Skip to main content
GOV.UK Notify Admin uses environment variables to configure the application across different environments (development, test, production). This page documents all available environment variables and their purposes.

Core Application Settings

Required Variables

These variables must be set in production environments:
ADMIN_CLIENT_SECRET
string
required
Secret key for authenticating the admin client with the Notify API.Security: This value must be kept secure and should be unique per environment.
API_HOST_NAME
string
required
URL of the Notify API backend service.Default (development): http://localhost:6011Example: https://api.notifications.service.gov.uk
SECRET_KEY
string
required
Flask secret key used for securely signing session cookies and CSRF tokens.Security: Must be a cryptographically random string. Never commit this to version control.
DANGEROUS_SALT
string
required
Salt value used for additional cryptographic operations with itsdangerous library.Security: Should be a unique random string per environment.

Application URLs

ADMIN_BASE_URL
string
The base URL where the admin application is accessible.Default: http://localhost:6012Production example: https://www.notifications.service.gov.uk
HTTP_PROTOCOL
string
HTTP protocol to use for generated URLs.Default: httpOptions: http, https

Template Preview Service

TEMPLATE_PREVIEW_API_HOST
string
URL of the template preview service for rendering email and letter templates.Default: http://localhost:6013
TEMPLATE_PREVIEW_API_KEY
string
API key for authenticating with the template preview service.Default: my-secret-key

Logging and Monitoring

NOTIFY_ENVIRONMENT
string
The environment name for the application.Default: developmentOptions: development, test, sandbox, production
NOTIFY_REQUEST_LOG_LEVEL
string
Log level for HTTP request logging.Default: INFOOptions: DEBUG, INFO, WARNING, ERROR, CRITICAL
NOTIFY_EVENTLET_STATS
string
Enable eventlet statistics collection.Default: 0 (disabled)Options: 0 (disabled), 1 (enabled)

Antivirus Integration

ANTIVIRUS_API_HOST
string
URL of the antivirus scanning service for uploaded files.Default (development): http://localhost:6016
ANTIVIRUS_API_KEY
string
API key for authenticating with the antivirus service.Default (development): test-key

Redis Configuration

REDIS_URL
string
Connection URL for Redis, used for session storage and caching.Default (development): redis://localhost:6379/0Format: redis://host:port/database
REDIS_ENABLED
string
Enable or disable Redis usage.Default: 1 (enabled in production), 0 in development unless explicitly setOptions: 0 (disabled), 1 (enabled)
In production, Redis is enabled by default. In development, you must explicitly set REDIS_ENABLED=1 to use Redis.

AWS S3 Bucket Configuration

See AWS Setup for detailed information on configuring AWS credentials.
S3_BUCKET_CSV_UPLOAD
string
S3 bucket for storing uploaded CSV files for batch sending.Default: local-notifications-csv-uploadDevelopment: development-notifications-csv-upload
S3_BUCKET_CONTACT_LIST_UPLOAD
string
S3 bucket for storing contact list files.Default: local-contact-listDevelopment: development-contact-list
S3_BUCKET_LOGO_UPLOAD
string
S3 bucket for storing email and letter branding logos.Default: public-logos-localDevelopment: public-logos-tools
S3_BUCKET_MOU
string
S3 bucket for storing Memorandum of Understanding documents.Default: local-mouDevelopment: notify.tools-mou
S3_BUCKET_TRANSIENT_UPLOADED_LETTERS
string
S3 bucket for temporarily storing uploaded letter PDFs.Default: local-transient-uploaded-lettersDevelopment: development-transient-uploaded-letters
S3_BUCKET_PRECOMPILED_ORIGINALS_BACKUP_LETTERS
string
S3 bucket for backing up original precompiled letter files.Default: local-precompiled-originals-backup-lettersDevelopment: development-letters-precompiled-originals-backup
S3_BUCKET_LETTER_ATTACHMENTS
string
S3 bucket for storing letter attachments.Default: local-letter-attachmentsDevelopment: development-letter-attachments
S3_BUCKET_REPORT_REQUESTS_DOWNLOAD
string
S3 bucket for storing generated report files for download.Default: local-report-requests-downloadDevelopment: development-report-requests-download
S3_BUCKET_TEMPLATE_EMAIL_FILES
string
S3 bucket for storing email template attachment files.Default: local-template-email-filesDevelopment: development-template-email-files

