Skip to main content
This page documents all environment variables available in Chatwoot. These variables are used to configure various aspects of your self-hosted installation.

Core Configuration

SECRET_KEY_BASE
string
required
Used to verify the integrity of signed cookies. Must be alphanumeric without special characters or symbols.Generate using: rake secretSecurity: Ensure this is a lengthy, secure, random value unique to your installation.
FRONTEND_URL
string
required
The URL where your Chatwoot application will be accessible.Example: https://chatwoot.example.comDefault: http://0.0.0.0:3000
HELPCENTER_URL
string
Dedicated URL for help center pages if you want to host them on a separate domain.Example: https://help.example.com
RAILS_ENV
string
Rails environment mode.Options: development, production, stagingDefault: development
RAILS_MAX_THREADS
number
Maximum number of threads for the Rails application server.Default: 5

Security & Encryption

FORCE_SSL
boolean
Force all access to the app over SSL and use secure cookies.Default: falseRecommendation: Set to true in production environments.
ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY
string
Primary encryption key for Active Record Encryption. Required for MFA/2FA functionality.Generate using: rails db:encryption:initImportant: Use different keys for each environment (development, staging, production).
ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY
string
Deterministic encryption key for Active Record Encryption. Required for MFA/2FA functionality.Generate using: rails db:encryption:init
ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT
string
Key derivation salt for Active Record Encryption. Required for MFA/2FA functionality.Generate using: rails db:encryption:init

Account & Signup Management

ENABLE_ACCOUNT_SIGNUP
string
Controls new sign ups on your Chatwoot installation.Options:
  • true - Default option, allows sign ups
  • false - Disables all endpoints related to sign ups
  • api_only - Disables UI for signup, but allows sign ups via account APIs
Default: false
DEFAULT_LOCALE
string
Default locale for the application.If set, all non-authenticated pages will fallback to this locale. When a new account is created, this will be the default language.Default: en

Asset & CDN Configuration

ASSET_CDN_HOST
string
CDN host URL for serving static assets.Example: https://cdn.example.com
RAILS_SERVE_STATIC_FILES
boolean
Enable serving static files from the /public folder.Default: trueNote: In production, it’s recommended to use NGINX or Apache to serve static files.

Logging Configuration

RAILS_LOG_TO_STDOUT
boolean
Write logs to stdout instead of log files.Default: trueNote: Useful for containerized deployments and cloud platforms.
LOG_LEVEL
string
Application log level.Options: debug, info, warn, error, fatalDefault: info
LOG_SIZE
number
Maximum log file size in megabytes (when not logging to stdout).Default: 500
LOGRAGE_ENABLED
boolean
Use lograge for structured logging instead of default Rails logger.Default: false

Social Media Channels

Facebook

FB_VERIFY_TOKEN
string
Facebook webhook verification token.See Facebook Setup Documentation
FB_APP_SECRET
string
Facebook app secret key.
FB_APP_ID
string
Facebook app ID.

Instagram

IG_VERIFY_TOKEN
string
Instagram webhook verification token.See Instagram Setup Documentation

Twitter

TWITTER_APP_ID
string
Twitter app ID.See Twitter Setup Documentation
TWITTER_CONSUMER_KEY
string
Twitter consumer key.
TWITTER_CONSUMER_SECRET
string
Twitter consumer secret.
TWITTER_ENVIRONMENT
string
Twitter environment name for Account Activity API.

Slack

SLACK_CLIENT_ID
string
Slack OAuth client ID.
SLACK_CLIENT_SECRET
string
Slack OAuth client secret.

OAuth Integration

Google OAuth

GOOGLE_OAUTH_CLIENT_ID
string
Google OAuth client ID.
GOOGLE_OAUTH_CLIENT_SECRET
string
Google OAuth client secret.
GOOGLE_OAUTH_CALLBACK_URL
string
Google OAuth callback URL.

Microsoft Azure OAuth

AZURE_APP_ID
string
Microsoft Azure application ID.
AZURE_APP_SECRET
string
Microsoft Azure application secret.

