Skip to main content
Flowise provides extensive configuration through environment variables. This guide covers all available options organized by category.

Server Configuration

PORT
number
default:"3000"
Port number for the Flowise server to listen on
APP_URL
string
default:"http://localhost:3000"
Base URL of your Flowise application, used for generating links in emails and SSO callbacks
NUMBER_OF_PROXIES
number
default:"1"
Number of proxies between client and server. Used for proper IP address resolution
TRUST_PROXY
string
default:"false"
Trust proxy configuration for Express. Can be true, false, 1, loopback, linklocal, uniquelocal, IP addresses, or comma-separated combinations
CORS_ORIGINS
string
default:"*"
Comma-separated list of allowed CORS origins. Use * to allow all origins
IFRAME_ORIGINS
string
default:"*"
Comma-separated list of allowed iframe origins. Use * to allow all origins
FLOWISE_FILE_SIZE_LIMIT
string
default:"50mb"
Maximum file upload size (e.g., 50mb, 100mb)

Database Configuration

Flowise supports SQLite (default), PostgreSQL, MySQL, and MariaDB.
DATABASE_TYPE
string
default:"sqlite"
Database type. Options: sqlite, postgres, mysql, mariadb
DATABASE_PATH
string
default:"~/.flowise"
Path where the SQLite database file will be stored. Only used when DATABASE_TYPE=sqlite

PostgreSQL / MySQL / MariaDB Configuration

DATABASE_HOST
string
Database server hostname or IP address
DATABASE_PORT
number
default:"5432 (postgres) | 3306 (mysql/mariadb)"
Database server port
DATABASE_NAME
string
default:"flowise"
Name of the database to use
DATABASE_USER
string
default:"root"
Database username
DATABASE_PASSWORD
string
Database password

Database SSL Configuration

DATABASE_SSL
boolean
default:"false"
Enable SSL connection to database
DATABASE_REJECT_UNAUTHORIZED
boolean
default:"true"
Whether to reject unauthorized SSL certificates
DATABASE_SSL_KEY_BASE64
string
Self-signed SSL certificate in BASE64 format for database connection

Authentication & Security

Basic Authentication

FLOWISE_USERNAME
string
Username for basic HTTP authentication (legacy)
FLOWISE_PASSWORD
string
Password for basic HTTP authentication (legacy)

JWT Configuration

JWT_AUTH_TOKEN_SECRET
string
Secret key for signing JWT access tokens. Generate with: openssl rand -hex 32If not set, uses file-based or AWS Secrets Manager storage
JWT_REFRESH_TOKEN_SECRET
string
Secret key for signing JWT refresh tokens. Generate with: openssl rand -hex 32If not set, uses file-based or AWS Secrets Manager storage
JWT_ISSUER
string
default:"Flowise"
JWT issuer claim value
JWT_AUDIENCE
string
default:"Flowise"
JWT audience claim value
JWT_TOKEN_EXPIRY_IN_MINUTES
number
default:"360"
Access token expiration time in minutes (default: 6 hours)
JWT_REFRESH_TOKEN_EXPIRY_IN_MINUTES
number
default:"43200"
Refresh token expiration time in minutes (default: 30 days)
EXPIRE_AUTH_TOKENS_ON_RESTART
boolean
default:"false"
Expire all authentication tokens when the application restarts

Session & Token Security

EXPRESS_SESSION_SECRET
string
Secret for Express session signing. Generate with: openssl rand -hex 32If not set, uses file-based or AWS Secrets Manager storage
TOKEN_HASH_SECRET
string
Secret for hashing tokens. Generate with: openssl rand -hex 32If not set, uses file-based or AWS Secrets Manager storage
SECURE_COOKIES
boolean
Enable secure flag on cookies (recommended for HTTPS deployments)
INVITE_TOKEN_EXPIRY_IN_HOURS
number
default:"24"
Workspace invitation token expiration time in hours
PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS
number
default:"15"
Password reset token expiration time in minutes
PASSWORD_SALT_HASH_ROUNDS
number
default:"10"
Number of bcrypt salt rounds for password hashing

Secret Key Storage

SECRETKEY_STORAGE_TYPE
string
default:"local"
Storage type for encryption keys and auth secrets. Options: local, aws
SECRETKEY_PATH
string
default:"~/.flowise"
Local filesystem path for storing encryption keys and auth secrets when using local storage
FLOWISE_SECRETKEY_OVERWRITE
string
Override the encryption key with a specific value (not recommended for production)

