Skip to content
Jetrepo
Esc
navigateopen⌘Jpreview
On this page

Environment variables

Set production values, secrets, defaults, consumers, and change effects.

Store production values in an uncommitted deployment secret source. Validate interpolation without printing the resolved configuration:

docker compose -f docker-compose.prod.yaml config --quiet

Access

Reading or changing these values requires deployment-secret and Compose administration.

Required values

Value Consumers and effect
POSTGRES_PASSWORD Initializes Postgres and derives the default connection URL for migration, Core API, Delivery API, and Worker
REDIS_PASSWORD Redis, Core API, Delivery API, and Worker must change together
BETTER_AUTH_SECRET Core API and Delivery API must share it; a change can invalidate authentication material
IMAGOR_SECRET Core API, Delivery API, and Image service must share it; old signed image URLs stop validating
MINIO_ROOT_USER, MINIO_ROOT_PASSWORD Object-store administrator credentials shared by object setup, Core API, Worker, and Image service
CORE_API_PUBLIC_URL Core API runtime value and Admin build input
DELIVERY_API_PUBLIC_URL Admin build input
ADMIN_APP_PUBLIC_URL Core trusted origin and auth/preview Admin origin
IMAGOR_PUBLIC_URL Core API and Delivery API signed-image base URL
S3_PUBLIC_URL Core API and Worker object endpoint; must also be reachable from their containers
GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET Core Google OAuth configuration
GOOGLE_ALLOWED_DOMAIN Core Google Workspace domain policy

The supported Compose stack does not issue least-privilege S3 credentials per service: Core API, Worker, and Image service receive the MinIO root credentials. Isolate those consumers and rotate all of them with object storage and setup.

All five public URLs must be final HTTPS origins. Changing Core or Delivery URLs requires rebuilding the Admin image. Other consumer changes require recreating or restarting every named consumer.

POSTGRES_PASSWORD remains required for the Postgres container even when DATABASE_URL is explicit.

Optional values

Value Default and consumers
DATABASE_URL Derived from POSTGRES_PASSWORD; explicit value is used by migration, Core API, Delivery API, and Worker
BUCKET_NAME jetrepo; used by Core API, Worker, object setup, and Image service
WEBHOOK_SECRET Empty; used by Core for external-user webhook verification when configured
AUTH_COOKIE_DOMAIN Empty, which keeps cookies host-only; used by Core
RESPONSE_CACHE_TTL 60000 milliseconds; used by Delivery API

Database URLs

The default URL inserts POSTGRES_PASSWORD directly into the URL. If a password contains reserved URL characters, set an explicit DATABASE_URL with the password percent-encoded. Also account for shell and Compose interpolation when placing values in your secret source; validate the final configuration locally without publishing it.

Updating POSTGRES_PASSWORD in Compose does not change the password stored for an existing Postgres role in pgdata. A real rotation must coordinate the database role change, the percent-encoded DATABASE_URL, POSTGRES_PASSWORD, and all four connection consumers.

No database credential rotation has been drilled by the project. Test the exact sequence, outage boundary, and return path with restored data before production. If the role password has already changed, rollback means changing it back through Postgres administration or deploying the matching URL—never deleting pgdata.

Rotation limits

No credential rotation in this stack has a repository-backed production drill. Before rotating database, Redis, object-storage, auth, image, Google, or webhook credentials:

  1. Inventory every consumer in the tables above.
  2. Prove the service-specific sequence and rollback in an isolated environment.
  3. Plan for coordinated recreation and downtime where one-value sharing prevents overlap.
  4. After the change, test sign-in, delivery authorization, queues, uploads, and signed images as applicable.

If no durable service credential changed, restore the prior environment and recreate all affected consumers. Do not restore a known-exposed secret as rollback.

Was this page helpful?