Environment Variables
A complete reference of all environment variables used in GoLiveKit.
AI Skill for environment-variables
/environment-variables in your Copilot / Cursor or other chat to use skill with the provided context./environment-variables Add the [VARIABLE_NAME] environment variable.
Security Notice
For security reasons, the AI agent does not have access to read or write your .env files. The agent will update the type-safe configuration in src/config/env.ts and .env.example, but you must manually add the actual secrets to your local .env and .env.local files.
Copy .env.example to .env and fill in the values before starting the app:
cp .env.example .envApplication
| Variable | Description |
|---|---|
NODE_ENV | Runtime environment. Use development locally and production for deployments. |
NEXT_PUBLIC_BASE_HOST | The public base URL of the app, e.g. http://localhost:3000. Used to build absolute URLs. |
Database
The database connection is built from the individual DB_* variables. No separate DATABASE_URL is required.
Docker Compose DB Host
If your app and Postgres run in Docker Compose, set DB_HOST to the Postgres service name (usually postgres), not localhost.
Inside containers, localhost points to the same container and causes Prisma P1001 errors.
For internal Docker network connections without Postgres TLS enabled, use DB_SSLMODE=disable.
| Variable | Description |
|---|---|
DB_USER | PostgreSQL username. |
DB_PASS | PostgreSQL password. |
DB_HOST | Database host. Use localhost for a host-local database, or the Postgres service name (e.g. postgres) when both app and DB run in Docker Compose. |
DB_PORT | Database port. Defaults to 5432. |
DB_NAME | Name of the PostgreSQL database. |
DB_SSLMODE | SSL mode for the connection. Use disable for internal Docker network DB connections without TLS, and require only when your Postgres endpoint is configured for TLS. Accepted values: disable, require, prefer, allow, verify-full, verify-ca. |
Authentication
GoLiveKit uses Better Auth for authentication.
| Variable | Description |
|---|---|
BETTER_AUTH_URL | The full URL of your app, used by Better Auth for callbacks. Should match NEXT_PUBLIC_BASE_HOST. |
BETTER_AUTH_SECRET | A random secret used to sign auth tokens. Generate one with openssl rand -hex 32. |
GOOGLE_CLIENT_ID | OAuth client ID from Google Cloud Console. Required for Google sign-in. |
GOOGLE_CLIENT_SECRET | OAuth client secret from Google Cloud Console. Required for Google sign-in. |
ADMIN_EMAIL | Admin email address. |
ADMIN_PASSWORD | Password, minimum 8 symbols. |
ADMIN_NAME | Admin name. |
Used for transactional emails (magic links, welcome emails, etc.). Any SMTP provider works.
| Variable | Description |
|---|---|
EMAIL_SERVER_USER | SMTP username / login for your email provider. |
EMAIL_SERVER_PASSWORD | SMTP password for your email provider. |
EMAIL_SERVER_HOST | SMTP host, e.g. smtp.resend.com or smtp.gmail.com. |
EMAIL_SERVER_PORT | SMTP port, typically 465 (SSL) or 587 (STARTTLS). |
EMAIL_FROM | The sender address shown to recipients, e.g. [email protected]. |
Storage (S3)
File uploads are stored in an S3-compatible bucket. Works with AWS S3, Cloudflare R2, MinIO, and others.
| Variable | Description |
|---|---|
S3_REGION | AWS region or equivalent, e.g. eu-central-1. |
S3_BUCKET | Name of your S3 bucket. |
S3_ACCESS_KEY_ID | Access key ID for your S3-compatible provider. |
S3_SECRET_ACCESS_KEY | Secret access key for your S3-compatible provider. |
S3_ENDPOINT | (Optional) Custom endpoint URL for S3-compatible providers (e.g. Cloudflare R2, MinIO). Leave unset for AWS S3. |
S3_PUBLIC_BASE_URL | (Optional) Public base URL for accessing uploaded files, e.g. a CloudFront distribution or R2 public URL. |
Analytics
| Variable | Description |
|---|---|
NEXT_PUBLIC_GOOGLE_ANALYTICS_ID | (Optional) Google Analytics 4 measurement ID, e.g. G-XXXXXXXXXX. Find it in your GA4 property settings. Leave unset to disable analytics. |
Notifications (Telegram)
Telegram notifications are optional. If variables are missing, notification sending is skipped.
| Variable | Description |
|---|---|
TELEGRAM_BOT_TOKEN | (Optional) Bot token created via @BotFather. |
TELEGRAM_CHANNEL_ID | (Optional) Telegram group/channel ID without the leading - (example: 1001234567890). |