Environment variables reference
Environment variables for Self-hosted Retool deployments.
Environment variables control or override certain functions and characteristics of Self-hosted Retool instances. Some Retool features require you to set environment variables, such as SSO or Source Control.
Only configure environment variables when needed. You can configure many environment variables from your organization's Settings rather than directly editing your deployment's configuration file.
You must restart your instance after setting any variables for them to take effect.
ADMIN_API_ACCESS_TOKEN
If non-empty, Retool creates an API access token with the provided string value. Requires ADMIN_USER_EMAIL to be set to a valid email address of an admin user.
ADMIN_API_ACCESS_TOKEN=token
ADMIN_API_ACCESS_TOKEN_SCOPES
Comma-separated list of scopes to be assigned to the API access token created using ADMIN_API_ACCESS_TOKEN env variable.
ADMIN_API_ACCESS_TOKEN_SCOPES=source_control:read,source_control:write,groups:read,groups:write,spaces:read,spaces:write,folders:read,folders:write,permissions:all:read,permissions:all:write
ADMIN_USER_EMAIL
If non-empty, Retool creates an admin user with the provided email in the Admin Space.
ADMIN_USER_EMAIL=admin@example.com
ALLOW_SAME_ORIGIN_OPTION
Whether to use allow-same-origin for iframes and custom components. If this is not true, custom components are heavily restricted in their behavior. Refer to the configure same-origin and sandbox guide to learn more.
Default value is false.
ALLOW_SAME_ORIGIN_OPTION=false
API_CALLS_PER_MINUTE
Retool uses a point system for rate limiting where endpoint requests cost a certain number of points. The default is 300 points in a 60 second window. If you exceed this, Retool blocks any subsequent API calls for 60 seconds. You can increase the number of points with the API_CALLS_PER_MIN environment variable.
Default value is 300.
API_CALLS_PER_MINUTE=300
AZURE_REPOS_MAIN_BRANCH=main
AZURE_REPOS_ORGANIZATION=my-organization
AZURE_REPOS_PERSONAL_ACCESS_TOKEN
The personal access token for the Azure DevOps organization user.
AZURE_REPOS_PERSONAL_ACCESS_TOKEN=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa
AZURE_REPOS_REPO=my-repo
AZURE_REPOS_USER=retool
BASE_DOMAIN
The full URL of your Retool deployment for user invitations and password resets. This also needs to be set if you dynamically set callback URLs on protected resources.
BASE_DOMAIN=retool.example.com
BITBUCKET_APP_PASSWORD=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa
BITBUCKET_MAIN_BRANCH=main
BITBUCKET_REPO=my-repo
BITBUCKET_USER=retool
BITBUCKET_WORKSPACE=my-workspace
A Google OAuth client app ID for OAuth-based authentication with Google (e.g., Google SSO with OIDC or using a Google Sheets resource).
CLIENT_ID=123456789012-abcdefghijklmnopqrstuvwxyz.apps.googleusercontent.com
CLIENT_MAX_BODY_SIZE
On the https-portal container, specify the maximum request body size, in bytes, megabytes (M), or kilobytes (K). Any upload that exceeds this limit results in a 413 HTTP error. Set to 0 to allow bodies of any size.
CLIENT_MAX_BODY_SIZE=40M
A Google OAuth client app secret for OAuth-based authentication with Google (e.g., Google SSO with OIDC or using a Google Sheets resource).
CLIENT_SECRET=abcdefghijklmnopqrstuvwxyz
CODE_COMMIT_AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
CODE_COMMIT_AWS_DEFAULT_REGION=us-west-2
CODE_COMMIT_AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
CODE_COMMIT_HTTPS_PASSWORD
The password for HTTPS authentication with the CodeCommit repository.
CODE_COMMIT_HTTPS_PASSWORD=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa
CODE_COMMIT_HTTPS_USERNAME
The username for HTTPS authentication with the CodeCommit repository.
CODE_COMMIT_HTTPS_USERNAME=retool
CODE_COMMIT_MAIN_BRANCH=main
CODE_COMMIT_REPOSITORY_NAME=my-repo
CODE_EXECUTOR_INGRESS_DOMAIN
The domain for the code-executor service that executes arbitrary user-defined JavaScript and Python code with installed custom libraries. The value depends on your deployment configuration, but must include a protocol (http:// or https://).
