Environment variables
Both the ToolJet server and client requires some environment variables to start running.
ToolJet server
ToolJet host ( required )
variable | description |
---|---|
TOOLJET_HOST | the public URL of ToolJet client ( eg: https://app.tooljet.com ) |
Lockbox configuration ( required )
ToolJet server uses lockbox to encrypt datasource credentials. You should set the environment variable LOCKBOX_MASTER_KEY
with a 32 byte hexadecimal string.
Application Secret ( required )
ToolJet server uses a secure 64 byte hexadecimal string to encrypt session cookies. You should set the environment variable SECRET_KEY_BASE
.
If you have openssl
installed, you can run the following commands to generate the value for LOCKBOX_MASTER_KEY
and SECRET_KEY_BASE
.
For LOCKBOX_MASTER_KEY
use openssl rand -hex 32
For SECRET_KEY_BASE
use openssl rand -hex 64
Database configuration ( required )
ToolJet server uses PostgreSQL as the database.
variable | description |
---|---|
PG_HOST | postgres database host |
PG_DB | name of the database |
PG_USER | username |
PG_PASS | password |
PG_PORT | port |
If you are using docker-compose setup, you can set PG_HOST as postgres
which will be DNS resolved by docker
Disable database and extension creation (optional)
ToolJet by default tries to create database based on PG_DB
variable set and additionally my try to create postgres extensions. This requires the postgres user to have CREATEDB permission. If this cannot be granted you can disable this behaviour by setting PG_DB_OWNER
as false
and will have to manually run them.
Check for updates ( optional )
Self-hosted version of ToolJet pings our server to fetch the latest product updates every 24 hours. You can disable this by setting the value of CHECK_FOR_UPDATES
environment variable to 0
. This feature is enabled by default.
Comment feature enable ( optional )
Use this environment variable to enable/disable the feature that allows you to add comments on the canvas.
variable | value |
---|---|
COMMENT_FEATURE_ENABLE | true or false |
Multiplayer feature enable ( optional )
Use this environment variable to enable/disable the feature that allows users to collaboratively work on the canvas.
variable | value |
---|---|
ENABLE_MULTIPLAYER_EDITING | true or false |
Marketplace feature enable ( optional )
Use this environment variable to enable/disable the feature that allows users to use the marketplace.
variable | value |
---|---|
ENABLE_MARKETPLACE_FEATURE | true or false |
Enable ToolJet Database ( optional )
variable | description |
---|---|
ENABLE_TOOLJET_DB | true or false |
TOOLJET_DB | Default value is tooljet_db |
TOOLJET_DB_HOST | database host |
TOOLJET_DB_USER | database username |
TOOLJET_DB_PASS | database password |
TOOLJET_DB_PORT | database port |
PGRST_JWT_SECRET | JWT token client provided for authentication |
PGRST_HOST | postgrest database host |
Use ENABLE_TOOLJET_DB
to enable/disable the feature that allows users to work with inbuilt data store to build apps with. Inorder to set it up, follow the instructions here.
When this feature is enabled, the database name provided for TOOLJET_DB
will be utilized to create a new database during server boot process in all of our production deploy setups.
Incase you want to trigger it manually, use the command npm run db:create
on ToolJet server.
Server Host ( optional )
You can specify a different server for backend if it is hosted on another server.
variable | value |
---|---|
SERVER_HOST | Configure a hostname for the server as a proxy pass. If no value is set, it defaults to server . |
Disable Multi-Workspace ( optional )
If you want to disable Multi-Workspace feature, set the environment variable DISABLE_MULTI_WORKSPACE
to true
.
Hide account setup link
If you want to hide account setup link from admin in manage user page, set the environment variable HIDE_ACCOUNT_SETUP_LINK
to true
, please make sure you have configured SMTP to receive welcome mail for users. Valid only if DISABLE_MULTI_WORKSPACE
is not true
.
Disabling signups ( optional )
Sign up is enabled only if Multi-Workspace is enabled. If you want to restrict the signups and allow new users only by invitations, set the environment variable DISABLE_SIGNUPS
to true
.
You will still be able to see the signup page but won't be able to successfully submit the form.
Serve client as a server end-point ( optional )
By default, the SERVE_CLIENT
variable will be unset and the server will serve the client at its /
end-point.
You can set SERVE_CLIENT
to false
to disable this behaviour.
Serve client at subpath
If ToolJet is hosted on a domain subpath, you can set the environment variable SUB_PATH
to support it.
Please note the subpath is to be set with trailing /
and is applicable only when the server is serving the frontend client.
