_TRAILS_LOGGING=true
DISABLE_DATABASE_MIGRATIONS
DISABLE_DATABASE_MIGRATIONS=null
DISABLE_DATABASE_MIGRATIONS_TIMEOUT
DISABLE_DATABASE_MIGRATIONS_TIMEOUT=null
DISABLE_FORWARDABLE_COOKIE_DECODING
Whether to disable decoding of forwardable cookies.
Default value is false.
DISABLE_FORWARDABLE_COOKIE_DECODING=true
DISABLE_GIT_SYNCING=true
DISABLE_IMAGE_PROXY
Whether to disable the proxy used for publicly embedded apps.
Default value is false.
DISABLE_IMAGE_PROXY=true
DISABLE_INTERCOM
Disable Retool's support widget in the frontend. Refer to the Retool Support page to learn how to contact Retool.
Default value is false.
DISABLE_INTERCOM=true
DISABLE_IPTABLES_SECURITY_CONFIGURATION
Whether to disable the default security configuration for link-local address, which is done by running the following startup commands requiring elevated privileges. Set to true if privileged access (e.g NET_ADMIN) cannot be given to the container running Code executor service.
Default value is false.
DISABLE_IPTABLES_SECURITY_CONFIGURATION=false
DISABLE_MEMORY_AND_CPU_USAGE_LOGGING
Whether to disable logging of memory and CPU usage.
Default value is false.
DISABLE_MEMORY_AND_CPU_USAGE_LOGGING=true
DISABLE_PAGE_USER_HEARTBEAT
DISABLE_PAGE_USER_HEARTBEAT=null
DISABLE_PROTECTED_APPS_SYNCING
DISABLE_PROTECTED_APPS_SYNCING=null
DISABLE_PUBLIC_PAGES
Whether to disable public access to Retool apps. If set to true, also set DISABLE_IMAGE_PROXY to true to fully disable public access.
Default value is false.
DISABLE_PUBLIC_PAGES=true
DISABLE_RATE_LIMIT
DISABLE_RATE_LIMIT=null
DISABLE_SOURCE_CONTROL_SYNCING
Whether to disable Source Control syncing changes with the repository. This only pauses the syncing process and protected items are unaffected.
Default value is false.
DISABLE_SOURCE_CONTROL_SYNCING=true
DISABLE_TEST_RESOURCES
DISABLE_TEST_RESOURCES=null
Disable username and password authentication. If true, users can only log in using SSO.
DISABLE_USER_PASS_LOGIN=true
DO_HIBP_CHECK
DO_HIBP_CHECK=null
DOMAINS
The domains to use for EntityID in SAML requests and obtaining SSL certificates when setting up HTTPS.
DOMAINS=retool.your-domain.com -> http://api:3000
EMAIL_SENDER_AUTH_TOKEN
EMAIL_SENDER_AUTH_TOKEN=null
EMAIL_SENDER_HOST
EMAIL_SENDER_HOST=null
EMAIL_SENDER_IP_RATE_LIMIT_POINTS
EMAIL_SENDER_IP_RATE_LIMIT_POINTS=null
EMAIL_SENDER_WITH_LICENSE_KEY_RATE_LIMIT_POINTS
EMAIL_SENDER_WITH_LICENSE_KEY_RATE_LIMIT_POINTS=null
EMAIL_SENDER_WITHOUT_LICENSE_KEY_RATE_LIMIT_POINTS
EMAIL_SENDER_WITHOUT_LICENSE_KEY_RATE_LIMIT_POINTS=null
EMBEDDING_DAILY_TOKEN_LIMIT
EMBEDDING_DAILY_TOKEN_LIMIT=null
ENABLE_CLIENT_SIDE_CUSTOM_AUTH_BROWSER_CALLS
Whether to allow custom authentication steps for resources that make REST API calls directly from the browser. If true, these requests include all browser credentials, even cross-origin calls.
ENABLE_CLIENT_SIDE_CUSTOM_AUTH_BROWSER_CALLS=true
ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS
Whether to allow configuration of custom authentication steps for users to perform whenever they log into Retool.
Default value is false.
ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS=true
ENABLE_DATABASE_MIGRATIONS_CONCURRENT_INDEX_CREATION
ENABLE_DATABASE_MIGRATIONS_CONCURRENT_INDEX_CREATION=null
ENABLE_DBCONNECTOR_FIREBASE_PROCESS_LIMIT
ENABLE_DBCONNECTOR_FIREBASE_PROCESS_LIMIT=null
ENABLE_GLOBAL_QUERY_TIMEOUT
ENABLE_GLOBAL_QUERY_TIMEOUT=null
ENABLE_RUN_QUERY_BY_UUID_METADATA_LOG
ENABLE_RUN_QUERY_BY_UUID_METADATA_LOG=null
ENCRYPTION_KEY
The encryption key used to encrypt data stored in the PostgreSQL database (e.g., database credentials, SSH keys, etc). If you change this key, you will lose access to all resources that were created before the change.
ENCRYPTION_KEY=key
EVENT_LOOP_BLOCK_DETECTION_ENABLED
EVENT_LOOP_BLOCK_DETECTION_ENABLED=null
EVENT_LOOP_BLOCK_DETECTION_THRESHOLD_MS
EVENT_LOOP_BLOCK_DETECTION_THRESHOLD_MS=null
FAILED_MONTHLY_LOGINS_PER_IP
FAILED_MONTHLY_LOGINS_PER_IP=null
FAILED_MONTHLY_LOGINS_PER_USER
FAILED_MONTHLY_LOGINS_PER_USER=null
FAILOVER_DOMAIN
FAILOVER_DOMAIN=null
FORWARDABLE_SAME_DOMAIN_COOKIES_ALLOWLIST
Whether to send authentication requests using insecure cookies. When you have cookies scoped to your primary domain, you can use this variable to include those cookies in requests from the subdomain you host Retool on to your primary domain.
FORWARDABLE_SAME_DOMAIN_COOKIES_ALLOWLIST=cookieName
GIT_POLL_INTERVAL_SECONDS
GIT_POLL_INTERVAL_SECONDS=null
GITHUB_APP_ID=12345
GITHUB_APP_INSTALLATION_ID=12345
GITHUB_APP_PRIVATE_KEY
The GitHub App private key for the GitHub repository, formatted as a single-line. If you use Kubernetes Secrets, you must base64-encode this value twice.