Mobile App Configuration

IOS_APP_ID
string
iOS app bundle identifier.Default: L7YLMN4634.com.chatwoot.appNote: Only change if using a custom build mobile app.
ANDROID_BUNDLE_ID
string
Android app bundle identifier.Default: com.chatwoot.app
ANDROID_SHA256_CERT_FINGERPRINT
string
Android SHA256 certificate fingerprint for app verification.See Google Android Client Auth
IOS_APP_IDENTIFIER
string
iOS App Store identifier for Smart App Banner.Example: 1495796682See Safari Smart App Banners

Push Notifications

ENABLE_PUSH_RELAY_SERVER
boolean
Enable push notification relay via Chatwoot server for official mobile app.Default: true
VAPID_PUBLIC_KEY
string
VAPID public key for web push notifications.Generate at: VAPID Key Generator
VAPID_PRIVATE_KEY
string
VAPID private key for web push notifications.
FCM_SERVER_KEY
string
Firebase Cloud Messaging server key for mobile app push notifications.

APM & Monitoring

Elastic APM

ELASTIC_APM_SERVER_URL
string
Elastic APM server URL.See Elastic APM Ruby Agent
ELASTIC_APM_SECRET_TOKEN
string
Elastic APM secret token for authentication.

Sentry

SENTRY_DSN
string
Sentry DSN (Data Source Name) for error tracking.

Scout APM

SCOUT_KEY
string
Scout APM key.See Scout APM Configuration
SCOUT_NAME
string
Scout APM application name.Example: Chatwoot (Production)
SCOUT_MONITOR
boolean
Enable Scout APM monitoring.

New Relic

NEW_RELIC_LICENSE_KEY
string
New Relic license key.See New Relic Ruby Agent Configuration
NEW_RELIC_APPLICATION_LOGGING_ENABLED
boolean
Enable New Relic application logging.Default: false

Datadog

DD_TRACE_AGENT_URL
string
Datadog trace agent URL.See Datadog APM Ruby

Additional Services

IP Lookup

IP_LOOKUP_API_KEY
string
MaxMindDB API key to download GeoLite2 City database for IP geolocation.

Stripe

STRIPE_SECRET_KEY
string
Stripe API secret key for payment processing.
STRIPE_WEBHOOK_SECRET
string
Stripe webhook signing secret.

AI Features

OPENAI_API_KEY
string
OpenAI API key for AI-powered features.

Performance & Rate Limiting

Rack Attack

ENABLE_RACK_ATTACK
boolean
Enable Rack Attack for rate limiting and abuse prevention.Default: false
RACK_ATTACK_LIMIT
number
Maximum number of requests per period.Default: 300
ENABLE_RACK_ATTACK_WIDGET_API
boolean
Enable rate limiting for widget API endpoints.Default: false
RACK_ATTACK_ALLOWED_IPS
string
Comma-separated list of trusted IPs that bypass Rack Attack throttling rules.Example: 127.0.0.1,::1,192.168.0.10

Sidekiq

SIDEKIQ_CONCURRENCY
number
Number of concurrent Sidekiq worker threads.Default: 10
ENABLE_SIDEKIQ_DEQUEUE_LOGGER
boolean
Enable verbose logging each time a job is dequeued in Sidekiq.Default: false

Database Performance

DB_POOL_REAPING_FREQUENCY
number
Frequency in seconds to periodically run the connection pool reaper.Default: 30

Housekeeping

REMOVE_STALE_CONTACT_INBOX_JOB_STATUS
boolean
Remove stale contact inboxes with no conversation older than 90 days.Default: false

Advanced Configuration

CW_API_ONLY_SERVER
boolean
Run Chatwoot as an API-only server, disabling frontend dashboard endpoints.Default: false
DIRECT_UPLOADS_ENABLED
boolean
Enable direct uploads to cloud storage using signed URLs.Note: Requires proper CORS configuration on your cloud storage. See Active Storage CORSDefault: false

Development Only

LETTER_OPENER
boolean
Use letter_opener gem to preview emails in development.Default: false
WEBPACKER_DEV_SERVER_PUBLIC
string
Webpacker dev server public URL (for GitHub Codespaces).
For detailed configuration of specific services, see:

Build docs developers (and LLMs) love

Get started for freeTalk to us