CODE_EXECUTOR_INGRESS_DOMAIN=code-executor.example.com
CONTAINER_UNPRIVILEGED_MODE
Whether to run the code-executor service in an unprivileged mode and remove any sandboxing of user code.
Default value is false.
CONTAINER_UNPRIVILEGED_MODE=false
COOKIE_INSECURE
Whether to send authentication requests using insecure cookies. Enable this if your Retool deployment uses a non-HTTPS URL or IP address. This is typically used when a Retool deployment is not yet configured with a custom domain.
Default value is true.
COOKIE_INSECURE=true
CREATE_FIRST_ORG
If set to true, Retool automatically creates the first organization on the instance. This is useful for automated provisioning of Retool instances.
Default value is false.
CREATE_FIRST_ORG=true
CUSTOM_LOGOUT_REDIRECT=https://example.com/logout/success
The lifespan, in minutes, of custom OpenID provider tokens.
Default value is 120.
CUSTOM_OAUTH2_SSO_ACCESS_TOKEN_LIFESPAN_MINUTES=60
An identifier for a resource to which users should have access upon completion of an OpenID authorization process.
CUSTOM_OAUTH2_SSO_AUDIENCE=https://retool.auth0.com/api/v2
Returns an array of strings where each string represents an OpenID group name. This setting is used with CUSTOM_OAUTH2_SSO_ROLE_MAPPING to map groups to Retool permission groups.
CUSTOM_OAUTH2_SSO_JWT_ROLES_KEY=idToken.groups
The mapping of roles from your OpenID provider to Retool permission groups.
CUSTOM_OAUTH2_SSO_ROLE_MAPPING=devops -> admin, support -> viewer
CUSTOM_OAUTH2_SSO_ROLE_MAPPING_DISABLED
Disables the mapping of roles from your OpenID provider to Retool permission groups. Set this variable to true to disable passing roles from JWTs.
CUSTOM_OAUTH2_SSO_ROLE_MAPPING_DISABLED=true
The endpoint for Retool to make an additional request for a fat token containing all available claims from your OpenID SSO provider.
CUSTOM_OAUTH2_SSO_USERINFO_URL=https://yourcompany.okta.com/oauth2/v1/userinfo
CUSTOM_RETOOL_SANDBOX_RESTRICTIONS
The JavaScript sandbox restrictions to allow. Specify space-separated values for multiple restrictions. Only configure custom sandbox restrictions if you are comfortable with the security implications.
allow-downloads | Allow downloads. |
allow-popups | Allow popups. |
allow-modals | Allow modals. |
CUSTOM_RETOOL_SANDBOX_RESTRICTIONS=allow-downloads
DATABASE_MIGRATIONS_TIMEOUT_SECONDS
The timeout, in seconds, for database migrations. If the migration takes longer than this time, the migration fails. Consider setting a higher value if you're upgrading to another major version of Self-hosted Retool or the upgrade includes changes from multiple minor versions.
DATABASE_MIGRATIONS_TIMEOUT_SECONDS=1000
DBCONNECTOR_NUM_WORKERS
The number of worker threads for the db-connector container. The default value is Math.min(Math.max(1, numCPUs), 3), where numCPUs is the number of logical CPU cores on the machine determined by Node.js.
DBCONNECTOR_NUM_WORKERS=4
DBCONNECTOR_POSTGRES_POOL_MAX_SIZE
The PostgreSQL connection pool maximum size.
Default value is 10.
DBCONNECTOR_POSTGRES_POOL_MAX_SIZE=20
DBCONNECTOR_QUERY_TIMEOUT_MS
The duration, in milliseconds, for queries to run before timing out. If your Retool deployment is behind a load balancer, increase the load balancer's timeout by a proportionate amount.
Default value is 120000.
DBCONNECTOR_QUERY_TIMEOUT_MS=120000
DEBUG=1
The default Retool user group for a Google SSO domain. Default groups only apply to new users who sign up using SSO, not existing users signing in.
DEFAULT_GROUP_FOR_DOMAINS=example1.org -> admin, example2.com -> viewer
DISABLE_AUDIT_TRAILS_LOGGING
Whether to disable logging of audit trails.
Default value is false.
DISABLE_AUDIT_TRAILS_LOGGING=true
DISABLE_FORWARDABLE_COOKIE_DECODING
Whether to disable decoding of forwardable cookies.
Default value is false.
