Skip to main content
Flowise can be configured using environment variables. These can be set in a .env file or passed directly to the Docker container.

Core Configuration

Port

PORT
number
default:"3000"
The port number on which Flowise will run.
PORT=3000

Database Configuration

Flowise supports SQLite (default) and PostgreSQL databases.
DATABASE_PATH
string
Path to store the SQLite database file (only for SQLite).
DATABASE_PATH=/your_database_path/.flowise
DATABASE_TYPE
string
default:"sqlite"
Database type to use. Options: sqlite or postgres.
DATABASE_TYPE=postgres
DATABASE_HOST
string
Database host (PostgreSQL only).
DATABASE_HOST=localhost
DATABASE_PORT
number
default:"5432"
Database port (PostgreSQL only).
DATABASE_PORT=5432
DATABASE_NAME
string
Database name (PostgreSQL only).
DATABASE_NAME=flowise
DATABASE_USER
string
Database user (PostgreSQL only).
DATABASE_USER=root
DATABASE_PASSWORD
string
Database password (PostgreSQL only).
DATABASE_PASSWORD=mypassword
DATABASE_SSL
boolean
default:"false"
Enable SSL for database connection (PostgreSQL only).
DATABASE_SSL=true
DATABASE_SSL_KEY_BASE64
string
Self-signed certificate in BASE64 format for SSL connection.
DATABASE_SSL_KEY_BASE64=<base64-encoded-certificate>

Secret Keys Management

Flowise can store encryption keys locally or in AWS Secrets Manager.
SECRETKEY_STORAGE_TYPE
string
default:"local"
Storage type for secret keys. Options: local or aws.
SECRETKEY_STORAGE_TYPE=local
SECRETKEY_PATH
string
Path to store secret keys (when using local storage).
SECRETKEY_PATH=/your_secret_path/.flowise
FLOWISE_SECRETKEY_OVERWRITE
string
Override the encryption key with a custom value.
Generate a secure key using: openssl rand -hex 32
FLOWISE_SECRETKEY_OVERWRITE=myencryptionkey

AWS Secrets Manager

SECRETKEY_AWS_ACCESS_KEY
string
AWS access key for Secrets Manager.
SECRETKEY_AWS_ACCESS_KEY=<your-access-key>
SECRETKEY_AWS_SECRET_KEY
string
AWS secret key for Secrets Manager.
SECRETKEY_AWS_SECRET_KEY=<your-secret-key>
SECRETKEY_AWS_REGION
string
default:"us-west-2"
AWS region for Secrets Manager.
SECRETKEY_AWS_REGION=us-west-2
SECRETKEY_AWS_NAME
string
Name for the encryption key in AWS Secrets Manager.
SECRETKEY_AWS_NAME=FlowiseEncryptionKey

Logging

DEBUG
boolean
default:"false"
Enable debug mode for verbose logging.
DEBUG=true
LOG_PATH
string
Path to store log files.
LOG_PATH=/your_log_path/.flowise/logs
LOG_LEVEL
string
default:"info"
Logging level. Options: error, warn, info, verbose, debug.
LOG_LEVEL=info
LOG_SANITIZE_BODY_FIELDS
string
Comma-separated list of fields to sanitize in request body logs.
LOG_SANITIZE_BODY_FIELDS=password,pwd,pass,secret,token,apikey
LOG_SANITIZE_HEADER_FIELDS
string
Comma-separated list of headers to sanitize in logs.
LOG_SANITIZE_HEADER_FIELDS=authorization,x-api-key,x-auth-token,cookie

Storage Configuration

Configure where Flowise stores uploaded files and documents.
STORAGE_TYPE
string
default:"local"
Storage backend for files. Options: local, s3, gcs, azure.
STORAGE_TYPE=local
BLOB_STORAGE_PATH
string
Local path for file storage (when STORAGE_TYPE=local).
BLOB_STORAGE_PATH=/your_storage_path/.flowise/storage

AWS S3 Storage

S3_STORAGE_BUCKET_NAME
string
S3 bucket name for file storage.
S3_STORAGE_BUCKET_NAME=flowise
S3_STORAGE_ACCESS_KEY_ID
string
AWS access key ID for S3.
S3_STORAGE_ACCESS_KEY_ID=<your-access-key>
S3_STORAGE_SECRET_ACCESS_KEY
string
AWS secret access key for S3.
S3_STORAGE_SECRET_ACCESS_KEY=<your-secret-key>
S3_STORAGE_REGION
string
default:"us-west-2"
AWS region for S3 bucket.
S3_STORAGE_REGION=us-west-2
S3_ENDPOINT_URL
string
Custom S3 endpoint URL (for S3-compatible services).
S3_ENDPOINT_URL=<custom-s3-endpoint-url>
S3_FORCE_PATH_STYLE
boolean
default:"false"
Force path-style URLs for S3 (required for some S3-compatible services).
S3_FORCE_PATH_STYLE=true