GITHUB_APP_PRIVATE_KEY=-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDf7Zz7z7z7z7z7
GITHUB_CLIENT_ID
GITHUB_CLIENT_ID=null
GITHUB_CLIENT_SECRET
GITHUB_CLIENT_SECRET=null
GITHUB_PERSONAL_ACCESS_TOKEN
GITHUB_PERSONAL_ACCESS_TOKEN=null
GITHUB_SYNC_TOKEN
GITHUB_SYNC_TOKEN=null
GITLAB_MAIN_BRANCH=main
GITLAB_ORGANIZATION_NAME=my-organization
GITLAB_PROJECT_ACCESS_TOKEN=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa
GITLAB_PROJECT_ID=123
GITLAB_PROJECT_SLUG=company/eng/product-dev
GITLAB_REPOSITORY_NAME=my-repo
GITLAB_URL=https://gitlab.com
GOOGLE_API_KEY
GOOGLE_API_KEY=null
GOOGLE_CLIENT_SECRET
GOOGLE_CLIENT_SECRET=null
GPT_TOKEN_LIMIT
GPT_TOKEN_LIMIT=null
GRPC_MAX_RETRIES
GRPC_MAX_RETRIES=null
HEADER_BASED_AUTH_EMAIL_HEADER
HEADER_BASED_AUTH_EMAIL_HEADER=null
HEADER_BASED_AUTH_ENABLED
HEADER_BASED_AUTH_ENABLED=null
HEADER_BASED_AUTH_METADATA_MAPPING
HEADER_BASED_AUTH_METADATA_MAPPING=null
HEADER_BASED_AUTH_ROLE_MAPPING
HEADER_BASED_AUTH_ROLE_MAPPING=null
HEADER_BASED_AUTH_ROLE_MAPPING_DISABLED
HEADER_BASED_AUTH_ROLE_MAPPING_DISABLED=null
HEADER_BASED_AUTH_ROLES_HEADER
HEADER_BASED_AUTH_ROLES_HEADER=null
HEADER_BASED_AUTH_USERNAME_HEADER
HEADER_BASED_AUTH_USERNAME_HEADER=null
HEADERS_TIMEOUT_MS
HEADERS_TIMEOUT_MS=null
HIBP_API_KEY
HIBP_API_KEY=null
HIDE_ALL_HEADERS_IN_AUDIT_LOG_EVENTS
Whether to prevent all query headers and cookies from being added to audit log entries.
Default value is false.
HIDE_ALL_HEADERS_IN_AUDIT_LOG_EVENTS=true
HIDE_PROD_AND_STAGING_TOGGLES
Whether to hide the Production and Staging toggles in the Retool interface.
Default value is false.
HIDE_PROD_AND_STAGING_TOGGLES=true
HOST_HEADER_NAME
Retool backend expects Host header to contain the host used in the original request. This is important for Spaces to work properly. If your self-hosted instance has a proxy or load-balancer in front of the Retool backend, you can specify a different header that contains the original host.
Default value is HOST_HEADER_NAME.
HOST_HEADER_NAME=x-forwarded-host
HTML_ESCAPE_RETOOL_EXPRESSIONS
Whether to escape HTML in {{ }} expressions. If set to true, all HTML in expressions is escaped.
Default value is false.
HTML_ESCAPE_RETOOL_EXPRESSIONS=true
HTTP_PROXY=http://proxy.example.com:8080
HTTP_PROXY_STRICT
HTTP_PROXY_STRICT=null
INC_613_GET_RECORD_TRANSIT
INC_613_GET_RECORD_TRANSIT=null
INCLUDE_COOKIES_IN_API_CALLS
INCLUDE_COOKIES_IN_API_CALLS=null
INVITES_PER_DAY=100
IS_ADMIN
IS_ADMIN=null
IS_E2E
IS_E2E=null
JAVA_DB_CONNECTOR_HOST
JAVA_DB_CONNECTOR_HOST=null
JAVA_DB_CONNECTOR_PORT
JAVA_DB_CONNECTOR_PORT=null
JDBC_DIRECTORY_PATH
JDBC_DIRECTORY_PATH=null
JIT_ENABLED=true
JOBS_SERVER_PORT
JOBS_SERVER_PORT=null
JWT_SECRET
The JWT secret token to sign requests for authentication with Retool's backend API server. If changed, all active user login sessions are invalidated.
JWT_SECRET=676765765327645bvbfgbsfhfbgr
K8S_DEPLOYMENT
K8S_DEPLOYMENT=null
K8S_HOSTED
K8S_HOSTED=null
K8S_IMAGE
K8S_IMAGE=null
K8S_NODE_IP
K8S_NODE_IP=null
K8S_NODE_NAME
K8S_NODE_NAME=null
K8S_POD_IP
K8S_POD_IP=null
K8S_POD_NAME
K8S_POD_NAME=null
KEEPALIVE_TIMEOUT
The keep alive timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.
KEEPALIVE_TIMEOUT=1000
KEEPALIVE_TIMEOUT_MS
KEEPALIVE_TIMEOUT_MS=null
The organization's email domain in DC syntax when syncing Google Groups to Retool.
LDAP_BASE_DOMAIN_COMPONENTS=dc=example,dc=com
The mapping of Google LDAP Groups or SAML groups to Retool permission groups used for Google Group syncing and SAML role mapping.
LDAP_ROLE_MAPPING=retool-admins -> admin, support -> Support
LDAP_ROLE_MAPPING_DISABLED
Disable syncing SAML groups or Google Groups to Retool permission groups. When LDAP_ROLE_MAPPING is set and LDAP_ROLE_MAPPING_DISABLED is true, Retool logs the groups that would have synced to Retool when a user logs in.
LDAP_ROLE_MAPPING_DISABLED=true
The certificate from the downloaded bundle when syncing Google Groups to Retool.
LDAP_SERVER_CERTIFICATE=filename
The private key from the downloaded bundle when syncing Google Groups to Retool.