DISABLE_FORWARDABLE_COOKIE_DECODING=true
DISABLE_GIT_SYNCING=true
DISABLE_IMAGE_PROXY
Whether to disable the proxy used for publicly embedded apps.
Default value is false.
DISABLE_IMAGE_PROXY=true
DISABLE_INTERCOM
Disable Retool's support widget in the frontend. Refer to the Retool Support page to learn how to contact Retool.
Default value is false.
DISABLE_INTERCOM=true
DISABLE_IPTABLES_SECURITY_CONFIGURATION
Whether to disable the default security configuration for link-local address, which is done by running the following startup commands requiring elevated privileges. Set to true if privileged access (e.g NET_ADMIN) cannot be given to the container running Code executor service.
Default value is false.
DISABLE_IPTABLES_SECURITY_CONFIGURATION=false
DISABLE_MEMORY_AND_CPU_USAGE_LOGGING
Whether to disable logging of memory and CPU usage.
Default value is false.
DISABLE_MEMORY_AND_CPU_USAGE_LOGGING=true
DISABLE_PUBLIC_PAGES
Whether to disable public access to Retool apps. If set to true, also set DISABLE_IMAGE_PROXY to true to fully disable public access.
Default value is false.
DISABLE_PUBLIC_PAGES=true
DISABLE_SOURCE_CONTROL_SYNCING
Whether to disable Source Control syncing changes with the repository. This only pauses the syncing process and protected items are unaffected.
Default value is false.
DISABLE_SOURCE_CONTROL_SYNCING=true
Disable username and password authentication. If true, users can only log in using SSO.
DISABLE_USER_PASS_LOGIN=true
DOMAINS
The domains to use for EntityID in SAML requests and obtaining SSL certificates when setting up HTTPS.
DOMAINS=retool.your-domain.com -> http://api:3000
ENABLE_CLIENT_SIDE_CUSTOM_AUTH_BROWSER_CALLS
Whether to allow custom authentication steps for resources that make REST API calls directly from the browser. If true, these requests include all browser credentials, even cross-origin calls.
ENABLE_CLIENT_SIDE_CUSTOM_AUTH_BROWSER_CALLS=true
ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS
Whether to allow configuration of custom authentication steps for users to perform whenever they log into Retool.
Default value is false.
ENABLE_CUSTOM_PLATFORM_LEVEL_AUTH_STEPS=true
ENCRYPTION_KEY
The encryption key used to encrypt data stored in the PostgreSQL database (e.g., database credentials, SSH keys, etc). If you change this key, you will lose access to all resources that were created before the change.
ENCRYPTION_KEY=key
FORWARDABLE_SAME_DOMAIN_COOKIES_ALLOWLIST
Whether to send authentication requests using insecure cookies. When you have cookies scoped to your primary domain, you can use this variable to include those cookies in requests from the subdomain you host Retool on to your primary domain.
FORWARDABLE_SAME_DOMAIN_COOKIES_ALLOWLIST=cookieName
GITHUB_APP_ID=12345
GITHUB_APP_INSTALLATION_ID=12345
GITHUB_APP_PRIVATE_KEY
The GitHub App private key for the GitHub repository, formatted as a single-line. If you use Kubernetes Secrets, you must base64-encode this value twice.
GITHUB_APP_PRIVATE_KEY=-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDf7Zz7z7z7z7z7
GITLAB_MAIN_BRANCH=main
GITLAB_ORGANIZATION_NAME=my-organization
GITLAB_PROJECT_ACCESS_TOKEN=mpoqd2zy7jklzfbhmuzev46vbbcpkeeqminb4wcvwigsrldasdfa
GITLAB_PROJECT_ID=123
GITLAB_PROJECT_SLUG=company/eng/product-dev
GITLAB_REPOSITORY_NAME=my-repo
GITLAB_URL=https://gitlab.com
HIDE_ALL_HEADERS_IN_AUDIT_LOG_EVENTS
Whether to prevent all query headers and cookies from being added to audit log entries.
Default value is false.
HIDE_ALL_HEADERS_IN_AUDIT_LOG_EVENTS=true
HIDE_PROD_AND_STAGING_TOGGLES
Whether to hide the Production and Staging toggles in the Retool interface.
Default value is false.
HIDE_PROD_AND_STAGING_TOGGLES=true
HOST_HEADER_NAME
Retool backend expects Host header to contain the host used in the original request. This is important for Spaces to work properly. If your self-hosted instance has a proxy or load-balancer in front of the Retool backend, you can specify a different header that contains the original host.
