Environment Variables
Complete reference for all PageSpace configuration variables.
Database
| Variable | Required | Description |
|---|---|---|
DATABASE_URL | Yes | PostgreSQL connection string |
REDIS_URL | No | Redis connection string (for permission caching) |
DATABASE_URL=postgresql://user:password@localhost:5432/pagespace
REDIS_URL=redis://localhost:6379
If REDIS_URL is not set, the permission cache falls back to in-memory only. This works for single-instance deployments but won't share cache across multiple web instances.
Authentication
| Variable | Required | Description |
|---|---|---|
SESSION_SECRET | Yes | Secret for session token signing (min 32 chars) |
COOKIE_DOMAIN | No | Domain for server-side authentication cookies |
NEXT_PUBLIC_COOKIE_DOMAIN | No | Domain for client-side cookies (theme sync) |
GOOGLE_CLIENT_ID | No | Google OAuth client ID |
GOOGLE_CLIENT_SECRET | No | Google OAuth client secret |
SESSION_SECRET=your-random-secret-at-least-32-characters-long
COOKIE_DOMAIN=.example.com
NEXT_PUBLIC_COOKIE_DOMAIN=.example.com
GOOGLE_CLIENT_ID=your-google-client-id
GOOGLE_CLIENT_SECRET=your-google-client-secret
Service URLs
| Variable | Required | Description |
|---|---|---|
NEXT_PUBLIC_APP_URL | Yes | Public URL of the web app |
REALTIME_URL | Yes | Internal URL of the realtime service |
PROCESSOR_URL | Yes | Internal URL of the processor service |
SERVICE_SECRET | Yes | Shared secret for service-to-service auth |
NEXT_PUBLIC_APP_URL=https://pagespace.example.com
REALTIME_URL=http://realtime:3001
PROCESSOR_URL=http://processor:3003
SERVICE_SECRET=your-service-to-service-secret
AI Providers
AI provider keys are configured per-user in the web UI, not via environment variables. However, the default PageSpace provider uses:
| Variable | Required | Description |
|---|---|---|
OPENROUTER_API_KEY | No | OpenRouter API key for the built-in PageSpace provider |
ENCRYPTION_KEY | Yes | Key for encrypting user AI API keys at rest |
OPENROUTER_API_KEY=sk-or-v1-your-openrouter-key
ENCRYPTION_KEY=your-32-byte-encryption-key
Users configure their own API keys via Settings > AI. These are encrypted with ENCRYPTION_KEY before storage.
File Storage
| Variable | Required | Description |
|---|---|---|
UPLOAD_DIR | Yes | Directory for uploaded files (processor service) |
MAX_FILE_SIZE | No | Maximum upload size in bytes (default: 104857600 / 100 MB) |
UPLOAD_DIR=/data/uploads
MAX_FILE_SIZE=104857600
| Variable | Required | Description |
|---|---|---|
SMTP_HOST | No | SMTP server hostname |
SMTP_PORT | No | SMTP server port |
SMTP_USER | No | SMTP authentication user |
SMTP_PASSWORD | No | SMTP authentication password |
EMAIL_FROM | No | Sender email address |
Email is used for invitations and notifications. If not configured, email features are disabled.
Monitoring
| Variable | Required | Description |
|---|---|---|
LOG_LEVEL | No | Logging level: debug, info, warn, error (default: info) |
Example .env
# Database
DATABASE_URL=postgresql://pagespace:secret@localhost:5432/pagespace
REDIS_URL=redis://localhost:6379
# Auth
SESSION_SECRET=generate-a-random-string-at-least-32-characters
ENCRYPTION_KEY=generate-another-random-32-byte-key
# Service URLs
NEXT_PUBLIC_APP_URL=https://pagespace.example.com
REALTIME_URL=http://localhost:3001
PROCESSOR_URL=http://localhost:3003
SERVICE_SECRET=generate-a-service-secret
# File storage
UPLOAD_DIR=./uploads
# Optional: Google OAuth
GOOGLE_CLIENT_ID=your-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-secret
# Optional: Default AI provider
OPENROUTER_API_KEY=sk-or-v1-your-key
Generating Secrets
Use a cryptographically secure random generator:
# Generate a 32-byte random secret
openssl rand -base64 32
# Or using Node.js
node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
Never reuse secrets across environments. Each deployment should have unique values for SESSION_SECRET, ENCRYPTION_KEY, and SERVICE_SECRET.