LDAP_SERVER_KEY=filename
LDAP_SERVER_NAME=ldap.google.com
The LDAP server URL for Google's Secure LDAP Service when syncing Google Groups to Retool.
LDAP_SERVER_URL=ldaps://ldap.google.com:636
LDAP_SYNC_ALL_GROUPS
Whether to sync all groups regardless of whether they're configured in the LDAP_ROLE_MAPPING environment variable. When enabled, new groups are created during SAML sync.
LDAP_SYNC_ALL_GROUPS=true
LDAP_SYNC_GROUP_CLAIMS=true
LICENSE_KEY=key_1234567890
LICENSING_POSTGRES_HOST
LICENSING_POSTGRES_HOST=null
LICENSING_POSTGRES_PASSWORD
LICENSING_POSTGRES_PASSWORD=null
LICENSING_POSTGRES_PORT
LICENSING_POSTGRES_PORT=null
LICENSING_POSTGRES_USER
LICENSING_POSTGRES_USER=null
LICENSING_SERVER_ENV
LICENSING_SERVER_ENV=null
LICENSING_STATUS_PROPAGATION_ENABLED
LICENSING_STATUS_PROPAGATION_ENABLED=null
LINUX_PERF_PROFILING_ENABLED
LINUX_PERF_PROFILING_ENABLED=null
LIST_ENDPOINTS_SECRET
LIST_ENDPOINTS_SECRET=null
LOG_AUDIT_EVENTS=true
LOG_LEVEL
The log level for Retool logs.
Default value is info.
debug | Raw level logs. |
verbose | More verbose logs for git syncing, authentication, etc. |
info | Default logging level. |
LOG_LEVEL=debug
MAILGUN_API_KEY
MAILGUN_API_KEY=null
MAILGUN_DOMAIN
MAILGUN_DOMAIN=null
MAILGUN_FROM_EMAIL
MAILGUN_FROM_EMAIL=null
MAILGUN_REPLY_TO
MAILGUN_REPLY_TO=null
MAIN_DOMAIN
MAIN_DOMAIN=null
MARKETPLACE_S3_ACCESS_KEY_ID
MARKETPLACE_S3_ACCESS_KEY_ID=null
MARKETPLACE_S3_SECRET_ACCESS_KEY
MARKETPLACE_S3_SECRET_ACCESS_KEY=null
MOBILE_ARTIFACTS_REGISTRY_SERVICE_API_TOKEN
MOBILE_ARTIFACTS_REGISTRY_SERVICE_API_TOKEN=null
MOBILE_ARTIFACTS_REGISTRY_SERVICE_HOST
MOBILE_ARTIFACTS_REGISTRY_SERVICE_HOST=null
MOBILE_PUSH_NOTIFIER_API_TOKEN=token
MOBILE_PUSH_NOTIFIER_APNS_APP_ID
MOBILE_PUSH_NOTIFIER_APNS_APP_ID=null
MOBILE_PUSH_NOTIFIER_APNS_SANDBOX_APP_ID
MOBILE_PUSH_NOTIFIER_APNS_SANDBOX_APP_ID=null
MOBILE_PUSH_NOTIFIER_FCM_APP_ID
MOBILE_PUSH_NOTIFIER_FCM_APP_ID=null
MOBILE_PUSH_NOTIFIER_HOST
The host for the mobile push notifier service. Must be `https://spb8yl7d3j.execute-api.us-west-2.amazonaws.com.
MOBILE_PUSH_NOTIFIER_HOST=https://spb8yl7d3j.execute-api.us-west-2.amazonaws.com
MULTIPLAYER_REDIS_ENABLED
MULTIPLAYER_REDIS_ENABLED=null
NEW_RELIC_LICENSE_KEY
NEW_RELIC_LICENSE_KEY=null
NO_PROXY=localhost,*.service.company
NODE_ENV=production
NODE_EXTRA_CA_CERTS
NODE_EXTRA_CA_CERTS=null
NODE_HTTP_AGENT_MAX_SOCKETS
NODE_HTTP_AGENT_MAX_SOCKETS=null
NODE_METRICS_MONTIOR_ENABLED
NODE_METRICS_MONTIOR_ENABLED=null
NODE_METRICS_MONTIOR_MINUTE_INTERVAL
NODE_METRICS_MONTIOR_MINUTE_INTERVAL=null
NODE_OPTIONS
Used to specify the maximum heap size for the JavaScript v8 engine.
Default value is --max-old-space-size=1024.
NODE_OPTIONS=--max-old-space-size=1024
NODE_TLS_REJECT_UNAUTHORIZED
Whether to reject unauthorized TLS certificates. This setting is insecure and not recommended for production instances
NODE_TLS_REJECT_UNAUTHORIZED=0
NUM_WORKERS
The number of worker threads for the api container. The default value is Math.min(Math.max(1, numCPUs), 3), where numCPUs is the number of logical CPU cores on the machine determined by Node.js.
NUM_WORKERS=4
OFFLINE_LICENSE_KEY
OFFLINE_LICENSE_KEY=null
OKTA_CLIENT_ID
OKTA_CLIENT_ID=null
OKTA_CLIENT_SECRET
OKTA_CLIENT_SECRET=null
OKTA_DOMAIN
OKTA_DOMAIN=null
OPEN_API_SPEC_CACHE_TTL_MS
OPEN_API_SPEC_CACHE_TTL_MS=null
OPENAI_PROXY_API_TOKEN
OPENAI_PROXY_API_TOKEN=null
OPENAI_PROXY_HOST
OPENAI_PROXY_HOST=null
OPENAI_SECRET_KEY
OPENAI_SECRET_KEY=null
PARTNERSTACK_BEARER_TOKEN
PARTNERSTACK_BEARER_TOKEN=null
PORT
PORT=null
POSTGRES_CUSTOM_SSL_CA_FILE_NAME
The custom SSL CA file name for the PostgreSQL connection. This is required when configuring Google Cloud SQL as the database to use instead of Retool's PostgreSQL database.