Default value is HOST_HEADER_NAME.
HOST_HEADER_NAME=x-forwarded-host
HTML_ESCAPE_RETOOL_EXPRESSIONS
Whether to escape HTML in {{ }} expressions. If set to true, all HTML in expressions is escaped.
Default value is false.
HTML_ESCAPE_RETOOL_EXPRESSIONS=true
HTTP_PROXY=http://proxy.example.com:8080
INVITES_PER_DAY=100
JIT_ENABLED=true
JWT_SECRET
The JWT secret token to sign requests for authentication with Retool's backend API server. If changed, all active user login sessions are invalidated.
JWT_SECRET=676765765327645bvbfgbsfhfbgr
KEEPALIVE_TIMEOUT
The keep alive timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.
KEEPALIVE_TIMEOUT=1000
The organization's email domain in DC syntax when syncing Google Groups to Retool.
LDAP_BASE_DOMAIN_COMPONENTS=dc=example,dc=com
The mapping of Google LDAP Groups or SAML groups to Retool permission groups used for Google Group syncing and SAML role mapping.
LDAP_ROLE_MAPPING=retool-admins -> admin, support -> Support
LDAP_ROLE_MAPPING_DISABLED
Disable syncing SAML groups or Google Groups to Retool permission groups. When LDAP_ROLE_MAPPING is set and LDAP_ROLE_MAPPING_DISABLED is true, Retool logs the groups that would have synced to Retool when a user logs in.
LDAP_ROLE_MAPPING_DISABLED=true
The certificate from the downloaded bundle when syncing Google Groups to Retool.
LDAP_SERVER_CERTIFICATE=filename
The private key from the downloaded bundle when syncing Google Groups to Retool.
LDAP_SERVER_KEY=filename
LDAP_SERVER_NAME=ldap.google.com
The LDAP server URL for Google's Secure LDAP Service when syncing Google Groups to Retool.
LDAP_SERVER_URL=ldaps://ldap.google.com:636
LDAP_SYNC_ALL_GROUPS
Whether to sync all groups regardless of whether they're configured in the LDAP_ROLE_MAPPING environment variable. When enabled, new groups are created during SAML sync.
LDAP_SYNC_ALL_GROUPS=true
LDAP_SYNC_GROUP_CLAIMS=true
LICENSE_KEY=key_1234567890
LOG_AUDIT_EVENTS=true
LOG_LEVEL
The log level for Retool logs.
Default value is info.
debug | Raw level logs. |
verbose | More verbose logs for git syncing, authentication, etc. |
info | Default logging level. |
LOG_LEVEL=debug
MOBILE_PUSH_NOTIFIER_API_TOKEN=token
MOBILE_PUSH_NOTIFIER_HOST
The host for the mobile push notifier service. Must be `https://spb8yl7d3j.execute-api.us-west-2.amazonaws.com.
MOBILE_PUSH_NOTIFIER_HOST=https://spb8yl7d3j.execute-api.us-west-2.amazonaws.com
NO_PROXY=localhost,*.service.company
NODE_ENV=production
NODE_OPTIONS
Used to specify the maximum heap size for the JavaScript v8 engine.
Default value is --max-old-space-size=1024.
NODE_OPTIONS=--max-old-space-size=1024
NODE_TLS_REJECT_UNAUTHORIZED
Whether to reject unauthorized TLS certificates. This setting is insecure and not recommended for production instances
NODE_TLS_REJECT_UNAUTHORIZED=0
NUM_WORKERS�
The number of worker threads for the api container. The default value is Math.min(Math.max(1, numCPUs), 3), where numCPUs is the number of logical CPU cores on the machine determined by Node.js.
NUM_WORKERS=4
POSTGRES_CUSTOM_SSL_CA_FILE_NAME
The custom SSL CA file name for the PostgreSQL connection. This is required when configuring Google Cloud SQL as the database to use instead of Retool's PostgreSQL database.
POSTGRES_CUSTOM_SSL_CA_FILE_NAME=ca.pem
POSTGRES_CUSTOM_SSL_CERT_PATH
The custom SSL certificate path for the PostgreSQL connection. This is required when configuring Google Cloud SQL as the database to use instead of Retool's PostgreSQL database.
