General environment variables
Reference documentation for general environment variables.
General environment variables available for use with Self-hosted Retool deployments.
Only configure environment variables when needed. You can configure many environment variables from your organization's Settings rather than directly editing your deployment's configuration file.
You must restart your instance after setting any variables for them to take effect.
ADMIN_API_ACCESS_TOKEN
If non-empty, Retool creates an API access token with the provided string value. Requires ADMIN_USER_EMAIL to be set to a valid email address of an admin user.
| Type | string |
| Format | Authentication Key |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
api-key
ADMIN_API_ACCESS_TOKEN_SCOPES
Comma-separated list of scopes to be assigned to the API access token created using ADMIN_API_ACCESS_TOKEN environment variable.
| Type | string |
| Format | Plain Text |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
source_control:read,source_control:write,groups:read,groups:write,spaces:read,spaces:write,folders:read,folders:write,permissions:all:read,permissions:all:write
ADMIN_USER_EMAIL
If non-empty, Retool creates an admin user with the provided email in the Admin Space.
| Type | string |
| Format | Email Address |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
admin@example.com
ALLOW_SAME_ORIGIN_OPTION
Whether to use allow-same-origin for iframes and custom components. If this is not true, custom components are heavily restricted in their behavior. Refer to the configure same-origin and sandbox guide to learn more.
| Type | boolean |
| Format | True/False |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | false |
Examples
false
API_CALLS_PER_MINUTE
Retool API uses a point system for rate limiting where endpoint requests cost a certain number of points. The default is 300 points in a 60 second window. If you exceed this, Retool blocks any subsequent API calls for 60 seconds. You can increase the number of points with the API_CALLS_PER_MIN environment variable.
| Type | number |
| Format | Integer |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | 300 |
Examples
300
BASE_DOMAIN
The full URL of your Retool deployment for user invitations and password resets. This also needs to be set if you dynamically set callback URLs on protected resources.
| Type | string |
| Format | URL |
| Configurability | Update the deployment's configuration file. |
| Required | Required |
| Default | null |
Examples
https://retool.example.com
CREATE_FIRST_ORG
If set to true, Retool automatically creates the first organization on the instance. This is useful for automated provisioning of Retool instances.
| Type | boolean |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | false |
Examples
true
CUSTOM_RETOOL_SANDBOX_RESTRICTIONS
The JavaScript sandbox restrictions to allow. Specify space-separated values for multiple restrictions. Only configure custom sandbox restrictions if you are comfortable with the security implications.
| Type | string |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
allow-downloads
DEBUG
Whether to enable verbose logging for debugging purposes.
| Type | boolean |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | false |
Examples
true
DISABLE_IMAGE_PROXY
Whether to disable the proxy used for publicly embedded apps.
| Type | boolean |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | false |
Examples
true
DISABLE_INTERCOM
Disable Retool's support widget in the frontend. Refer to the Retool Support page to learn how to contact Retool.
| Type | boolean |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | false |
Examples
true
DISABLE_MEMORY_AND_CPU_USAGE_LOGGING
Whether to disable logging of memory and CPU usage.
| Type | boolean |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | false |
Examples
true
DISABLE_PUBLIC_PAGES
Whether to disable public access to Retool apps. If set to true, also set DISABLE_IMAGE_PROXY to true to fully disable public access.
| Type | boolean |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | false |
Examples
true
DOMAINS
The domains to use for EntityID in SAML requests and obtaining SSL certificates when setting up HTTPS.
| Type | string |
| Format | Plain Text |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
retool.your-domain.com -> http://api:3000
HIDE_PROD_AND_STAGING_TOGGLES
Whether to hide the Production and Staging toggles in the Retool interface.
| Type | boolean |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | false |
Examples
true
HOST_HEADER_NAME
Retool backend expects Host header to contain the host used in the original request. This is important for Spaces to work properly. If your self-hosted instance has a proxy or load-balancer in front of the Retool backend, you can specify a different header that contains the original host.
| Type | string |
| Format | Plain Text |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | HOST_HEADER_NAME |
Examples
x-forwarded-host
HTML_ESCAPE_RETOOL_EXPRESSIONS
Whether to escape HTML in `` expressions. If set to true, all HTML in expressions is escaped.
| Type | boolean |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | false |
Examples
true
HTTP_PROXY
The HTTP proxy to use for all HTTP requests.
| Type | string |
| Format | Plain Text |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
http://proxy.example.com:8080
LICENSE_KEY
The license key for your Retool deployment.
| Type | string |
| Format | Plain Text |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
key_1234567890
NO_PROXY
A comma-separated list of hosts that should not be proxied.
| Type | string |
| Format | Plain Text |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
localhost,*.service.company
NODE_TLS_REJECT_UNAUTHORIZED
Whether to reject unauthorized TLS certificates. This setting is insecure and not recommended for production instances
| Type | boolean |
| Format | True/False |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | false |
Examples
false
NUM_WORKERS
The number of worker threads for the api container. The default value is Math.min(Math.max(1, numCPUs), 3), where numCPUs is the number of logical CPU cores on the machine determined by Node.js.
| Type | number |
| Format | Integer |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | 0 |
Examples
4
RETOOL_ENVIRONMENT
The environment for SCIM provisioning and Source Control alerts.
| Type | string |
| Format | Plain Text |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | production |
Examples
production
RETOOL_EXPOSED_{NAME}
Use the RETOOL_EXPOSED_ prefix to store secrets that you can use when configuring resources. Only underscores and alphanumeric characters are supported.
| Type | string |
| Format | Plain Text |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
RETOOL_EXPOSED_DB_USERNAME=db_user
SANDBOX_DOMAIN
The sandbox domain to use.
| Type | string |
| Format | Plain Text |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
https://not-your-primary-domain.com
SERVICE_TYPE
Comma-separated list of Retool services to run within a container. If unset, all services run in the same container.
| Type | string |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
MAIN_BACKEND,JOBS_RUNNER
USAGE_API_TOKEN
The access token to enable Usage Analytics. Please reach out to your Retool account manager to obtain this token.
| Type | string |
| Format | Plain Text |
| Configurability | Update the deployment's configuration file. |
| Required | Optional |
| Default | null |
Examples
accessToken