POSTGRES_CUSTOM_SSL_CA_FILE_NAME=ca.pem
POSTGRES_CUSTOM_SSL_CERT_ALTNAME_REGEX
POSTGRES_CUSTOM_SSL_CERT_ALTNAME_REGEX=null
POSTGRES_CUSTOM_SSL_CERT_FILE_NAME
POSTGRES_CUSTOM_SSL_CERT_FILE_NAME=null
POSTGRES_CUSTOM_SSL_CERT_PATH
The custom SSL certificate path for the PostgreSQL connection. This is required when configuring Google Cloud SQL as the database to use instead of Retool's PostgreSQL database.
POSTGRES_CUSTOM_SSL_CERT_PATH=/path/to/cert
POSTGRES_CUSTOM_SSL_KEY_FILE_NAME
The custom SSL key file name for the PostgreSQL connection. This is required when configuring Google Cloud SQL as the database to use instead of Retool's PostgreSQL database.
POSTGRES_CUSTOM_SSL_KEY_FILE_NAME=client-key.pem
POSTGRES_DB
POSTGRES_DB=null
POSTGRES_HOST
POSTGRES_HOST=null
POSTGRES_IDLE_IN_TRANSACTION_SESSION_TIMEOUT
POSTGRES_IDLE_IN_TRANSACTION_SESSION_TIMEOUT=null
POSTGRES_PASSWORD
POSTGRES_PASSWORD=null
POSTGRES_POOL_SIZE_MAX
POSTGRES_POOL_SIZE_MAX=null
POSTGRES_POOL_SIZE_MIN
POSTGRES_POOL_SIZE_MIN=null
POSTGRES_PORT
POSTGRES_PORT=null
POSTGRES_SSL_DISABLED
POSTGRES_SSL_DISABLED=null
POSTGRES_SSL_ENABLED=true
POSTGRES_SSL_REJECT_UNAUTHORIZED
Whether to reject unauthorized SSL certificates for the PostgreSQL connection if POSTGRES_SSL_ENABLED is true.
Default value is true.
POSTGRES_SSL_REJECT_UNAUTHORIZED=true
POSTGRES_STATEMENT_TIMEOUT
POSTGRES_STATEMENT_TIMEOUT=null
POSTGRES_TEST_DB
POSTGRES_TEST_DB=null
POSTGRES_USER
POSTGRES_USER=null
PRESERVE_PASSWORDS_FIRST_GOOGLE_LOGIN
Prevent Retool from resetting your password when logging in with Google for the first time.
PRESERVE_PASSWORDS_FIRST_GOOGLE_LOGIN=true
PRESTO_DISABLE_GET_SCHEMA
PRESTO_DISABLE_GET_SCHEMA=null
PRESTO_DISABLE_QUERY_TIMEOUT
PRESTO_DISABLE_QUERY_TIMEOUT=null
PRESTO_POOL_MAX_CONNECTION_RETRIES
PRESTO_POOL_MAX_CONNECTION_RETRIES=null
PRESTO_POOL_MAX_SIZE
PRESTO_POOL_MAX_SIZE=null
PRESTO_POOL_MIN_SIZE
PRESTO_POOL_MIN_SIZE=null
PROTECTED_APPS_TREE_TRIMMING
PROTECTED_APPS_TREE_TRIMMING=null
PROTECTED_APPS_TREE_TRIMMING_CHUNK_SIZE
PROTECTED_APPS_TREE_TRIMMING_CHUNK_SIZE=null
PROTO_DIRECTORY_PATH
PROTO_DIRECTORY_PATH=null
PROTO_IMPORT_DIRECTORY_PATH
PROTO_IMPORT_DIRECTORY_PATH=null
PROXY_CONNECT_TIMEOUT
The proxy connect timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.
PROXY_CONNECT_TIMEOUT=1000
PROXY_READ_TIMEOUT
The proxy read timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.
PROXY_READ_TIMEOUT=1000
PROXY_SEND_TIMEOUT
The proxy send timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.
PROXY_SEND_TIMEOUT=1000
REDIS_DB
The database number for read and write operations, between 0 and 15.
Default value is 0.
REDIS_DB=0
REDIS_HOST
The hostname of the Redis reader endpoint that connects the Redis instance as a caching layer.
REDIS_HOST=redis-retool
REDIS_PASSWORD=password
REDIS_PORT
The port number of the Redis reader endpoint that connects the Redis instance as a caching layer.
Default value is 6379.
REDIS_PORT=6379
REDIS_TIMEOUT_MS
REDIS_TIMEOUT_MS=null
REDIS_TLS=true
REDIS_USER_CACHE_DB
REDIS_USER_CACHE_DB=null
REDIS_USER_CACHE_HOST
REDIS_USER_CACHE_HOST=null
REDIS_USER_CACHE_PASSWORD
REDIS_USER_CACHE_PASSWORD=null
REDIS_USER_CACHE_PORT
REDIS_USER_CACHE_PORT=null
REDIS_USER_CACHE_TLS
REDIS_USER_CACHE_TLS=null
REQUIRE_PASSWORD_TO_DISABLE_MFA
REQUIRE_PASSWORD_TO_DISABLE_MFA=null
REST_API_MIME_TO_EXTENSION_PARSING_ENABLED
REST_API_MIME_TO_EXTENSION_PARSING_ENABLED=null
Restrict users from logging in unless they use SSO for the specified domain. Specify comma-separated values for multiple domains.
RESTRICTED_DOMAIN=example.com,example.org
RETOOL_ASANA_CONNECTED_APP_CLIENT_ID
RETOOL_ASANA_CONNECTED_APP_CLIENT_ID=null
RETOOL_ASANA_CONNECTED_APP_CLIENT_SECRET
RETOOL_ASANA_CONNECTED_APP_CLIENT_SECRET=null
RETOOL_AZURE_STORAGE_CONNECTION_STRING
RETOOL_AZURE_STORAGE_CONNECTION_STRING=null
RETOOL_CACHE_FEATURE_FLAGS_IN_REDIS
RETOOL_CACHE_FEATURE_FLAGS_IN_REDIS=null
RETOOL_CUSTOM_COMPONENT_COLLECTIONS_ENABLED
RETOOL_CUSTOM_COMPONENT_COLLECTIONS_ENABLED=null
RETOOL_EMAIL_DAILY_LIMIT_FREETOOL
RETOOL_EMAIL_DAILY_LIMIT_FREETOOL=null
RETOOL_EMAIL_HOST
RETOOL_EMAIL_HOST=null
RETOOL_EMAIL_HOURLY_LIMIT
RETOOL_EMAIL_HOURLY_LIMIT=null
RETOOL_EMAIL_PASSWORD
RETOOL_EMAIL_PASSWORD=null
RETOOL_EMAIL_PORT
RETOOL_EMAIL_PORT=null
RETOOL_EMAIL_USERNAME
RETOOL_EMAIL_USERNAME=null
RETOOL_ENV
RETOOL_ENV=null
RETOOL_ENVIRONMENT
The environment for SCIM provisioning and Source Control alerts.