POSTGRES_CUSTOM_SSL_CERT_PATH=/path/to/cert
POSTGRES_CUSTOM_SSL_KEY_FILE_NAME
The custom SSL key file name for the PostgreSQL connection. This is required when configuring Google Cloud SQL as the database to use instead of Retool's PostgreSQL database.
POSTGRES_CUSTOM_SSL_KEY_FILE_NAME=client-key.pem
POSTGRES_SSL_ENABLED=true
POSTGRES_SSL_REJECT_UNAUTHORIZED
Whether to reject unauthorized SSL certificates for the PostgreSQL connection if POSTGRES_SSL_ENABLED is true.
Default value is true.
POSTGRES_SSL_REJECT_UNAUTHORIZED=true
PRESERVE_PASSWORDS_FIRST_GOOGLE_LOGIN
Prevent Retool from resetting your password when logging in with Google for the first time.
PRESERVE_PASSWORDS_FIRST_GOOGLE_LOGIN=true
PROXY_CONNECT_TIMEOUT
The proxy connect timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.
PROXY_CONNECT_TIMEOUT=1000
PROXY_READ_TIMEOUT
The proxy read timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.
PROXY_READ_TIMEOUT=1000
PROXY_SEND_TIMEOUT
The proxy send timeout for queries, in seconds. Queries that exceed this limit results in a 514 HTTP error.
PROXY_SEND_TIMEOUT=1000
REDIS_DB
The database number for read and write operations, between 0 and 15.
Default value is 0.
REDIS_DB=0
REDIS_HOST
The hostname of the Redis reader endpoint that connects the Redis instance as a caching layer.
REDIS_HOST=redis-retool
REDIS_PASSWORD=password
REDIS_PORT
The port number of the Redis reader endpoint that connects the Redis instance as a caching layer.
Default value is 6379.
REDIS_PORT=6379
REDIS_TLS=true
Restrict users from logging in unless they use SSO for the specified domain. Specify comma-separated values for multiple domains.
RESTRICTED_DOMAIN=example.com,example.org
RETOOL_ENVIRONMENT
The environment for SCIM provisioning and Source Control alerts.
Default value is production.
RETOOL_ENVIRONMENT=production
RETOOL_EXPOSED_{NAME}
Use the RETOOL_EXPOSED_ prefix to store secrets that you can use when configuring resources. Only underscores and alphanumeric characters are supported.
RETOOL_EXPOSED_{NAME}=RETOOL_EXPOSED_DB_USERNAME=db_user
The first name attribute in the SAML response.
Default value is firstName.
SAML_FIRST_NAME_ATTRIBUTE=nameFirst
SAML_GROUPS_ATTRIBUTE=userGroups
An XML document that contains information necessary for configuring SAML-enabled identity or service providers.
SAML_IDP_METADATA=<md:EntityDescriptor xmlns:md="urn:desert:names:tc:SAML:2.0:metadata" entityID="http://www.okta.com/your_entity_id"><md:IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:desert:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:X509Data><ds:X509Certificate>your_certificate</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:NameIDFormat>urn:desert:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:desert:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://example-98123.okta.com/app/company/jfdu90324f/sso/saml"/><md:SingleSignOnService Binding="urn:desert:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://example-98123.okta.com/app/company/your_entity_id/sso/saml"/></md:IDPSSODescriptor></md:EntityDescriptor>"
The last name attribute in the SAML response.
Default value is lastName.
SAML_LAST_NAME_ATTRIBUTE=nameLast
SAML_SYNC_GROUP_CLAIMS
Sync Retool group memberships using the retool- prefix with the groups listed in SAML_GROUPS_ATTRIBUTE. The prefix is not shown in the Retool interface.
SAML_SYNC_GROUP_CLAIMS=true
SANDBOX_DOMAIN=https://not-your-primary-domain.com
SANDBOX_MAX_FILE_DESCRIPTORS
The maximum number of file descriptors within a single sandbox.
Default value is 256.
SANDBOX_MAX_FILE_DESCRIPTORS=256
SANDBOX_MOUNT_DIR
Used to configure where files will be mounted into the sandbox.
Default value is /tmp.
SANDBOX_MOUNT_DIR=/tmp
SCIM_AUTH_TOKEN
A secret token shared with your SSO provider to provision user accounts. If you use Spaces, this token only applies to the admin Space.
SCIM_AUTH_TOKEN=token
SCIM_LOG_FULL_REQUESTS=true
SENDING_INVITES_WITH_EMAIL_DISABLED
Allow user invites without pinging Retool's user invitation server. You must enable this if you have an airgapped deployment.
