SculptOps/Docs
← Back to site

Environment Variables

Reference for the main environment variables supported by SculptOps.

Set production values in your deployment environment or secret manager. Do not commit real secrets to the repository.

Required

VariableDescription
DATABASE_URLPostgreSQL connection string.
AUTH_SECRETSecret used by Auth.js to sign sessions.
AUTH_URLPublic URL users use to access the app.
ENCRYPTION_KEY64-character hex key used to encrypt stored credentials.
Danger
Losing ENCRYPTION_KEY means encrypted SSH keys, vault passwords, and SMTP passwords cannot be recovered.

Public app settings

VariableDescription
NEXT_PUBLIC_APP_URLPublic base URL used in user-facing links.
NEXT_PUBLIC_APP_NAMEOptional display name for the app.

Ansible execution

VariableDefaultDescription
ANSIBLE_DOCKER_IMAGEcytopia/ansible:latestImage used for execution containers.
ANSIBLE_DOCKER_NETWORKbridgeDocker network for execution containers.
ANSIBLE_EXECUTION_TIMEOUT1800Maximum execution duration in seconds.
ANSIBLE_MAX_MEMORY2gMemory limit per execution.
ANSIBLE_MAX_CPUS4CPU limit per execution.
ANSIBLE_MAX_PIDS512PID limit per execution.
ANSIBLE_HOST_KEY_CHECKINGFalseControls Ansible host key checking.

Outbound security

VariableDefaultDescription
ALLOW_PRIVATE_OUTBOUNDfalseAllow callbacks to private/internal IP ranges.
ALLOW_INSECURE_OUTBOUND_HTTPfalseAllow non-HTTPS outbound callback URLs.

Community library

VariableDescription
COMMUNITY_API_URLURL of the community API service. Leave unset to disable community features.
COMMUNITY_SUBMIT_KEYShared submit key for community submissions.

Development only

VariableDescription
SKIP_AUTHBypasses login for local development. Do not enable in production.

Generating secrets

VariableExample command
ENCRYPTION_KEYopenssl rand -hex 32
AUTH_SECRETopenssl rand -base64 48
Previous
Requirements
Next
Upgrades