Google Cloud Storage

GOOGLE_CLOUD_STORAGE_CREDENTIAL
string
Path to GCP service account key file.
GOOGLE_CLOUD_STORAGE_CREDENTIAL=/path/to/keyfile.json
GOOGLE_CLOUD_STORAGE_PROJ_ID
string
GCP project ID.
GOOGLE_CLOUD_STORAGE_PROJ_ID=<your-project-id>
GOOGLE_CLOUD_STORAGE_BUCKET_NAME
string
GCS bucket name for file storage.
GOOGLE_CLOUD_STORAGE_BUCKET_NAME=<bucket-name>
GOOGLE_CLOUD_UNIFORM_BUCKET_ACCESS
boolean
default:"true"
Enable uniform bucket-level access.
GOOGLE_CLOUD_UNIFORM_BUCKET_ACCESS=true

Azure Blob Storage

Provide EITHER a connection string OR account name + key, not both.
AZURE_BLOB_STORAGE_CONNECTION_STRING
string
Azure Blob Storage connection string.
AZURE_BLOB_STORAGE_CONNECTION_STRING=<your-connection-string>
AZURE_BLOB_STORAGE_ACCOUNT_NAME
string
Azure storage account name.
AZURE_BLOB_STORAGE_ACCOUNT_NAME=<your-account-name>
AZURE_BLOB_STORAGE_ACCOUNT_KEY
string
Azure storage account key.
AZURE_BLOB_STORAGE_ACCOUNT_KEY=<your-account-key>
AZURE_BLOB_STORAGE_CONTAINER_NAME
string
Azure container name for file storage.
AZURE_BLOB_STORAGE_CONTAINER_NAME=<your-container-name>

Application Settings

NUMBER_OF_PROXIES
number
Number of proxies in front of Flowise (for proper IP detection).
NUMBER_OF_PROXIES=1
CORS_ORIGINS
string
default:"*"
Comma-separated list of allowed CORS origins.
CORS_ORIGINS=*
# or specific origins
CORS_ORIGINS=https://example.com,https://app.example.com
IFRAME_ORIGINS
string
default:"*"
Comma-separated list of allowed iframe origins.
IFRAME_ORIGINS=*
FLOWISE_FILE_SIZE_LIMIT
string
default:"50mb"
Maximum file upload size.
FLOWISE_FILE_SIZE_LIMIT=50mb
SHOW_COMMUNITY_NODES
boolean
default:"true"
Show community-contributed nodes in the UI.
SHOW_COMMUNITY_NODES=true
DISABLE_FLOWISE_TELEMETRY
boolean
default:"false"
Disable anonymous telemetry collection.
DISABLE_FLOWISE_TELEMETRY=true
DISABLED_NODES
string
Comma-separated list of node names to disable.
DISABLED_NODES=bufferMemory,chatOpenAI
MODEL_LIST_CONFIG_JSON
string
Path to custom model list configuration file.
MODEL_LIST_CONFIG_JSON=/path/to/models.json

Authentication

APP_URL
string
Base URL of your Flowise instance (required for authentication).
APP_URL=http://localhost:3000

JWT Configuration

Auth secrets can be set via environment variables or left unset to use file/AWS storage. Generate secure secrets using: openssl rand -hex 32
JWT_AUTH_TOKEN_SECRET
string
Secret key for JWT authentication tokens.
JWT_AUTH_TOKEN_SECRET=<32-byte-hex-string>
JWT_REFRESH_TOKEN_SECRET
string
Secret key for JWT refresh tokens.
JWT_REFRESH_TOKEN_SECRET=<32-byte-hex-string>
JWT_ISSUER
string
default:"Flowise"
JWT token issuer identifier.
JWT_ISSUER=Flowise
JWT_AUDIENCE
string
default:"Flowise"
JWT token audience identifier.
JWT_AUDIENCE=Flowise
JWT_TOKEN_EXPIRY_IN_MINUTES
number
default:"360"
JWT access token expiry time in minutes (default: 6 hours).
JWT_TOKEN_EXPIRY_IN_MINUTES=360
JWT_REFRESH_TOKEN_EXPIRY_IN_MINUTES
number
default:"43200"
JWT refresh token expiry time in minutes (default: 30 days).
JWT_REFRESH_TOKEN_EXPIRY_IN_MINUTES=43200
EXPIRE_AUTH_TOKENS_ON_RESTART
boolean
default:"false"
Expire all authentication tokens when the app restarts.
EXPIRE_AUTH_TOKENS_ON_RESTART=true