AWS Secrets Manager Configuration

Required when SECRETKEY_STORAGE_TYPE=aws:
SECRETKEY_AWS_ACCESS_KEY
string
AWS access key ID for Secrets Manager
SECRETKEY_AWS_SECRET_KEY
string
AWS secret access key for Secrets Manager
SECRETKEY_AWS_REGION
string
default:"us-west-2"
AWS region for Secrets Manager
SECRETKEY_AWS_NAME
string
default:"FlowiseEncryptionKey"
Name of the secret in AWS Secrets Manager for the main encryption key
SECRETKEY_AWS_AUTH_PREFIX
string
default:"Flowise"
Prefix for auth secret names in AWS Secrets Manager (e.g., FlowiseTokenHashSecret)

Email Configuration (SMTP)

SMTP_HOST
string
SMTP server hostname (e.g., smtp.gmail.com)
SMTP_PORT
number
default:"465"
SMTP server port
SMTP_USER
string
SMTP authentication username
SMTP_PASSWORD
string
SMTP authentication password
SMTP_SECURE
boolean
default:"true"
Use TLS for SMTP connection
ALLOW_UNAUTHORIZED_CERTS
boolean
default:"false"
Allow self-signed certificates for SMTP
SENDER_EMAIL
string
From email address for sent emails (e.g., [email protected])
WORKSPACE_INVITE_TEMPLATE_PATH
string
Path to custom workspace invitation email template (Handlebars format)

Logging Configuration

DEBUG
boolean
default:"false"
Enable debug mode with verbose logging
LOG_PATH
string
default:"~/.flowise/logs"
Directory path for storing log files
LOG_LEVEL
string
default:"info"
Logging level. Options: error, warn, info, verbose, debug
LOG_SANITIZE_BODY_FIELDS
string
Comma-separated list of request body field names to sanitize in logsDefault: password,pwd,pass,secret,token,apikey,api_key,accesstoken,access_token,refreshtoken,refresh_token,clientsecret,client_secret,privatekey,private_key,secretkey,secret_key,auth,authorization,credential,credentials
LOG_SANITIZE_HEADER_FIELDS
string
default:"authorization,x-api-key,x-auth-token,cookie"
Comma-separated list of HTTP header names to sanitize in logs

Storage Configuration

See Storage Configuration for detailed storage setup.
STORAGE_TYPE
string
default:"local"
File storage type. Options: local, s3, gcs
BLOB_STORAGE_PATH
string
default:"~/.flowise/storage"
Local filesystem path for file storage when using local storage type

Application Features

SHOW_COMMUNITY_NODES
boolean
default:"true"
Show community-contributed nodes in the UI
DISABLE_FLOWISE_TELEMETRY
boolean
default:"false"
Disable anonymous usage telemetry
DISABLED_NODES
string
Comma-separated list of node names to disable (e.g., bufferMemory,chatOpenAI)
MODEL_LIST_CONFIG_JSON
string
Path to custom model list configuration JSON fileSee models.json format
TOOL_FUNCTION_BUILTIN_DEP
string
default:"crypto,fs"
Comma-separated list of built-in Node.js modules allowed in tool functions
TOOL_FUNCTION_EXTERNAL_DEP
string
Comma-separated list of external npm packages allowed in tool functions (e.g., moment,lodash)
ALLOW_BUILTIN_DEP
boolean
default:"false"
Allow all built-in Node.js modules in tool functions

Enterprise Features

LICENSE_URL
string
URL for enterprise license server
FLOWISE_EE_LICENSE_KEY
string
Enterprise edition license key
OFFLINE
boolean
Run in offline mode (no external license validation)

Metrics & Monitoring

POSTHOG_PUBLIC_API_KEY
string
PostHog API key for product analytics
ENABLE_METRICS
boolean
default:"false"
Enable metrics collection
METRICS_PROVIDER
string
default:"prometheus"
Metrics provider. Options: prometheus, open_telemetry
METRICS_INCLUDE_NODE_METRICS
boolean
default:"true"
Include Node.js runtime metrics
METRICS_SERVICE_NAME
string
default:"FlowiseAI"
Service name for metrics reporting