Default value is production.
RETOOL_ENVIRONMENT=production
RETOOL_EXPOSED_{NAME}
Use the RETOOL_EXPOSED_ prefix to store secrets that you can use when configuring resources. Only underscores and alphanumeric characters are supported.
RETOOL_EXPOSED_{NAME}=RETOOL_EXPOSED_DB_USERNAME=db_user
RETOOL_FRONT_CONNECTED_APP_CLIENT_ID
RETOOL_FRONT_CONNECTED_APP_CLIENT_ID=null
RETOOL_FRONT_CONNECTED_APP_CLIENT_SECRET
RETOOL_FRONT_CONNECTED_APP_CLIENT_SECRET=null
RETOOL_FULLSTORY_ORG_ID
RETOOL_FULLSTORY_ORG_ID=null
RETOOL_HOSTED
RETOOL_HOSTED=null
RETOOL_INTERNAL_TEMPORAL_CLUSTER_FRONTEND_HOST
RETOOL_INTERNAL_TEMPORAL_CLUSTER_FRONTEND_HOST=null
RETOOL_INTERNAL_TEMPORAL_CLUSTER_FRONTEND_PORT
RETOOL_INTERNAL_TEMPORAL_CLUSTER_FRONTEND_PORT=null
RETOOL_INTERNAL_TEMPORAL_CLUSTER_NAMESPACE
RETOOL_INTERNAL_TEMPORAL_CLUSTER_NAMESPACE=null
RETOOL_INTERNAL_TEMPORAL_TLS_CRT
RETOOL_INTERNAL_TEMPORAL_TLS_CRT=null
RETOOL_INTERNAL_TEMPORAL_TLS_ENABLED
RETOOL_INTERNAL_TEMPORAL_TLS_ENABLED=null
RETOOL_INTERNAL_TEMPORAL_TLS_KEY
RETOOL_INTERNAL_TEMPORAL_TLS_KEY=null
RETOOL_MAX_MEMORY_MB
RETOOL_MAX_MEMORY_MB=null
RETOOL_MICROSOFT_CONNECTED_APP_CLIENT_ID
RETOOL_MICROSOFT_CONNECTED_APP_CLIENT_ID=null
RETOOL_MICROSOFT_CONNECTED_APP_CLIENT_SECRET
RETOOL_MICROSOFT_CONNECTED_APP_CLIENT_SECRET=null
RETOOL_QUERY_MAX_RESPONSE_SIZE_MB
RETOOL_QUERY_MAX_RESPONSE_SIZE_MB=null
RETOOL_RPC_REDIS_DB
RETOOL_RPC_REDIS_DB=null
RETOOL_RPC_REDIS_HOST
RETOOL_RPC_REDIS_HOST=null
RETOOL_RPC_REDIS_PASSWORD
RETOOL_RPC_REDIS_PASSWORD=null
RETOOL_RPC_REDIS_PORT
RETOOL_RPC_REDIS_PORT=null
RETOOL_RPC_REDIS_TLS
RETOOL_RPC_REDIS_TLS=null
RETOOL_SALESFORCE_CONNECTED_APP_CLIENT_ID
RETOOL_SALESFORCE_CONNECTED_APP_CLIENT_ID=null
RETOOL_SALESFORCE_CONNECTED_APP_CLIENT_SECRET
RETOOL_SALESFORCE_CONNECTED_APP_CLIENT_SECRET=null
RETOOL_SDK_QUERY_CACHE_TTL_SEC
RETOOL_SDK_QUERY_CACHE_TTL_SEC=null
RETOOL_SDK_QUERY_DEFAULT_TIMEOUT_MS
RETOOL_SDK_QUERY_DEFAULT_TIMEOUT_MS=null
RETOOL_SLACK_CONNECTED_APP_CLIENT_ID
RETOOL_SLACK_CONNECTED_APP_CLIENT_ID=null
RETOOL_SLACK_CONNECTED_APP_CLIENT_SECRET
RETOOL_SLACK_CONNECTED_APP_CLIENT_SECRET=null
RETOOL_STORAGE_S3_ACCESS_KEY_ID
RETOOL_STORAGE_S3_ACCESS_KEY_ID=null
RETOOL_STORAGE_S3_BUCKET
RETOOL_STORAGE_S3_BUCKET=null
RETOOL_STORAGE_S3_BUCKET_REGION
RETOOL_STORAGE_S3_BUCKET_REGION=null
RETOOL_STORAGE_S3_SECRET_ACCESS_KEY
RETOOL_STORAGE_S3_SECRET_ACCESS_KEY=null
RETOOL_USE_FEATURE_FLAGS_DEFAULT_VALUE_FROM_CONFIG
RETOOL_USE_FEATURE_FLAGS_DEFAULT_VALUE_FROM_CONFIG=null
RETOOL_VECTOR_INTERVAL_CAP
RETOOL_VECTOR_INTERVAL_CAP=null
RETOOL_VECTOR_INTERVAL_MS
RETOOL_VECTOR_INTERVAL_MS=null
RETOOL_VECTOR_MAX_REQUESTS
RETOOL_VECTOR_MAX_REQUESTS=null
RETOOL_VECTOR_MAX_VISITED_URLS
RETOOL_VECTOR_MAX_VISITED_URLS=null
RETOOL_VECTOR_QUEUE_TIMEOUT_MS
RETOOL_VECTOR_QUEUE_TIMEOUT_MS=null
RETOOL_WORKFLOW_IN_SANDBOX
RETOOL_WORKFLOW_IN_SANDBOX=null
RETOOL_WORKFLOW_ON_PREM_LOG_TO_CLOUDWATCH
RETOOL_WORKFLOW_ON_PREM_LOG_TO_CLOUDWATCH=null
RETOOLDB_ENABLE_STRICT_PASSWORD_SETTINGS
RETOOLDB_ENABLE_STRICT_PASSWORD_SETTINGS=null
RETOOLDB_POSTGRES_DB
RETOOLDB_POSTGRES_DB=null
RETOOLDB_POSTGRES_HOST
RETOOLDB_POSTGRES_HOST=null
RETOOLDB_POSTGRES_PASSWORD
RETOOLDB_POSTGRES_PASSWORD=null
RETOOLDB_POSTGRES_PORT
RETOOLDB_POSTGRES_PORT=null
RETOOLDB_POSTGRES_SSL
RETOOLDB_POSTGRES_SSL=null
RETOOLDB_POSTGRES_USER
RETOOLDB_POSTGRES_USER=null
RTEL_ENABLED
RTEL_ENABLED=null
RTEL_SERVICE_NAME
RTEL_SERVICE_NAME=null
SAML_AUTH_TOKEN
SAML_AUTH_TOKEN=null
The first name attribute in the SAML response.
