General environment variables
General environment variables available for use with Self-hosted Retool deployments.
ALLOW_SAME_ORIGIN_OPTION
When ALLOW_SAME_ORIGIN_OPTION
is set to true
, components running in iframes in Retool, such as IFrame and custom components, can use the allow-same-origin flag in the sandbox attribute of their iframes. IFrames without the allow-same-origin
flag have severe restrictions, so it can be useful to set ALLOW_SAME_ORIGIN_OPTION
to true
.
When ALLOW_SAME_ORIGIN_OPTION
is set to true
, you should also set SANDBOX_DOMAIN
. If ALLOW_SAME_ORIGIN_OPTION
is true
and SANDBOX_DOMAIN
is not set, then JavaScript run in iframe-based components is run in the base domain. This can be a security risk, as it allows malicious code that is run in iframe-based components greater access to cause harm. If ALLOW_SAME_ORIGIN_OPTION
is set to true
, SANDBOX_DOMAIN
should also be set.
If unset, the default value for ALLOW_SAME_ORIGIN_OPTION
is false
.
API_CALLS_PER_MIN
Retool uses a point system for rate limiting where endpoint requests cost a certain number of points. The default is 300 points in a 60 second window. If you exceed this, Retool blocks any subsequent API calls for 60 seconds. You can increase the number of points with the API_CALLS_PER_MIN
environment variable.
API_CALLS_PER_MIN=300
BASE_DOMAIN
The full URL of your Retool deployment for user invitations and password resets. This also needs to be set if you dynamically set callback URLs on protected resources.
If unset, Retool attempts to determine the base domain automatically but cannot do so if your deployment is behind a proxy server.
BASE_DOMAIN=https://retool.example.com
CUSTOM_API_KEY
A Custom API key to override Retool-generated API keys. This doesn't apply to access tokens for embedding web apps, you still need to use the token generated in Retool.
CUSTOM_API_KEY=key_545567563
CUSTOM_RETOOL_SANDBOX_RESTRICTIONS
Only configure custom sandbox restrictions if you are comfortable with the security implications.
The JavaScript sandbox restrictions to allow. Specify space-separated values for multiple restrictions.
allow-downloads
: Allow downloadsallow-popups
: Allow pop-upsallow-modals
: Allow modals
If unset, no restrictions are allowed.
CUSTOM_RETOOL_SANDBOX_RESTRICTIONS=allow-downloads allow-modals
DEBUG
Whether to enable verbose logging for debugging purposes. Set DEBUG
to 1
to enable verbose logging.
DEBUG=1
DISABLE_IMAGE_PROXY
Disable the proxy used for public apps.
DISABLE_IMAGE_PROXY=true
DISABLE_INTERCOM
Disable Retool's support widget in the frontend. See Retool Support guidelines to learn how to contact Retool.
DISABLE_INTERCOM=true
DISABLE_MEMORY_AND_CPU_USAGE_LOGGING
Disable logging of CPU and memory usage.
DISABLE_MEMORY_AND_CPU_USAGE_LOGGING=true
DISABLE_PUBLIC_PAGES
Disable public access of Retool apps. When set to true
, set DISABLE_IMAGE_PROXY
to true
as well to fully disable public access.
DISABLE_PUBLIC_PAGES=true
DISABLE_FORWARDABLE_COOKIE_DECODING
Disable automatic cookie decoding when using forwardable cookies.
DISABLE_FORWARDABLE_COOKIE_DECODING=true
DOMAINS
Used to set EntityID in SAML requests and obtain SSL certificate when setting up HTTPS.
DOMAINS=retool.your-domain.com -> http://api:3000
HIDE_PROD_AND_STAGING_TOGGLES
Hide Production and Staging toggles in creator and user mode interfaces.
HIDE_PROD_AND_STAGING_TOGGLES=true
HOST_HEADER_NAME
Retool backend expects Host
header to contain the host used in the original request. This is important for Spaces to work properly. If your self-hosted instance has a proxy or load-balancer in front of the Retool backend, you can specify a different header that contains the original host.
HOST_HEADER_NAME=x-forwarded-host
HTML_ESCAPE_RETOOL_EXPRESSIONS
Escape HTML expressions within curly braces ({{ }}
). If unset, the default is false
.
HTML_ESCAPE_RETOOL_EXPRESSIONS=true
HTTP_PROXY
The URL and port number for proxying HTTP connections.
HTTP_PROXY=http://example.com:8080
LOG_AUDIT_EVENTS
Log all audit events.
LOG_AUDIT_EVENTS=true
LOG_LEVEL
The level of information logged to stdout. Specify space-separated values for multiple restrictions.
info
: Default logging level.verbose
: More verbose logs for git syncing, authentication, etc.debug
: Raw debug logs.
LOG_LEVEL=debug
DISABLE_AUDIT_TRAILS_LOGGING
Requires Self-hosted Retool v3.18 or later.
Disable all writes to audit logs.
DISABLE_AUDIT_TRAILS_LOGGING=true
NO_PROXY
Skip proxying HTTP requests from the specified URLs. Used when HTTP_PROXY
is set.
NO_PROXY=localhost,*.service.company
NODE_ENV
The environment of the instance. Must always be set to production
.
NODE_ENV=production
NODE_TLS_REJECT_UNAUTHORIZED
When set to 0, disables certificate validation for TLS connections. This setting is insecure and not recommended for production instances.
NODE_TLS_REJECT_UNAUTHORIZED=0
NUM_WORKERS
The number of worker threads for the api
container. The default value is Math.min(Math.max(1, numCPUs), 3)
, where numCPUs
is the number of logical CPU cores on the machine determined by Node.js.
NUM_WORKERS=4
RETOOL_EXPOSED_{NAME}
Use the RETOOL_EXPOSED_
prefix to store secrets that you can use when configuring resources.
RETOOL_EXPOSED_DB_USERNAME=db_user
RETOOL_EXPOSED_DB_PASSWORD=4356748i7rkjthrtHBHNHRFB
Only use underscores to separate characters and words. Other separators, including hyphens, cannot be used.
RETOOL_ENV
Used in SCIM provisioning and Source Control alerting to specify the environment name. Defaults to production
.
RETOOL_ENV=production
SANDBOX_DOMAIN
Retool evaluates javascript written by your builders in the browser. If a builder writes javascript that takes malicious actions, setting SANDBOX_DOMAIN
can help protect your other users.
Setting SANDBOX_DOMAIN
provides an alternative origin for the browser to use to run code written by builders. All builder-written code run in the browser is run in the origin defined by SANDBOX_DOMAIN
and is sandboxed from interacting with anything in your base domain. This includes authentication cookies for your Retool backend. If SANDBOX_DOMAIN
is not set, builder-written code is run in the same origin that serves your Retool instance.
The domain you use for SANDBOX_DOMAIN
must be a fully functional domain that routes HTTP requests to your Retool instance. In many cases, this requires registering a new domain, as well as configuring its DNS records.
SANDBOX_DOMAIN=https://not-your-primary-domain.com
SERVICE_TYPE
Used to set the Retool services a container runs. Separate multiple values with commas with no spaces. If no SERVICE_TYPE
is specified, all services are run.
Acceptable values
MAIN_BACKEND
JOBS_RUNNER
DB_CONNECTOR
DB_SSH_CONNECTOR
WORKFLOW_BACKEND
WORKFLOW_TEMPORAL_WORKER
SERVICE_TYPE=MAIN_BACKEND,JOBS_RUNNER