Session & Security

EXPRESS_SESSION_SECRET
string
Secret key for Express sessions.
EXPRESS_SESSION_SECRET=<32-byte-hex-string>
TOKEN_HASH_SECRET
string
Secret key for hashing tokens.
TOKEN_HASH_SECRET=<32-byte-hex-string>
SECURE_COOKIES
boolean
Enable secure cookies (HTTPS only).
SECURE_COOKIES=true
PASSWORD_SALT_HASH_ROUNDS
number
default:"10"
Number of bcrypt salt rounds for password hashing.
PASSWORD_SALT_HASH_ROUNDS=10
PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS
number
default:"15"
Password reset token expiry time in minutes.
PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS=15

Email Configuration

Required for password reset and invitation emails.
SMTP_HOST
string
SMTP server hostname.
SMTP_HOST=smtp.host.com
SMTP_PORT
number
SMTP server port.
SMTP_PORT=465
SMTP_USER
string
SMTP authentication username.
SMTP_USER=smtp_user
SMTP_PASSWORD
string
SMTP authentication password.
SMTP_PASSWORD=smtp_password
SMTP_SECURE
boolean
default:"true"
Use TLS for SMTP connection.
SMTP_SECURE=true
ALLOW_UNAUTHORIZED_CERTS
boolean
default:"false"
Allow unauthorized SSL certificates (for testing only).
ALLOW_UNAUTHORIZED_CERTS=false
SENDER_EMAIL
string
Email address used as sender.
SENDER_EMAIL=[email protected]

Queue Configuration

Configure BullMQ for distributed job processing.
MODE
string
Operating mode. Options: queue or main.
MODE=queue
QUEUE_NAME
string
default:"flowise-queue"
Name of the job queue.
QUEUE_NAME=flowise-queue
REDIS_URL
string
Full Redis connection URL (alternative to individual Redis settings).
REDIS_URL=redis://username:password@localhost:6379
REDIS_HOST
string
default:"localhost"
Redis server hostname.
REDIS_HOST=localhost
REDIS_PORT
number
default:"6379"
Redis server port.
REDIS_PORT=6379
REDIS_USERNAME
string
Redis authentication username.
REDIS_USERNAME=redis_user
REDIS_PASSWORD
string
Redis authentication password.
REDIS_PASSWORD=redis_password
WORKER_CONCURRENCY
number
default:"100000"
Maximum number of concurrent workers.
WORKER_CONCURRENCY=100000
ENABLE_BULLMQ_DASHBOARD
boolean
Enable BullMQ dashboard for monitoring.
ENABLE_BULLMQ_DASHBOARD=true

Security

HTTP_SECURITY_CHECK
boolean
default:"true"
Enable HTTP security checks.
HTTP_SECURITY_CHECK=true
HTTP_DENY_LIST
string
Comma-separated list of blocked HTTP hosts.
HTTP_DENY_LIST=localhost,127.0.0.1
CUSTOM_MCP_SECURITY_CHECK
boolean
default:"true"
Enable security checks for custom MCP protocols.
CUSTOM_MCP_SECURITY_CHECK=true
CUSTOM_MCP_PROTOCOL
string
default:"sse"
Custom MCP protocol type. Options: stdio or sse.
CUSTOM_MCP_PROTOCOL=sse
TRUST_PROXY
string
default:"false"
Trust proxy headers for IP detection.
TRUST_PROXY=true

Proxy Configuration

GLOBAL_AGENT_HTTP_PROXY
string
HTTP proxy URL for outbound requests.
GLOBAL_AGENT_HTTP_PROXY=http://proxy.example.com:8080
GLOBAL_AGENT_HTTPS_PROXY
string
HTTPS proxy URL for outbound requests.
GLOBAL_AGENT_HTTPS_PROXY=https://proxy.example.com:8443
GLOBAL_AGENT_NO_PROXY
string
Comma-separated list of hosts to bypass proxy.
GLOBAL_AGENT_NO_PROXY=localhost,127.0.0.1,.internal.com

