Environment Variables
Complete reference for configuring Replane.
Required Variables
DATABASE_URL
PostgreSQL connection string.
DATABASE_URL=postgresql://user:password@host:5432/database
Example:
DATABASE_URL=postgresql://postgres:postgres@localhost:5432/replane
BASE_URL
The public URL where Replane is accessible.
BASE_URL=https://replane.yourdomain.com
Important: Must match the OAuth callback URL configuration.
SECRET_KEY_BASE
A long random string used to sign session cookies.
SECRET_KEY_BASE=your-very-long-random-string-here
Generate:
openssl rand -hex 64
Authentication (Choose One)
GitHub OAuth
GITHUB_CLIENT_ID=your-github-client-id
GITHUB_CLIENT_SECRET=your-github-client-secret
Setup: Create an OAuth app at GitHub Developer Settings
Callback URL: ${BASE_URL}/api/auth/callback/github
Okta OAuth
OKTA_CLIENT_ID=your-okta-client-id
OKTA_CLIENT_SECRET=your-okta-client-secret
OKTA_ISSUER=https://your-domain.okta.com
Setup: Create an app integration in your Okta admin console
Callback URL: ${BASE_URL}/api/auth/callback/okta
Optional Variables
ORGANIZATION_NAME
Display name shown in the UI (e.g., sidebar, project switcher).
ORGANIZATION_NAME=Acme Corp
If not set, no organization label is displayed.
ALLOW_SELF_APPROVALS
Whether users can approve their own config proposals.
ALLOW_SELF_APPROVALS=false
Default: false
Values:
true- Allow self-approvalsfalse- Require approval from another user
NODE_ENV
Node.js environment.
NODE_ENV=production
Values:
production(default in Docker)development
PORT
Port the app listens on (inside container).
PORT=3000
Default: 3000
Example Configurations
Local Development
DATABASE_URL=postgresql://postgres:postgres@localhost:5432/replane
BASE_URL=http://localhost:3000
SECRET_KEY_BASE=dev-secret-key-not-for-production
GITHUB_CLIENT_ID=your-dev-client-id
GITHUB_CLIENT_SECRET=your-dev-client-secret
NODE_ENV=development
Production (GitHub)
DATABASE_URL=postgresql://replane:secure-password@db.internal:5432/replane
BASE_URL=https://replane.company.com
SECRET_KEY_BASE=very-long-random-string-generated-with-openssl
GITHUB_CLIENT_ID=prod-github-client-id
GITHUB_CLIENT_SECRET=prod-github-client-secret
ORGANIZATION_NAME=Company Name
ALLOW_SELF_APPROVALS=false
NODE_ENV=production
Production (Okta)
DATABASE_URL=postgresql://replane:secure-password@db.internal:5432/replane
BASE_URL=https://config.company.com
SECRET_KEY_BASE=very-long-random-string-generated-with-openssl
OKTA_CLIENT_ID=okta-client-id
OKTA_CLIENT_SECRET=okta-client-secret
OKTA_ISSUER=https://company.okta.com
ORGANIZATION_NAME=Company Name
ALLOW_SELF_APPROVALS=false
NODE_ENV=production
Security Notes
Protecting Secrets
Never commit secrets to version control.
Use:
.envfiles (add to.gitignore)- Docker secrets
- Cloud provider secret managers (AWS Secrets Manager, Azure Key Vault, etc.)
Rotating Secrets
To rotate SECRET_KEY_BASE:
- Generate a new key
- Update environment variable
- Restart app
- All users will be signed out (they'll need to re-authenticate)
Database Credentials
Use strong passwords for production databases. Rotate regularly.
Validating Configuration
Start the app and check logs:
docker-compose logs app
Successful startup shows:
✓ Database connected
✓ Migrations applied
✓ Server listening on :3000
Test health endpoint:
curl http://localhost:3000/api/health
Expected:
{
"status": "ok"
}
Next Steps
- Docker Deployment - Deploy with Docker Compose