directus/docs/reference/environment-variables.md

Environment Variables

Each Directus project supports a number of environment variables for configuration. These variables are added to the /api/.env file, with an example file at /api/example.env for easier boilerplate setup.

General

PORT

What port to run the API under.
Default: 8055

PUBLIC_URL

URL where your API can be reached on the web.
Default: /

LOG_LEVEL

What level of detail to log. One of fatal, error, warn, info, debug, trace or silent.
Default: info

LOG_STYLE

Render the logs human readable (pretty) or as JSON. One of pretty, raw.
Default: pretty

Database

DB_CLIENT

What database client to use. One of pg or postgres, mysql, mysql2, oracledb, mssql, or sqlite3. For all database clients except SQLite, you will also need to configure the following variables:

DB_HOST

Database host. Required when using pg, mysql, mysql2, oracledb, or mssql.

DB_PORT

Database port. Required when using pg, mysql, mysql2, oracledb, or mssql.

DB_DATABASE

Database name. Required when using pg, mysql, mysql2, oracledb, or mssql.

DB_USER

Database user. Required when using pg, mysql, mysql2, oracledb, or mssql.

DB_PASSWORD

Database user's password. Required when using pg, mysql, mysql2, oracledb, or mssql.

DB_FILENAME (SQLite Only)

Where to read/write the SQLite database. Required when using sqlite3.

::: tip Additional Database Variables All DB_* environment variables are passed to the connection configuration of a Knex instance. Based on your project's needs, you can extend the DB_* environment variables with any config you need to pass to the database instance. :::

DB_CONNECTION_STRING (Postgres Only)

When using Postgres, you can submit a connection string instead of individual properties. Using this will ignore any of the other connection settings.

Security

KEY

Unique identifier for the project.

SECRET

Secret string for the project. Generated on installation.

ACCESS_TOKEN_TTL

The duration that the access token is valid.
Default: 15m

REFRESH_TOKEN_TTL

The duration that the refresh token is valid, and also how long users stay logged-in to the App.
Default: 7d

REFRESH_TOKEN_COOKIE_SECURE

Whether or not to use a secure cookie for the refresh token in cookie mode.
Default: false

REFRESH_TOKEN_COOKIE_SAME_SITE

Value for sameSite in the refresh token cookie when in cookie mode.
Default: lax

CORS

CORS_ENABLED

Whether or not to enable the CORS headers.
Default: true

CORS_ORIGIN

Value for the Access-Control-Allow-Origin header. Possible values:

• true - reflect the Origin header
• String - set the origin to a specific domain
• CSV - multiple domains

CORS_METHODS

Value for the Access-Control-Allow-Methods header.
Default: GET,POST,PATCH,DELETE

CORS_ALLOWED_HEADERS

Value for the Access-Control-Allow-Headers header.
Default: Content-Type,Authorization

CORS_EXPOSED_HEADERS

Value for the Access-Control-Expose-Headers header.
Default: Content-Range

CORS_CREDENTIALS

Whether or not to send the Access-Control-Allow-Credentials header.
Default: true

CORS_MAX_AGE

Value for the Access-Control-Max-Age header.
Default: 18000

Rate Limiting

RATE_LIMITER_ENABLED

Whether or not to enable rate limiting on the API.
Default: false

RATE_LIMITER_POINTS

The amount of allowed hits per duration.
Default: 50

RATE_LIMITER_DURATION

The time window in seconds in which the points are counted.
Default: 1

RATE_LIMITER_STORE

Where to store the rate limiter counts. Either memory, redis, or memcache. Based on the rate limiter used, you must also provide the following configurations.
Default: memory

• Memory
  • No additional configuration required
• Redis
  • RATE_LIMITER_REDIS — Redis connection string
    • eg: redis://:authpassword@127.0.0.1:6380/4
  • Alternatively, you can enter individual connection parameters:
    • RATE_LIMITER_REDIS_HOST
    • RATE_LIMITER_REDIS_PORT
    • RATE_LIMITER_REDIS_PASSWORD
    • RATE_LIMITER_REDIS_DB
• Memcache
  • RATE_LIMITER_MEMCACHE — Location of your memcache instance

::: tip Additional Rate Limiter Variables All RATE_LIMITER_* variables are passed directly to a rate-limiter-flexible instance. Depending on your project's needs, you can extend the above environment variables to configure any of the rate-limiter-flexible options. :::

