General environment variables

General environment variables available for use with Self-hosted Retool deployments.

`ALLOW_SAME_ORIGIN_OPTION`

When ALLOW_SAME_ORIGIN_OPTION is set to true, components running in iframes in Retool, such as IFrame and custom components, can use the allow-same-origin flag in the sandbox attribute of their iframes. IFrames without the allow-same-origin flag have severe restrictions, so it can be useful to set ALLOW_SAME_ORIGIN_OPTION to true.

When ALLOW_SAME_ORIGIN_OPTION is set to true, you should also set SANDBOX_DOMAIN. If ALLOW_SAME_ORIGIN_OPTION is true and SANDBOX_DOMAIN is not set, then JavaScript run in iframe-based components is run in the base domain. This can be a security risk, as it allows malicious code that is run in iframe-based components greater access to cause harm. If ALLOW_SAME_ORIGIN_OPTION is set to true, SANDBOX_DOMAIN should also be set.

If unset, the default value for ALLOW_SAME_ORIGIN_OPTION is false.

`API_CALLS_PER_MIN`

Retool uses a point system for rate limiting where endpoint requests cost a certain number of points. The default is 300 points in a 60 second window. If you exceed this, Retool blocks any subsequent API calls for 60 seconds. You can increase the number of points with the API_CALLS_PER_MIN environment variable.

API_CALLS_PER_MIN=300

`BASE_DOMAIN`

The full URL of your Retool deployment for user invitations and password resets. This also needs to be set if you dynamically set callback URLs on protected resources.

If unset, Retool attempts to determine the base domain automatically but cannot do so if your deployment is behind a proxy server.

BASE_DOMAIN=https://retool.example.com

`CUSTOM_API_KEY`

A Custom API key to override Retool-generated API keys. This doesn't apply to access tokens for embedding web apps, you still need to use the token generated in Retool.

CUSTOM_API_KEY=key_545567563

`CUSTOM_RETOOL_SANDBOX_RESTRICTIONS`

warning

Only configure custom sandbox restrictions if you are comfortable with the security implications.

The JavaScript sandbox restrictions to allow. Specify space-separated values for multiple restrictions.

allow-downloads: Allow downloads
allow-popups: Allow pop-ups
allow-modals: Allow modals

If unset, no restrictions are allowed.

CUSTOM_RETOOL_SANDBOX_RESTRICTIONS=allow-downloads allow-modals

`DEBUG`

Whether to enable verbose logging for debugging purposes. Set DEBUG to 1 to enable verbose logging.

DEBUG=1

`DISABLE_IMAGE_PROXY`

Disable the proxy used for public apps.

DISABLE_IMAGE_PROXY=true

`DISABLE_INTERCOM`

Disable Retool's support widget in the frontend. See Retool Support guidelines to learn how to contact Retool.

DISABLE_INTERCOM=true

`DISABLE_MEMORY_AND_CPU_USAGE_LOGGING`

Disable logging of CPU and memory usage.

DISABLE_MEMORY_AND_CPU_USAGE_LOGGING=true

`DISABLE_PUBLIC_PAGES`

Disable public access of Retool apps. When set to true, set DISABLE_IMAGE_PROXY to true as well to fully disable public access.

DISABLE_PUBLIC_PAGES=true

`DISABLE_FORWARDABLE_COOKIE_DECODING`

Disable automatic cookie decoding when using forwardable cookies.

DISABLE_FORWARDABLE_COOKIE_DECODING=true

`DOMAINS`

Used to set EntityID in SAML requests and obtain SSL certificate when setting up HTTPS.

DOMAINS=retool.your-domain.com -> http://api:3000

`HIDE_PROD_AND_STAGING_TOGGLES`

Hide Production and Staging toggles in creator and user mode interfaces.

HIDE_PROD_AND_STAGING_TOGGLES=true

`HOST_HEADER_NAME`

Retool backend expects Host header to contain the host used in the original request. This is important for Spaces to work properly. If your self-hosted instance has a proxy or load-balancer in front of the Retool backend, you can specify a different header that contains the original host.

HOST_HEADER_NAME=x-forwarded-host

`HTML_ESCAPE_RETOOL_EXPRESSIONS`

Escape HTML expressions within curly braces ({{ }}). If unset, the default is false.

HTML_ESCAPE_RETOOL_EXPRESSIONS=true

`HTTP_PROXY`

The URL and port number for proxying HTTP connections.

HTTP_PROXY=http://example.com:8080

`LOG_AUDIT_EVENTS`

Log all audit events.

LOG_AUDIT_EVENTS=true

`LOG_LEVEL`

The level of information logged to stdout. Specify space-separated values for multiple restrictions.

info: Default logging level.
verbose: More verbose logs for git syncing, authentication, etc.
debug: Raw debug logs.

LOG_LEVEL=debug

`DISABLE_AUDIT_TRAILS_LOGGING`

warning

Requires Self-hosted Retool v3.18 or later.

Disable all writes to audit logs.