Default value is firstName.
SAML_FIRST_NAME_ATTRIBUTE=nameFirst
SAML_GROUPS_ATTRIBUTE=userGroups
An XML document that contains information necessary for configuring SAML-enabled identity or service providers.
SAML_IDP_METADATA=<md:EntityDescriptor xmlns:md="urn:desert:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/your_entity_id"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:desert:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>your_certificate</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:desert:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:desert:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example-98123.okta.com/app/company/jfdu90324f/sso/saml"/><md:SingleSignOnService Binding="urn:desert:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example-98123.okta.com/app/company/your_entity_id/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>"
The last name attribute in the SAML response.
Default value is lastName.
SAML_LAST_NAME_ATTRIBUTE=nameLast
SAML_SP_ENTITY_ID
SAML_SP_ENTITY_ID=null
SAML_SYNC_GROUP_CLAIMS
Sync Retool group memberships using the retool- prefix with the groups listed in SAML_GROUPS_ATTRIBUTE. The prefix is not shown in the Retool interface.
SAML_SYNC_GROUP_CLAIMS=true
SAMLIFY_DRIFT_TOLERANCE_FUTURE
SAMLIFY_DRIFT_TOLERANCE_FUTURE=null
SAMLIFY_DRIFT_TOLERANCE_PAST
SAMLIFY_DRIFT_TOLERANCE_PAST=null
SAMPLE_DATABASES_API_BEARER_TOKEN
SAMPLE_DATABASES_API_BEARER_TOKEN=null
SAMPLE_DATABASES_SERVER_URL
SAMPLE_DATABASES_SERVER_URL=null
SANDBOX_DOMAIN=https://not-your-primary-domain.com
SANDBOX_LAMBDA_API_KEY
SANDBOX_LAMBDA_API_KEY=null
SANDBOX_MAX_FILE_DESCRIPTORS
The maximum number of file descriptors within a single sandbox.
Default value is 256.
SANDBOX_MAX_FILE_DESCRIPTORS=256
SANDBOX_MOUNT_DIR
Used to configure where files will be mounted into the sandbox.
Default value is /tmp.
SANDBOX_MOUNT_DIR=/tmp
SCIM_AUTH_TOKEN
A secret token shared with your SSO provider to provision user accounts. If you use Spaces, this token only applies to the admin Space.
SCIM_AUTH_TOKEN=token
SCIM_ENABLE_GROUP_PUT
SCIM_ENABLE_GROUP_PUT=null
SCIM_LOG_FULL_REQUESTS=true
SENDING_INVITES_WITH_EMAIL_DISABLED
Allow user invites without pinging Retool's user invitation server. You must enable this if you have an airgapped deployment.
SENDING_INVITES_WITH_EMAIL_DISABLED=true
SENTRY_DSN
SENTRY_DSN=null
SENTRY_DSN_DBCONNECTOR
SENTRY_DSN_DBCONNECTOR=null
SENTRY_DSN_JOBS_RUNNER
SENTRY_DSN_JOBS_RUNNER=null
SEQUELIZE_ACQUIRE
SEQUELIZE_ACQUIRE=null
SEQUELIZE_EVICT
SEQUELIZE_EVICT=null
SEQUELIZE_IDLE
SEQUELIZE_IDLE=null
SEQUELIZE_MAX_USES
SEQUELIZE_MAX_USES=null
SERVE_LOCAL_SPECS
SERVE_LOCAL_SPECS=null
SERVICE_TYPE
Comma-separated list of Retool services to run within a container. If unset, all services run in the same container.
MAIN_BACKEND | The api service. |
JOBS_RUNNER | The jobs-runner service. |
DB_CONNECTOR | The db_connector service. |
DB_SSH_CONNECTOR | The db_ssh_connector service. |
WORKFLOW_BACKEND | The db_ssh_connector service. |
WORKFLOW_TEMPORAL_WORKER | The db_ssh_connector service. |
SERVICE_TYPE=MAIN_BACKEND,JOBS_RUNNER
SESSION_DURATION_MINUTES
SESSION_DURATION_MINUTES=null
SNOWFLAKE_POOL_ACQUIRE_TIMEOUT_MS
SNOWFLAKE_POOL_ACQUIRE_TIMEOUT_MS=null
SNOWFLAKE_POOL_MAX_SIZE
SNOWFLAKE_POOL_MAX_SIZE=null
SNOWFLAKE_POOL_MAX_TRIES
SNOWFLAKE_POOL_MAX_TRIES=null
SNOWFLAKE_POOL_MIN_SIZE
SNOWFLAKE_POOL_MIN_SIZE=null
SNOWFLAKE_VALIDATION_DISABLE_HEARTBEAT
SNOWFLAKE_VALIDATION_DISABLE_HEARTBEAT=null
SNS_TOPIC_ARN
SNS_TOPIC_ARN=null
SNS_TOPIC_REGION
SNS_TOPIC_REGION=null
STATSD_HOST
STATSD_HOST=null
STATSD_PORT
STATSD_PORT=null
STATSD_PROTOCOL
STATSD_PROTOCOL=null
STATSD_SOCKET_PATH
STATSD_SOCKET_PATH=null
STRIPE_SECRET_KEY
STRIPE_SECRET_KEY=null
STRIPE_WEBHOOK_SECRET
STRIPE_WEBHOOK_SECRET=null
TEMP_APPSTATE_AZURE_BLOB_STORAGE_CONNECTION_STRING
TEMP_APPSTATE_AZURE_BLOB_STORAGE_CONNECTION_STRING=null
TEMPORAL_TASKQUEUE_INTERNAL
TEMPORAL_TASKQUEUE_INTERNAL=null
TEMPORAL_TASKQUEUE_WORKFLOW
The task queue for the Temporal cluster. Used by clients connecting to Temporal for all Retool Workflow-related requests (enqueue, query, etc.). This value should match WORKER_TEMPORAL_TASKQUEUE.