SENDING_INVITES_WITH_EMAIL_DISABLED=true
SERVICE_TYPE
Comma-separated list of Retool services to run within a container. If unset, all services run in the same container.
MAIN_BACKEND | The api service. |
JOBS_RUNNER | The jobs-runner service. |
DB_CONNECTOR | The db_connector service. |
DB_SSH_CONNECTOR | The db_ssh_connector service. |
WORKFLOW_BACKEND | The db_ssh_connector service. |
WORKFLOW_TEMPORAL_WORKER | The db_ssh_connector service. |
SERVICE_TYPE=MAIN_BACKEND,JOBS_RUNNER
TEMPORAL_TASKQUEUE_WORKFLOW
The task queue for the Temporal cluster. Used by clients connecting to Temporal for all Retool Workflow-related requests (enqueue, query, etc.). This value should match WORKER_TEMPORAL_TASKQUEUE.
Default value is workflows.
TEMPORAL_TASKQUEUE_WORKFLOW=workflows
Automatically start the Oauth 2 SSO login flow when users navigate to your Retool instance. Use either TRIGGER_OAUTH_2_SSO_LOGIN_AUTOMATICALLY or TRIGGER_SAML_LOGIN_AUTOMATICALLY, you cannot enable both.
TRIGGER_OAUTH_2_SSO_LOGIN_AUTOMATICALLY=true
Automatically start the SAML SSO login flow when users navigate to your Retool instance. Use either TRIGGER_SAML_LOGIN_AUTOMATICALLY or TRIGGER_OAUTH_2_SSO_LOGIN_AUTOMATICALLY, you cannot enable both.
TRIGGER_SAML_LOGIN_AUTOMATICALLY=true
USAGE_API_TOKEN
The access token to enable Usage Analytics. Please reach out to your Retool account manager to obtain this token.
USAGE_API_TOKEN=accessToken
USE_GCM_ENCRYPTION
Whether to use AES-192-GCM authenticated encryption method instead of AES-192-CBC. If set to true, you must also set ENCRYPTION_KEY.
Default value is false.
USE_GCM_ENCRYPTION=true
Restrict session length to 12 hours. If unset, session length is one week.
USE_SHORT_SESSIONS=true
VERSION_CONTROL_LOCKED
Whether to enable version control and create a read-only Retool instance. If enabled, users cannot create, edit, or protect apps and workflows.
Default value is false.
VERSION_CONTROL_LOCKED=true
WORKER_TEMPORAL_TASKQUEUE
The task queue for the Temporal worker. Used by workers connecting to Temporal for all Retool Workflow-related requests (enqueue, query, etc.). This value should match TEMPORAL_TASKQUEUE_WORKFLOW.
Default value is workflows.
WORKER_TEMPORAL_TASKQUEUE=workflows
WORKFLOW_BACKEND_HOST
The hostname for all Retool Workflow-related backend requests, such as querying resources, updating workflow status, and storing block results and logs. The value depends on your deployment configuration, but must include a protocol (http:// or https://).
WORKFLOW_BACKEND_HOST=http://workflow-backend
WORKFLOW_CPU_LIMIT
The maximum number of CPUs a workflow can use when running. Requires WORKFLOW_MONITOR_PROCESS_ENABLED to be true.
Default value is 1.
WORKFLOW_CPU_LIMIT=1
WORKFLOW_MEMORY_LIMIT_MBS
The maximum amount of memory, in megabytes, a workflow can use when running. Requires WORKFLOW_MONITOR_PROCESS_ENABLED to be true.
Default value is 2147.
WORKFLOW_MEMORY_LIMIT_MBS=2147
WORKFLOW_MONITOR_PROCESS_ENABLED
Whether to limit the memory and CPUs available to a workflow while running. If enabled, WORKFLOW_MEMORY_LIMIT_MIBS(#variable-WORKFLOW_MEMORY_LIMIT_MBS) and WORKFLOW_CPU_LIMIT can be set.
Default value is false.
WORKFLOW_MONITOR_PROCESS_ENABLED=true
WORKFLOW_TEMPORAL_ACTIVITY_TASK_POLLERS
The number of Temporal activity task pollers that concurrently run.
Default value is 2.
WORKFLOW_TEMPORAL_ACTIVITY_TASK_POLLERS=2
WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_HOST
The hostname for the Temporal cluster. If you're using Temporal Cloud, your host may end with .tmprl.cloud. This environment variable does not need to be set if using Retool-managed Temporal cluster.
WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_HOST=org.example.tmprl.cloud
WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_PORT
The port for the Temporal cluster.
Default value is 7233.
WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_PORT=7233
WORKFLOW_TEMPORAL_CLUSTER_NAMESPACE
The namespace for the Temporal cluster.
Default value is workflows.
WORKFLOW_TEMPORAL_CLUSTER_NAMESPACE=workflows
WORKFLOW_TEMPORAL_CONCURRENT_ACTIVITIES_LIMIT
The maximum number of concurrent activities that can be executed by a single workflow. Refer to the Temporal documentation for more information.
Default value is 10.
WORKFLOW_TEMPORAL_CONCURRENT_ACTIVITIES_LIMIT=10
WORKFLOW_TEMPORAL_CONCURRENT_TASKS_LIMIT
The maximum number of concurrent tasks that can be executed by a single workflow. Refer to the Temporal documentation for more information.
Default value is 10.
WORKFLOW_TEMPORAL_CONCURRENT_TASKS_LIMIT=10
WORKFLOW_TEMPORAL_OPENTELEMETRY_COLLECTOR
The OpenTelemetry collector endpoint for Temporal Worker metrics.
WORKFLOW_TEMPORAL_OPENTELEMETRY_COLLECTOR=http://open-telemetry-collector-opentelemetry-collector:4318
WORKFLOW_TEMPORAL_SERVER_NAME_OVERRIDE
The server name override for the Temporal cluster. This overrides the target name (SNI) used for TLS host name checking. It can be useful if you have reverse proxy in front of Temporal server and you need to override the SNI to direct traffic to the appropriate backend server based on custom routing rules. Connections can be refused if the provided SNI does not match the expected host. Adding this override should be done with care. This does not need to be set if using Retool-managed Temporal cluster.
WORKFLOW_TEMPORAL_SERVER_NAME_OVERRIDE=other.domain.tmprl.cld
WORKFLOW_TEMPORAL_SERVER_ROOT_CA_CRT
Base64 encoded PEM certificate for the root CA of the Temporal cluster. This does not need to be set if using Retool-managed Temporal cluster.
WORKFLOW_TEMPORAL_SERVER_ROOT_CA_CRT=UXVpcyBjb21tb2RvIGV4ZXJjaXRhd
WORKFLOW_TEMPORAL_STICKY_CACHE_SIZE
The size of the Temporal sticky queue cache.
Default value is 200.
WORKFLOW_TEMPORAL_STICKY_CACHE_SIZE=100
WORKFLOW_TEMPORAL_TLS_CRT
Base64 encoded certificate for TLS client certification pair. See Temporal documentation for more details. This does not need to be set if using Retool-managed Temporal cluster.
WORKFLOW_TEMPORAL_TLS_CRT=UXVpcyBjb21tb2RvIGV4ZXJjaXRhd
WORKFLOW_TEMPORAL_TLS_ENABLED
Whether to enable TLS for the Temporal cluster. You can set this to true if you use your own Temporal Cloud. This does not need to be set if using Retool-managed Temporal cluster.
Default value is false.
WORKFLOW_TEMPORAL_TLS_ENABLED=true
WORKFLOW_TEMPORAL_TLS_KEY
Base64 encoded private key for TLS client certification pair. This does not need to be set if using Retool-managed Temporal cluster.
WORKFLOW_TEMPORAL_TLS_KEY=c2VjcmV0X2tleQ==
WORKFLOW_TEMPORAL_WORKER_SHUTDOWN_GRACE_TIME
The timeout, in minutes, to wait for pending workflows to complete before the Temporal worker gracefully shuts down. If the worker does not shut down within this time, it is forcefully terminated.
Default value is 15.
WORKFLOW_TEMPORAL_WORKER_SHUTDOWN_GRACE_TIME=15
WORKFLOW_TEMPORAL_WORKFLOW_TASK_POLLERS
The number of Temporal workflow task pollers that concurrently run.
Default value is 10.
WORKFLOW_TEMPORAL_WORKFLOW_TASK_POLLERS=10
WORKFLOW_WORKER_HEALTHCHECK_PORT
The port for the /api/checkHealth health check endpoint for the Temporal worker.
Default value is 3005.
WORKFLOW_WORKER_HEALTHCHECK_PORT=3005