Metlo uses environment variables to configure services across the backend, ingestor, jobs, analyzer, and frontend containers.
Managing Environment Variables
Environment variables are typically stored in a .env file in your Metlo installation directory (default: /opt/metlo/.env).
The manage-deployment.py script automatically generates required secrets during initialization:
python3 manage-deployment.py init
Core Configuration
LICENSE_KEY
Your Metlo license key. Optional for community edition.
LICENSE_KEY="your-license-key-here"
ENCRYPTION_KEY
Base64-encoded 32-byte encryption key for securing sensitive data in the database.
This key is auto-generated during initialization. Never commit this to version control. Losing this key will make encrypted data unrecoverable.
ENCRYPTION_KEY="base64-encoded-key-here"
Database Configuration
DB_URL
PostgreSQL connection string.
postgres://postgres:postgres@db:5432/metlo_api_security
DB_URL="postgres://postgres:postgres@db:5432/metlo_api_security"
REDIS_URL
Redis connection string for caching and job queues.
redis://:eYVX7EwVmmxKPCDmwMtyKVge8oLd2t81@cache:6379
REDIS_URL="redis://:your-password@cache:6379"
Backend Configuration
BACKEND_URL
Public URL where the Metlo backend is accessible.
BACKEND_URL="http://your-server-ip:8080"
EXPRESS_SECRET
Secret key for Express.js session signing.
This secret is auto-generated during initialization. Keep it secure and consistent across deployments.
EXPRESS_SECRET="random-32-character-string"
SESSION_SECRET
Secret for session management. Typically set to the same value as EXPRESS_SECRET.
SESSION_SECRET="random-32-character-string"
Service Configuration
RUN_MIGRATION
Automatically run database migrations on startup.
NUM_WORKERS
Number of worker processes for the analyzer service.
Increase this value on multi-core systems to improve analysis throughput. Recommended: 1 worker per 2 CPU cores.
SANDBOX_MODE
Enable sandbox mode for testing without affecting production data.
DISABLE_LOGGING_STATS
Disable anonymous usage statistics logging.
DISABLE_LOGGING_STATS="false"
Docker Configuration
DOCKER_IMAGE_TAG
Docker image tag to use for Metlo services.
DOCKER_IMAGE_TAG="v0.20.0"
Complete Example
Here’s a complete .env file example:
# License
LICENSE_KEY=""
# Security
ENCRYPTION_KEY="c29tZS1yYW5kb20tYmFzZTY0LWVuY29kZWQta2V5"
EXPRESS_SECRET="a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"
SESSION_SECRET="a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6"
# Database
DB_URL="postgres://postgres:postgres@db:5432/metlo_api_security"
REDIS_URL="redis://:eYVX7EwVmmxKPCDmwMtyKVge8oLd2t81@cache:6379"
# Backend
BACKEND_URL="http://192.168.1.100:8080"
# Service Configuration
RUN_MIGRATION="true"
NUM_WORKERS="2"
SANDBOX_MODE="false"
DISABLE_LOGGING_STATS="false"
# Docker
DOCKER_IMAGE_TAG="latest"
Environment Variable Priority
Environment variables are loaded in the following order:
- System environment variables
.env file in the Metlo directory- Docker Compose environment section
- Default values
Security Best Practices
Never commit .env files to version control. Add .env to your .gitignore file.
- Use strong, randomly generated values for all secrets
- Rotate
ENCRYPTION_KEY and EXPRESS_SECRET periodically
- Restrict file permissions on
.env: chmod 600 .env
- Use different secrets for development and production environments
- Back up your
.env file securely
Viewing Current Configuration
To verify your environment configuration:
To check running container environment:
docker exec metlo-backend env | grep -E '(DB_URL|REDIS_URL|BACKEND_URL)'