OpenTelemetry Configuration

Required when METRICS_PROVIDER=open_telemetry:
METRICS_OPEN_TELEMETRY_METRIC_ENDPOINT
string
default:"http://localhost:4318/v1/metrics"
OpenTelemetry metrics endpoint URL
METRICS_OPEN_TELEMETRY_PROTOCOL
string
default:"http"
OpenTelemetry protocol. Options: http, grpc, proto
METRICS_OPEN_TELEMETRY_DEBUG
boolean
default:"false"
Enable debug logging for OpenTelemetry

Proxy Configuration

GLOBAL_AGENT_HTTP_PROXY
string
HTTP proxy URL for outbound requests (e.g., http://proxy.company.com:8080)
GLOBAL_AGENT_HTTPS_PROXY
string
HTTPS proxy URL for outbound requests
GLOBAL_AGENT_NO_PROXY
string
Comma-separated list of hosts to bypass proxy

Queue Configuration

For distributed deployments with Redis-backed job queues:
MODE
string
default:"main"
Application mode. Options: queue, main
  • main: Standard server mode
  • queue: Worker mode for processing jobs from Redis queue
QUEUE_NAME
string
default:"flowise-queue"
Redis queue name
QUEUE_REDIS_EVENT_STREAM_MAX_LEN
number
default:"100000"
Maximum length of Redis event stream
WORKER_CONCURRENCY
number
default:"100000"
Maximum concurrent jobs per worker
REMOVE_ON_AGE
number
default:"86400"
Remove completed jobs after this many seconds (default: 24 hours)
REMOVE_ON_COUNT
number
default:"10000"
Remove jobs after this count is reached

Redis Configuration

REDIS_URL
string
Complete Redis connection URL (e.g., redis://localhost:6379)If set, takes precedence over individual REDIS_* settings
REDIS_HOST
string
default:"localhost"
Redis server hostname
REDIS_PORT
number
default:"6379"
Redis server port
REDIS_USERNAME
string
Redis username (Redis 6+)
REDIS_PASSWORD
string
Redis password
REDIS_TLS
boolean
Enable TLS for Redis connection
REDIS_CERT
string
Path to TLS certificate file
REDIS_KEY
string
Path to TLS private key file
REDIS_CA
string
Path to TLS CA certificate file
REDIS_KEEP_ALIVE
number
TCP keep-alive interval in milliseconds
ENABLE_BULLMQ_DASHBOARD
boolean
Enable BullMQ dashboard UI for queue monitoring

Security

HTTP_DENY_LIST
string
Comma-separated list of URLs or patterns to block in HTTP requests
HTTP_SECURITY_CHECK
boolean
default:"true"
Enable HTTP security checks for outbound requests
CUSTOM_MCP_SECURITY_CHECK
boolean
default:"true"
Enable security checks for MCP (Model Context Protocol) servers
CUSTOM_MCP_PROTOCOL
string
default:"sse"
MCP protocol type. Options: stdio, sse

Document Loaders

PUPPETEER_EXECUTABLE_FILE_PATH
string
Path to Chrome/Chromium executable for Puppeteer document loaderExample (Windows): C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe
PLAYWRIGHT_EXECUTABLE_FILE_PATH
string
Path to Chrome/Chromium executable for Playwright document loaderExample (Windows): C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe

Example Configuration

# Server
PORT=3000
APP_URL=https://flowise.yourdomain.com

# Database (PostgreSQL)
DATABASE_TYPE=postgres
DATABASE_HOST=localhost
DATABASE_PORT=5432
DATABASE_NAME=flowise
DATABASE_USER=flowise_user
DATABASE_PASSWORD=secure_password
DATABASE_SSL=true

# JWT Authentication
JWT_AUTH_TOKEN_SECRET=$(openssl rand -hex 32)
JWT_REFRESH_TOKEN_SECRET=$(openssl rand -hex 32)
JWT_TOKEN_EXPIRY_IN_MINUTES=360

# Storage (S3)
STORAGE_TYPE=s3
S3_STORAGE_BUCKET_NAME=my-flowise-bucket
S3_STORAGE_REGION=us-east-1

# Email
SMTP_HOST=smtp.gmail.com
SMTP_PORT=465
SMTP_USER=[email protected]
SMTP_PASSWORD=app_specific_password
SENDER_EMAIL=[email protected]

# Logging
LOG_LEVEL=info
DEBUG=false
For production deployments, always generate secure random values for secret keys using openssl rand -hex 32
Never commit .env files containing secrets to version control. Use environment-specific configuration and secret management tools.

Build docs developers (and LLMs) love

Get started for freeTalk to us