Default value is workflows.
TEMPORAL_TASKQUEUE_WORKFLOW=workflows
TEMPORAL_TASKQUEUE_WORKFLOW_CANARY
TEMPORAL_TASKQUEUE_WORKFLOW_CANARY=null
TEMPORAL_TASKQUEUE_WORKFLOW_INTERNAL
TEMPORAL_TASKQUEUE_WORKFLOW_INTERNAL=null
TEMPORAL_TASKQUEUE_WORKFLOW_QUARANTINE
TEMPORAL_TASKQUEUE_WORKFLOW_QUARANTINE=null
Automatically start the Oauth 2 SSO login flow when users navigate to your Retool instance. Use either TRIGGER_OAUTH_2_SSO_LOGIN_AUTOMATICALLY or TRIGGER_SAML_LOGIN_AUTOMATICALLY, you cannot enable both.
TRIGGER_OAUTH_2_SSO_LOGIN_AUTOMATICALLY=true
Automatically start the SAML SSO login flow when users navigate to your Retool instance. Use either TRIGGER_SAML_LOGIN_AUTOMATICALLY or TRIGGER_OAUTH_2_SSO_LOGIN_AUTOMATICALLY, you cannot enable both.
TRIGGER_SAML_LOGIN_AUTOMATICALLY=true
TRUNCATE_LONG_AUDIT_LOG_DATA
TRUNCATE_LONG_AUDIT_LOG_DATA=null
USAGE_API_TOKEN�
The access token to enable Usage Analytics. Please reach out to your Retool account manager to obtain this token.
USAGE_API_TOKEN=accessToken
USE_AUDIT_TRAILS_POSTGRES_DB
USE_AUDIT_TRAILS_POSTGRES_DB=null
USE_GCM_ENCRYPTION
Whether to use AES-192-GCM authenticated encryption method instead of AES-192-CBC. If set to true, you must also set ENCRYPTION_KEY.
Default value is false.
USE_GCM_ENCRYPTION=true
USE_REDIS_HEARTBEATS
USE_REDIS_HEARTBEATS=null
Restrict session length to 12 hours. If unset, session length is one week.
USE_SHORT_SESSIONS=true
USE_STAGING_LICENSING_SERVER
USE_STAGING_LICENSING_SERVER=null
VERSION_CONTROL_LOCKED
Whether to enable version control and create a read-only Retool instance. If enabled, users cannot create, edit, or protect apps and workflows.
Default value is false.
VERSION_CONTROL_LOCKED=true
VERSION_NUMBER
VERSION_NUMBER=null
WORKER_TEMPORAL_TASKQUEUE
The task queue for the Temporal worker. Used by workers connecting to Temporal for all Retool Workflow-related requests (enqueue, query, etc.). This value should match TEMPORAL_TASKQUEUE_WORKFLOW.
Default value is workflows.
WORKER_TEMPORAL_TASKQUEUE=workflows
WORKFLOW_API_PERFORMANCE_CACHE_ENABLED
WORKFLOW_API_PERFORMANCE_CACHE_ENABLED=null
WORKFLOW_BACKEND_HOST
The hostname for all Retool Workflow-related backend requests, such as querying resources, updating workflow status, and storing block results and logs. The value depends on your deployment configuration, but must include a protocol (http:// or https://).
WORKFLOW_BACKEND_HOST=http://workflow-backend
WORKFLOW_BLOCK_STORAGE_LOCATION
WORKFLOW_BLOCK_STORAGE_LOCATION=null
WORKFLOW_CPU_LIMIT
The maximum number of CPUs a workflow can use when running. Requires WORKFLOW_MONITOR_PROCESS_ENABLED to be true.
Default value is 1.
WORKFLOW_CPU_LIMIT=1
WORKFLOW_DEV_FORCE_USE_CLOUD_EXECUTION_PATH
WORKFLOW_DEV_FORCE_USE_CLOUD_EXECUTION_PATH=null
WORKFLOW_ENABLE_QUERY_SYNC_CRON
WORKFLOW_ENABLE_QUERY_SYNC_CRON=null
WORKFLOW_LOAD_TEST_CACHE_SIZE
WORKFLOW_LOAD_TEST_CACHE_SIZE=null
WORKFLOW_LOGGING_ACCESS_KEY_ID
WORKFLOW_LOGGING_ACCESS_KEY_ID=null
WORKFLOW_LOGGING_GROUP_NAME
WORKFLOW_LOGGING_GROUP_NAME=null
WORKFLOW_LOGGING_REGION
WORKFLOW_LOGGING_REGION=null
WORKFLOW_LOGGING_SECRET_ACCESS_KEY
WORKFLOW_LOGGING_SECRET_ACCESS_KEY=null
WORKFLOW_MEMORY_LIMIT_MBS
The maximum amount of memory, in megabytes, a workflow can use when running. Requires WORKFLOW_MONITOR_PROCESS_ENABLED to be true.
Default value is 2147.
WORKFLOW_MEMORY_LIMIT_MBS=2147
WORKFLOW_MONITOR_PROCESS_ENABLED
Whether to limit the memory and CPUs available to a workflow while running. If enabled, WORKFLOW_MEMORY_LIMIT_MIBS(#variable-WORKFLOW_MEMORY_LIMIT_MBS) and WORKFLOW_CPU_LIMIT can be set.
Default value is false.