SMTP configuration ( optional )
ToolJet uses SMTP services to send emails ( Eg: invitation email when you add new users to your workspace ).
variable | description |
---|---|
DEFAULT_FROM_EMAIL | from email for the email fired by ToolJet |
SMTP_USERNAME | username |
SMTP_PASSWORD | password |
SMTP_DOMAIN | domain or host |
SMTP_PORT | port |
Slack configuration ( optional )
If your ToolJet installation requires Slack as a data source, you need to create a Slack app and set the following environment variables:
variable | description |
---|---|
SLACK_CLIENT_ID | client id of the slack app |
SLACK_CLIENT_SECRET | client secret of the slack app |
Google OAuth ( optional )
If your ToolJet installation needs access to data sources such as Google sheets, you need to create OAuth credentials from Google Cloud Console.
variable | description |
---|---|
GOOGLE_CLIENT_ID | client id |
GOOGLE_CLIENT_SECRET | client secret |
Google maps configuration ( optional )
If your ToolJet installation requires Maps
widget, you need to create an API key for Google Maps API.
variable | description |
---|---|
GOOGLE_MAPS_API_KEY | Google maps API key |
APM VENDOR ( optional )
Specify application monitoring vendor. Currently supported values - sentry
.
variable | description |
---|---|
APM_VENDOR | Application performance monitoring vendor |
SENTRY DNS ( optional )
variable | description |
---|---|
SENTRY_DNS | DSN tells a Sentry SDK where to send events so the events are associated with the correct project |
SENTRY DEBUG ( optional )
Prints logs for sentry.
variable | description |
---|---|
SENTRY_DEBUG | true or false . Default value is false |
Server URL ( optional)
This is used to set up for CSP headers and put trace info to be used with APM vendors.
variable | description |
---|---|
TOOLJET_SERVER_URL | the URL of ToolJet server ( eg: https://server.tooljet.com ) |
RELEASE VERSION ( optional)
Once set any APM provider that supports segregation with releases will track it.
NODE_EXTRA_CA_CERTS (optional)
Tooljet needs to be configured for custom CA certificate to be able to trust and establish connection over https. This requires you to configure an additional env var NODE_EXTRA_CA_CERTS
to have absolute path to your CA certificates. This file named cert.pem
needs to be in PEM format and can have more than one certificates.
variable | description |
---|---|
NODE_EXTRA_CA_CERTS | absolute path to certificate PEM file ( eg: /ToolJet/ca/cert.pem ) |
Disable telemetry ( optional )
Pings our server to update the total user count every 24 hours. You can disable this by setting the value of DISABLE_TOOLJET_TELEMETRY
environment variable to true
. This feature is enabled by default.
Password Retry Limit (Optional)
The maximum retry limit of login password for a user is by default set to 5, account will be locked after 5 unsuccessful login attempts. Use the variables mentioned below to control this behavior:
variable | description |
---|---|
DISABLE_PASSWORD_RETRY_LIMIT | (true/false) To disable the password retry check, if value is true then no limits for password retry |
PASSWORD_RETRY_LIMIT | To change the default password retry limit (5) |
SSO Configurations (Optional)
Configurations for instance level SSO. Valid only if DISABLE_MULTI_WORKSPACE
is not true
.
variable | description |
---|---|
SSO_GOOGLE_OAUTH2_CLIENT_ID | Google OAuth client id |
SSO_GIT_OAUTH2_CLIENT_ID | GitHub OAuth client id |
SSO_GIT_OAUTH2_CLIENT_SECRET | GitHub OAuth client secret |
SSO_GIT_OAUTH2_HOST | GitHub OAuth host name if GitHub is self hosted |
SSO_ACCEPTED_DOMAINS | comma separated email domains that supports SSO authentication |
SSO_DISABLE_SIGNUPS | Disable user sign up if authenticated user does not exist |
ToolJet client
Server URL ( optionally required )
This is required when client is built separately.
variable | description |
---|---|
TOOLJET_SERVER_URL | the URL of ToolJet server ( eg: https://server.tooljet.com ) |
Server Port ( optional)
This could be used to for local development, it will set the server url like so: http://localhost:<TOOLJET_SERVER_PORT>
variable | description |
---|---|
TOOLJET_SERVER_PORT | the port of ToolJet server ( eg: 3000 ) |
Asset path ( optionally required )
This is required when the assets for the client are to be loaded from elsewhere (eg: CDN). This can be an absolute path, or relative to main HTML file.
variable | description |
---|---|
ASSET_PATH | the asset path for the website ( eg: https://app.tooljet.com/) |
Serve client as a server end-point ( optional )
By default the client build will be done to be served with ToolJet server.
If you intend to use client separately then can set SERVE_CLIENT
to false
.
PostgREST server (Optional)
variable | description |
---|---|
PGRST_JWT_SECRET | JWT token client provided for authentication |
PGRST_DB_URI | database connection string for tooljet database |
PGRST_LOG_LEVEL | info |
If you intent to make changes in the above configuration. Please refer PostgREST configuration docs.
If you have openssl installed, you can run the following command openssl rand -hex 32
to generate the value for PGRST_JWT_SECRET
.
If this parameter is not specified then PostgREST refuses authentication requests.
Please make sure that DB_URI is given in the format postgrest://[USERNAME]:[PASSWORD]@[HOST]:[PORT]/[DATABASE]