Skip to main content
Condo is configured entirely through environment variables. In local development, these are managed in a .env file generated by bin/prepare.js. In production, set them directly in your environment, Docker Compose file, or Dokku config.
Use .env.example at the repo root as the canonical template. Never commit a .env file containing real secrets.

Database

DATABASE_URL
string
required
PostgreSQL connection string. Set automatically by Dokku’s postgres:link command, or configure manually.Example: postgresql://postgres:postgres@localhost/main
REDIS_URL
string
Redis connection URL used for sessions, async task queues (Bull), and caching.Example: redis://localhost:6379
KV_URL
string
Alternative to REDIS_URL for Valkey or Redis-compatible key-value stores.Example: redis://localhost:7001

Server

SERVER_URL
string
required
The public-facing URL of the application. Used by Next.js for API calls from the frontend to the backend.Example: https://condo.example.com
PORT
number
The port the application listens on. Assigned automatically by bin/prepare.js during local setup.Example: 4006
NODE_ENV
string
default:"development"
Application environment. Must be set to production in production deployments.Accepted values: development, production, test
DEFAULT_LOCALE
string
default:"en"
Default locale for the application UI.Example: en
DISABLE_LOGGING
boolean
default:"false"
Disables structured logging output when set to true. Not recommended in production.Example: false
DISABLE_RATE_LIMIT
boolean
default:"true"
Disables API rate limiting. Set to false in production to enable rate limiting.Example: true

Auth and security

COOKIE_SECRET
string
required
Secret key used by KeystoneJS to sign session cookies. Use a long, randomly generated string.Example: AWJfbsbaf! (use a securely generated 32+ character string in production)
DATA_ENCRYPTION_CONFIG
string
JSON configuration for data encryption used by the webhook system. The object key is the version identifier and must match DATA_ENCRYPTION_VERSION_ID. The secret must be exactly 32 characters.Example: {"myapp_1":{"algorithm":"aes-256-gcm","secret":"your-32-character-secret-string","compressor":"brotli","keyDeriver":"pbkdf2-sha512"}}
DATA_ENCRYPTION_VERSION_ID
string
Identifies which encryption key version from DATA_ENCRYPTION_CONFIG is currently active.Example: v1

Build variables

These variables are used during the Docker image build stage. Set them in your .env before running docker-compose build.
DOCKER_FILE_INSTALL_COMMAND
string
Shell command run inside the Dockerfile to install extra system packages or Python dependencies.Example: python3 -m pip install 'psycopg2-binary>=2.8.5' && python3 -m pip install 'Django>=3.0.6'
DOCKER_FILE_BUILD_COMMAND
string
Shell command run inside the Dockerfile to build static assets or prepare production files.Example: yarn workspace @app/condo build

Runtime (Docker Compose)

These variables are consumed by docker-compose.yml at container startup.
DOCKER_COMPOSE_START_APP_COMMAND
string
required
The command Docker uses to start the web application inside the container.Example: yarn workspace @app/condo start
DOCKER_COMPOSE_COOKIE_SECRET
string
required
Session cookie secret passed into the container. Equivalent to COOKIE_SECRET for Docker Compose deployments.Example: some-secret-random-string
DOCKER_COMPOSE_SERVER_URL
string
required
Public URL of the application passed into the container. Equivalent to SERVER_URL for Docker Compose deployments.Example: https://condo.example.com

File storage

FILE_FIELD_ADAPTER
string
default:"local"
Storage backend for uploaded files. Use local for development or s3 for production.Accepted values: local, s3
S3_ENDPOINT
string
S3-compatible endpoint URL. Required when FILE_FIELD_ADAPTER=s3.Example: https://s3.amazonaws.com
S3_ACCESS_KEY_ID
string
AWS or S3-compatible access key ID. Required when FILE_FIELD_ADAPTER=s3.
S3_SECRET_ACCESS_KEY
string
AWS or S3-compatible secret access key. Required when FILE_FIELD_ADAPTER=s3.
S3_BUCKET
string
Name of the S3 bucket for file storage. Required when FILE_FIELD_ADAPTER=s3.
S3_REGION
string
AWS region for the S3 bucket.Example: us-east-1