WORKFLOW_MONITOR_PROCESS_ENABLED=true
WORKFLOW_REDIS_DB
WORKFLOW_REDIS_DB=null
WORKFLOW_REDIS_HOST
WORKFLOW_REDIS_HOST=null
WORKFLOW_REDIS_PASSWORD
WORKFLOW_REDIS_PASSWORD=null
WORKFLOW_REDIS_PORT
WORKFLOW_REDIS_PORT=null
WORKFLOW_REDIS_TLS
WORKFLOW_REDIS_TLS=null
WORKFLOW_S3_ACCESS_KEY_ID
WORKFLOW_S3_ACCESS_KEY_ID=null
WORKFLOW_S3_BUCKET
WORKFLOW_S3_BUCKET=null
WORKFLOW_S3_REGION
WORKFLOW_S3_REGION=null
WORKFLOW_S3_SECRET_ACCESS_KEY
WORKFLOW_S3_SECRET_ACCESS_KEY=null
WORKFLOW_SCHEDULING_ENABLED
WORKFLOW_SCHEDULING_ENABLED=null
WORKFLOW_TEMPORAL_ACTIVITY_TASK_POLLERS
The number of Temporal activity task pollers that concurrently run.
Default value is 2.
WORKFLOW_TEMPORAL_ACTIVITY_TASK_POLLERS=2
WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_HOST
The hostname for the Temporal cluster. If you're using Temporal Cloud, your host may end with .tmprl.cloud. This environment variable does not need to be set if using Retool-managed Temporal cluster.
WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_HOST=org.example.tmprl.cloud
WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_PORT
The port for the Temporal cluster.
Default value is 7233.
WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_PORT=7233
WORKFLOW_TEMPORAL_CLUSTER_NAMESPACE
The namespace for the Temporal cluster.
Default value is workflows.
WORKFLOW_TEMPORAL_CLUSTER_NAMESPACE=workflows
WORKFLOW_TEMPORAL_CONCURRENT_ACTIVITIES_LIMIT
The maximum number of concurrent activities that can be executed by a single workflow. Refer to the Temporal documentation for more information.
Default value is 10.
WORKFLOW_TEMPORAL_CONCURRENT_ACTIVITIES_LIMIT=10
WORKFLOW_TEMPORAL_CONCURRENT_TASKS_LIMIT
The maximum number of concurrent tasks that can be executed by a single workflow. Refer to the Temporal documentation for more information.
Default value is 10.
WORKFLOW_TEMPORAL_CONCURRENT_TASKS_LIMIT=10
WORKFLOW_TEMPORAL_ENCRYPTION_ENABLED
WORKFLOW_TEMPORAL_ENCRYPTION_ENABLED=null
WORKFLOW_TEMPORAL_OPENTELEMETRY_COLLECTOR
The OpenTelemetry collector endpoint for Temporal Worker metrics.
WORKFLOW_TEMPORAL_OPENTELEMETRY_COLLECTOR=http://open-telemetry-collector-opentelemetry-collector:4318
WORKFLOW_TEMPORAL_SEND_CUSTOM_SEARCH_ATTRIBUTES
WORKFLOW_TEMPORAL_SEND_CUSTOM_SEARCH_ATTRIBUTES=null
WORKFLOW_TEMPORAL_SERVER_NAME_OVERRIDE
The server name override for the Temporal cluster. This overrides the target name (SNI) used for TLS host name checking. It can be useful if you have reverse proxy in front of Temporal server and you need to override the SNI to direct traffic to the appropriate backend server based on custom routing rules. Connections can be refused if the provided SNI does not match the expected host. Adding this override should be done with care. This does not need to be set if using Retool-managed Temporal cluster.
WORKFLOW_TEMPORAL_SERVER_NAME_OVERRIDE=other.domain.tmprl.cld
WORKFLOW_TEMPORAL_SERVER_ROOT_CA_CRT
Base64 encoded PEM certificate for the root CA of the Temporal cluster. This does not need to be set if using Retool-managed Temporal cluster.
WORKFLOW_TEMPORAL_SERVER_ROOT_CA_CRT=UXVpcyBjb21tb2RvIGV4ZXJjaXRhd
WORKFLOW_TEMPORAL_STICKY_CACHE_SIZE
The size of the Temporal sticky queue cache.
Default value is 200.
WORKFLOW_TEMPORAL_STICKY_CACHE_SIZE=100
WORKFLOW_TEMPORAL_TLS_CRT
Base64 encoded certificate for TLS client certification pair. See Temporal documentation for more details. This does not need to be set if using Retool-managed Temporal cluster.
WORKFLOW_TEMPORAL_TLS_CRT=UXVpcyBjb21tb2RvIGV4ZXJjaXRhd
WORKFLOW_TEMPORAL_TLS_ENABLED
Whether to enable TLS for the Temporal cluster. You can set this to true if you use your own Temporal Cloud. This does not need to be set if using Retool-managed Temporal cluster.
Default value is false.
WORKFLOW_TEMPORAL_TLS_ENABLED=true
WORKFLOW_TEMPORAL_TLS_KEY
Base64 encoded private key for TLS client certification pair. This does not need to be set if using Retool-managed Temporal cluster.
WORKFLOW_TEMPORAL_TLS_KEY=c2VjcmV0X2tleQ==
WORKFLOW_TEMPORAL_WORKER_SHUTDOWN_GRACE_TIME
The timeout, in minutes, to wait for pending workflows to complete before the Temporal worker gracefully shuts down. If the worker does not shut down within this time, it is forcefully terminated.
Default value is 15.
WORKFLOW_TEMPORAL_WORKER_SHUTDOWN_GRACE_TIME=15
WORKFLOW_TEMPORAL_WORKFLOW_TASK_POLLERS
The number of Temporal workflow task pollers that concurrently run.
Default value is 10.
WORKFLOW_TEMPORAL_WORKFLOW_TASK_POLLERS=10
WORKFLOW_WORKER_HEALTHCHECK_PORT
The port for the /api/checkHealth health check endpoint for the Temporal worker.
Default value is 3005.
WORKFLOW_WORKER_HEALTHCHECK_PORT=3005
WORKFLOWS_CANARY_ENABLED
WORKFLOWS_CANARY_ENABLED=null