Metrics & Telemetry

ENABLE_METRICS
boolean
default:"false"
Enable metrics collection.
ENABLE_METRICS=true
METRICS_PROVIDER
string
Metrics provider. Options: prometheus or open_telemetry.
METRICS_PROVIDER=prometheus
METRICS_INCLUDE_NODE_METRICS
boolean
default:"true"
Include Node.js process metrics.
METRICS_INCLUDE_NODE_METRICS=true
METRICS_SERVICE_NAME
string
default:"FlowiseAI"
Service name for metrics.
METRICS_SERVICE_NAME=FlowiseAI

OpenTelemetry

METRICS_OPEN_TELEMETRY_METRIC_ENDPOINT
string
OpenTelemetry metrics endpoint URL.
METRICS_OPEN_TELEMETRY_METRIC_ENDPOINT=http://localhost:4318/v1/metrics
METRICS_OPEN_TELEMETRY_PROTOCOL
string
default:"http"
OpenTelemetry protocol. Options: http, grpc, or proto.
METRICS_OPEN_TELEMETRY_PROTOCOL=http
METRICS_OPEN_TELEMETRY_DEBUG
boolean
default:"false"
Enable OpenTelemetry debug logging.
METRICS_OPEN_TELEMETRY_DEBUG=true

Enterprise Features

FLOWISE_EE_LICENSE_KEY
string
Enterprise Edition license key.
FLOWISE_EE_LICENSE_KEY=<your-license-key>
LICENSE_URL
string
License validation server URL.
LICENSE_URL=https://license.flowise.com
OFFLINE
boolean
Enable offline mode (no internet connection required).
OFFLINE=true
INVITE_TOKEN_EXPIRY_IN_HOURS
number
default:"24"
Workspace invitation token expiry time in hours.
INVITE_TOKEN_EXPIRY_IN_HOURS=24

Custom Tool Dependencies

TOOL_FUNCTION_BUILTIN_DEP
string
Comma-separated list of allowed built-in Node.js modules.
TOOL_FUNCTION_BUILTIN_DEP=crypto,fs
TOOL_FUNCTION_EXTERNAL_DEP
string
Comma-separated list of allowed external npm packages.
TOOL_FUNCTION_EXTERNAL_DEP=moment,lodash
ALLOW_BUILTIN_DEP
boolean
default:"false"
Allow all built-in Node.js modules.
ALLOW_BUILTIN_DEP=true

Document Loaders

PUPPETEER_EXECUTABLE_FILE_PATH
string
Path to Chromium/Chrome executable for Puppeteer.
PUPPETEER_EXECUTABLE_FILE_PATH=/usr/bin/chromium-browser
PLAYWRIGHT_EXECUTABLE_FILE_PATH
string
Path to Chromium/Chrome executable for Playwright.
PLAYWRIGHT_EXECUTABLE_FILE_PATH=/usr/bin/chromium-browser

Example Configuration

Here’s a complete example .env file for a production deployment:
.env
# Core
PORT=3000

# Database
DATABASE_TYPE=postgres
DATABASE_HOST=your-db-host.rds.amazonaws.com
DATABASE_PORT=5432
DATABASE_NAME=flowise
DATABASE_USER=flowise
DATABASE_PASSWORD=your_secure_password
DATABASE_SSL=true

# Storage
STORAGE_TYPE=s3
S3_STORAGE_BUCKET_NAME=flowise-production
S3_STORAGE_ACCESS_KEY_ID=<your-access-key>
S3_STORAGE_SECRET_ACCESS_KEY=<your-secret-key>
S3_STORAGE_REGION=us-east-1

# Authentication
APP_URL=https://flowise.example.com
JWT_AUTH_TOKEN_SECRET=<32-byte-hex-string>
JWT_REFRESH_TOKEN_SECRET=<32-byte-hex-string>
EXPRESS_SESSION_SECRET=<32-byte-hex-string>
TOKEN_HASH_SECRET=<32-byte-hex-string>
SECURE_COOKIES=true

# Email
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT=587
SMTP_USER=apikey
SMTP_PASSWORD=<your-sendgrid-api-key>
SMTP_SECURE=true
SENDER_EMAIL=[email protected]

# Security
CORS_ORIGINS=https://flowise.example.com,https://app.example.com
HTTP_SECURITY_CHECK=true
TRUST_PROXY=true

# Logging
LOG_LEVEL=info
DISABLE_FLOWISE_TELEMETRY=true

# Metrics
ENABLE_METRICS=true
METRICS_PROVIDER=prometheus

Next Steps

Docker Deployment

Deploy Flowise using Docker

Authentication

Configure authentication and security

Cloud Providers

Deploy to cloud platforms

Build docs developers (and LLMs) love

Get started for freeTalk to us