Worker

WORKER_CONCURRENCY
number
default:"50"
Number of concurrent jobs the worker process will handle.Example: 50

Cache

ADAPTER_CACHE_CONFIG
string
JSON configuration for the Keystone adapter-level cache.Example: {"enabled": true, "excludedLists":[], "logging":0, "maxCacheSize":1000, "logStatsEachSecs": 60}
REQUEST_CACHE_CONFIG
string
JSON configuration for per-request caching.Example: {"enabled": true, "logging":0, "logStatsEachSecs": 60}

Notifications

NOTIFICATION__SEND_ALL_MESSAGES_TO_CONSOLE
boolean
default:"true"
When true, all notification messages are printed to stdout instead of being dispatched. Useful for local development.Example: true
NOTIFICATION__DISABLE_LOGGING
boolean
default:"false"
Disables notification-specific log output.Example: false

Optional integrations

FIREBASE_CONFIG_JSON
string
Firebase Admin SDK service account JSON for push notifications. Retrieve from the Firebase console under Settings → Service accounts.Example: {"type": "service_account", "project_id": "<PROJECT_ID>", ...}
HMS_CONFIG_JSON
string
Huawei Messaging System (HMS) credentials for push notifications to Huawei devices.Example: {"resident": {"clientId": "<ID>", "secret": "<SECRET>"}, "master": {"clientId": "<ID>", "secret": "<SECRET>"}}
APPLE_CONFIG_JSON
string
Apple Push Notification service (APNs) credentials.Example: {"kid": "<KEY_ID>", "iss": "<ISSUER_ID>", "privateKey": "<PRIVATE_KEY>"}
HCAPTCHA_CONFIG
string
hCaptcha configuration for bot protection on forms.Example: {"API_KEY":"<API_KEY>", "SITE_KEY":"<SITE_KEY>", "ANDROID_KEY":"<KEY>", "IOS_KEY":"<KEY>"}
DISABLE_CAPTCHA
boolean
default:"true"
Disables captcha verification. Set to false in production when HCAPTCHA_CONFIG is configured.Example: true
OIDC_CONDO_CLIENT_CONFIG
string
OpenID Connect client configuration for SSO integration.Example: {"serverUrl":"http://localhost:3000", "clientId":"<client id>", "clientSecret":"<client secret>"}
FEATURE_TOGGLE_CONFIG
string
Feature flag service configuration. Supports remote API or static flags.Example: {"url": "http://localhost:3100/api/features", "apiKey": "key"}
MESSAGING_CONFIG
string
NATS-based messaging broker configuration for real-time subscriptions.Example: {"enabled":true,"brokerUrl":"nats://127.0.0.1:4222","wsUrl":"ws://localhost:8080","tokenSecret":"your-secret-key",...}
AI_ENABLED
boolean
default:"true"
Enables AI-powered features.Example: true
AI_FLOWS_CONFIG
string
JSON configuration mapping AI flow names to adapter endpoints (Flowise, n8n, etc.).
AI_ADAPTERS_CONFIG
string
JSON configuration for AI adapter credentials.
HELP_REQUISITES
string
Contact details shown in the UI for support requests.Example: {"support_email": "[email protected]", "support_phone": "+1 301 000-00-00"}
BANK_ACCOUNT_REQUEST_EMAIL_TARGET
string
Email address that receives bank account request notifications.Example: [email protected]
NEXT_TELEMETRY_DISABLED
number
default:"1"
Disables Next.js anonymous telemetry. Set to 1 to opt out.Example: 1
ENABLE_SUBSCRIPTIONS
boolean
default:"true"
Enables GraphQL subscription support via the messaging broker.Example: true
USE_LOCAL_FEATURE_FLAGS
boolean
default:"true"
Forces the app to use locally defined feature flags instead of a remote service.Example: true

Build docs developers (and LLMs) love

Get started for freeTalk to us