CDN and Assets

ASSET_DOMAIN
string
Domain for serving static assets (CSS, JavaScript, images).Default: "" (empty string, assets served from same domain)Example: static.notifications.service.gov.uk
ASSET_PATH
string
Path or URL for static assets.Default: /static/Production example: https://static.notifications.service.gov.uk/
LOGO_CDN_DOMAIN
string
CDN domain for serving logo images.Default: static-logos.notify.tools

UI Customization

HEADER_COLOUR
string
Background color for the application header.Default: #81878b (grey)Sandbox: #F499BE (pink)Format: Hex color code

Support and Ticketing

ZENDESK_API_KEY
string
API key for integrating with Zendesk support ticketing system.Required for: Submitting support tickets and feedback from the admin interface.
FEEDBACK_ZENDESK_SUBJECT_PREFIX_ENABLED
string
Add environment prefix to Zendesk ticket subjects.Default: 1 (enabled)Options: 0 (disabled), 1 (enabled)

Email Validation

REPLY_TO_EMAIL_ADDRESS_VALIDATION_TIMEOUT
number
Timeout in seconds for reply-to email address validation.Default: 45

Billing Configuration

BILLING_DETAILS
string
JSON string containing billing account details displayed to services.Format: JSON object with fields: account_number, sort_code, IBAN, swift, notify_billing_email_addressDefault:
{
  "account_number": "98765432",
  "sort_code": "01-23-45",
  "IBAN": "GB33BUKB20201555555555",
  "swift": "ABCDEF12",
  "notify_billing_email_address": "[email protected]"
}

Development-Only Variables

These variables are only used in development/test environments:
SERVER_NAME
string
The server name/domain for the application in development.Environment: Development only
FLASK_APP
string
Path to the Flask application entry point.Default: application.pyEnvironment: Development only
FLASK_DEBUG
string
Enable Flask debug mode with enhanced error pages.Options: 0 (disabled), 1 (enabled)Environment: Development only
Never enable debug mode in production as it can expose sensitive information.
WERKZEUG_DEBUG_PIN
string
Control the Werkzeug debugger PIN requirement.Options: off (disable PIN), or leave unset for default behaviorEnvironment: Development only

Configuration Classes

The application uses different configuration classes based on the NOTIFY_ENVIRONMENT variable:

Base Config

Used in production. Requires all security-critical variables to be set explicitly.

Development

Extends Base Config with development-friendly defaults:
  • DEBUG = True
  • SESSION_COOKIE_SECURE = False (allows HTTP)
  • Development S3 bucket names
  • Default API endpoints pointing to localhost

Test

Extends Development with test-specific settings:
  • TESTING = True
  • WTF_CSRF_ENABLED = False (for easier testing)
  • Test-specific S3 bucket names
  • Mock API endpoints

Sandbox

Extends Base Config for the sandbox environment:
  • Pink header color for visual distinction
  • HTTPS enforcement
  • Sandbox-specific S3 buckets

Environment File Example

For local development, create an environment.sh file: 
export NOTIFY_ENVIRONMENT='development'
export FLASK_APP=application.py
export FLASK_DEBUG=1
export WERKZEUG_DEBUG_PIN=off
Source this file before running the application: 
source environment.sh
make run-flask

Security Considerations

Never commit sensitive environment variables to version control. Use environment-specific configuration management:
  • Local development: environment.sh (add to .gitignore)
  • Production: Cloud provider secrets management (AWS Secrets Manager, etc.)
  • CI/CD: Encrypted secrets in your CI/CD platform
Rotate SECRET_KEY, DANGEROUS_SALT, and all API keys regularly, especially after team member departures or suspected compromise.

Build docs developers (and LLMs) love

Get started for freeTalk to us