DISABLE_AUDIT_TRAILS_LOGGING=true

`NO_PROXY`

Skip proxying HTTP requests from the specified URLs. Used when HTTP_PROXY is set.

NO_PROXY=localhost,*.service.company

`NODE_ENV`

The environment of the instance. Must always be set to production.

NODE_ENV=production

`NODE_TLS_REJECT_UNAUTHORIZED`

When set to 0, disables certificate validation for TLS connections. This setting is insecure and not recommended for production instances.

NODE_TLS_REJECT_UNAUTHORIZED=0

`NUM_WORKERS`

The number of worker threads for the api container. The default value is Math.min(Math.max(1, numCPUs), 3), where numCPUs is the number of logical CPU cores on the machine determined by Node.js.

NUM_WORKERS=4

`RETOOL_EXPOSED_{NAME}`

Use the RETOOL_EXPOSED_ prefix to store secrets that you can use when configuring resources.

RETOOL_EXPOSED_DB_USERNAME=db_user
RETOOL_EXPOSED_DB_PASSWORD=4356748i7rkjthrtHBHNHRFB

warning

Only use underscores to separate characters and words. Other separators, including hyphens, cannot be used.

`RETOOL_ENV`

Used in SCIM provisioning and Source Control alerting to specify the environment name. Defaults to production.

RETOOL_ENV=production

`SANDBOX_DOMAIN`

Retool evaluates javascript written by your builders in the browser. If a builder writes javascript that takes malicious actions, setting SANDBOX_DOMAIN can help protect your other users.

Setting SANDBOX_DOMAIN provides an alternative origin for the browser to use to run code written by builders. All builder-written code run in the browser is run in the origin defined by SANDBOX_DOMAIN and is sandboxed from interacting with anything in your base domain. This includes authentication cookies for your Retool backend. If SANDBOX_DOMAIN is not set, builder-written code is run in the same origin that serves your Retool instance.

The domain you use for SANDBOX_DOMAIN must be a fully functional domain that routes HTTP requests to your Retool instance. In many cases, this requires registering a new domain, as well as configuring its DNS records.

SANDBOX_DOMAIN=https://not-your-primary-domain.com

`SERVICE_TYPE`

Used to set the Retool services a container runs. Separate multiple values with commas with no spaces. If no SERVICE_TYPE is specified, all services are run.

Acceptable values

MAIN_BACKEND
JOBS_RUNNER
DB_CONNECTOR
DB_SSH_CONNECTOR
WORKFLOW_BACKEND
WORKFLOW_TEMPORAL_WORKER

SERVICE_TYPE=MAIN_BACKEND,JOBS_RUNNER

ALLOW_SAME_ORIGIN_OPTION​

API_CALLS_PER_MIN​

BASE_DOMAIN​

CUSTOM_API_KEY​

CUSTOM_RETOOL_SANDBOX_RESTRICTIONS​

DEBUG​

DISABLE_IMAGE_PROXY​

DISABLE_INTERCOM​

DISABLE_MEMORY_AND_CPU_USAGE_LOGGING​

DISABLE_PUBLIC_PAGES​

DISABLE_FORWARDABLE_COOKIE_DECODING​

DOMAINS​

HIDE_PROD_AND_STAGING_TOGGLES​

HOST_HEADER_NAME​

HTML_ESCAPE_RETOOL_EXPRESSIONS​

HTTP_PROXY​

LOG_AUDIT_EVENTS​

LOG_LEVEL​

DISABLE_AUDIT_TRAILS_LOGGING​

NO_PROXY​

NODE_ENV​

NODE_TLS_REJECT_UNAUTHORIZED​

NUM_WORKERS​

RETOOL_EXPOSED_{NAME}​

RETOOL_ENV​

SANDBOX_DOMAIN​

SERVICE_TYPE​

`ALLOW_SAME_ORIGIN_OPTION`

`API_CALLS_PER_MIN`

`BASE_DOMAIN`

`CUSTOM_API_KEY`

`CUSTOM_RETOOL_SANDBOX_RESTRICTIONS`

`DEBUG`

`DISABLE_IMAGE_PROXY`

`DISABLE_INTERCOM`

`DISABLE_MEMORY_AND_CPU_USAGE_LOGGING`

`DISABLE_PUBLIC_PAGES`

`DISABLE_FORWARDABLE_COOKIE_DECODING`

`DOMAINS`

`HIDE_PROD_AND_STAGING_TOGGLES`

`HOST_HEADER_NAME`

`HTML_ESCAPE_RETOOL_EXPRESSIONS`

`HTTP_PROXY`

`LOG_AUDIT_EVENTS`

`LOG_LEVEL`

`DISABLE_AUDIT_TRAILS_LOGGING`

`NO_PROXY`

`NODE_ENV`

`NODE_TLS_REJECT_UNAUTHORIZED`

`NUM_WORKERS`

`RETOOL_EXPOSED_{NAME}`

`RETOOL_ENV`

`SANDBOX_DOMAIN`

`SERVICE_TYPE`