Cache

CACHE_ENABLED

Whether or not caching is enabled.
Default: false

CACHE_TTL

How long the cache is persisted.
Default: 30m

::: warning Forced Flush Regardless of TTL, the cache is always flushed for every create, update, and delete action. :::

CACHE_NAMESPACE

How to scope the cache data.
Default: directus-cache

CACHE_STORE

Where to store the cache data. Either memory, redis, or memcache. Based on the cache used, you must also provide the following configurations.
Default: memory

• Memory
  • No additional configuration required
• Redis
  • CACHE_REDIS — Redis connection string
    • eg: redis://:authpassword@127.0.0.1:6380/4
  • Alternatively, you can enter individual connection parameters:
    • CACHE_REDIS_HOST
    • CACHE_REDIS_PORT
    • CACHE_REDIS_PASSWORD
    • CACHE_REDIS_DB
• Memcache
  • CACHE_MEMCACHE — Location of your memcache instance

CACHE_AUTO_PURGE

Controls whether or not the cache will be auto-purged on create/update/delete actions within the system. Enabling this feature means that the API will remain real-time, while caching subsequent read calls when no changes have happened. Note: enabling auto-purge will remove the Cache-Control header, as the cache can be invalidated at any point.

ASSETS_CACHE_TTL

How long assets will be cached for in the browser. Sets the max-age value of the Cache-Control header.

File Storage

STORAGE_LOCATIONS

A CSV of storage locations (eg: local,digitalocean,amazon) to use. You can use any names you'd like for these keys, but each must have a matching <LOCATION> configuration.
Default: local

For each of the storage locations listed, you must provide the following configuration:

• STORAGE_<LOCATION>_PUBLIC_URL — Location on the internet where the files are accessible
• STORAGE_<LOCATION>_DRIVER — Which driver to use, either local, s3, or gcl

Based on your configured driver, you must also provide the following configurations.

• Local
  • STORAGE_<LOCATION>_ROOT — Where to store the files on disk
• S3
  • STORAGE_<LOCATION>_KEY — User key
  • STORAGE_<LOCATION>_SECRET — User secret
  • STORAGE_<LOCATION>_ENDPOINT — S3 Endpoint
  • STORAGE_<LOCATION>_BUCKET — S3 Bucket
  • STORAGE_<LOCATION>_REGION — S3 Region
• Google Cloud
  • STORAGE_<LOCATION>_KEY_FILENAME — Path to key file on disk
  • STORAGE_<LOCATION>_BUCKET — Google Cloud Storage bucket

oAuth

OAUTH_PROVIDERS

CSV of oAuth providers you want to use. For each of the oAuth providers you list, you must also provide the following configurations.

• OAUTH_<PROVIDER>_KEY — oAuth key for the external service
• OAUTH_<PROVIDER>_SECRET — oAuth secret for the external service.

Extensions

EXTENSIONS_PATH

Path to your local extensions folder.
Default: ./extensions

Email

EMAIL_FROM

Email address from which emails are sent.
Default: no-reply@directus.io

EMAIL_TRANSPORT

What to use to send emails. One of sendmail, smtp. Based on the transport used, you must also provide the following configurations.
Default: sendmail

• Sendmail (sendmail)
  • EMAIL_SENDMAIL_NEW_LINE — What new line style to use in sendmail. Default: unix
  • EMAIL_SENDMAIL_PATH — Path to your sendmail executable. Default: /usr/sbin/sendmail
• SMTP (smtp)
  • EMAIL_SMTP_HOST — SMTP Host
  • EMAIL_SMTP_PORT — SMTP Port
  • EMAIL_SMTP_USER — SMTP User
  • EMAIL_SMTP_PASSWORD — SMTP Password
  • EMAIL_SMTP_POOL — Use SMTP pooling
  • EMAIL_SMTP_SECURE — Enable TLS

Misc.

If you're relying on Docker and/or the directus bootstrap CLI command, you can pass the following two environment variables to automatically configure the first user:

ADMIN_EMAIL

The email address of the first user that's automatically created when using directus bootstrap. Defaults to admin@example.com

ADMIN_PASSWORD

The password of the first user that's automatically created when using directus bootstrap. Defaults to a random string of 12 characters.