This document lists SplitPro environment variables and how they are used. The authoritative list is .env.example.
POSTGRES_CONTAINER_NAME: Docker container name used in compose setups.POSTGRES_USER: Database user.POSTGRES_PASSWORD: Database password.POSTGRES_DB: Database name.POSTGRES_PORT: Database port.DATABASE_URL: Full connection string used by the app.
NEXTAUTH_SECRET: Secret used to sign tokens. Generate withopenssl rand -base64 32.NEXTAUTH_URL: Canonical app URL (used for callbacks and absolute URLs).NEXTAUTH_URL_INTERNAL: Optional internal URL for server-side calls when the app cannot reachNEXTAUTH_URL.
At least one provider must be configured. SplitPro does not support username/password.
DEFAULT_HOMEPAGE: Sets the landing page route, e.g./homeor/balances.ENABLE_SENDING_INVITES: Enable email invites (requires SMTP config).DISABLE_EMAIL_SIGNUP: Disable email magic-link signup for new users.
CLEAR_CACHE_CRON_RULE: Cron rule for cache cleanup jobs (UTC).CACHE_RETENTION_INTERVAL: Postgres interval string that defines how long cached data can remain unused.
pg_cron does not support cron ranges or lists. See https://github.com/citusdata/pg_cron#what-is-pg_cron for details.
Used for magic-link login and invites.
FROM_EMAIL: Sender address.EMAIL_SERVER_HOST: SMTP host.EMAIL_SERVER_PORT: SMTP port.EMAIL_SERVER_USER: SMTP user.EMAIL_SERVER_PASSWORD: SMTP password.
PLAID_CLIENT_ID: Plaid client id.PLAID_SECRET: Plaid secret.PLAID_ENVIRONMENT:sandbox,development, orproduction.PLAID_COUNTRY_CODES: Country codes list (per Plaid docs).PLAID_INTERVAL_IN_DAYS: Lookback window for fetching transactions (default 30 days).
GOCARDLESS_COUNTRYGOCARDLESS_SECRET_IDGOCARDLESS_SECRET_KEYGOCARDLESS_INTERVAL_IN_DAYS
GOOGLE_CLIENT_IDGOOGLE_CLIENT_SECRET
AUTHENTIK_IDAUTHENTIK_SECRETAUTHENTIK_ISSUER: Must include the application slug, no trailing slash.
KEYCLOAK_IDKEYCLOAK_SECRETKEYCLOAK_ISSUER: Must include the realm, e.g.https://keycloak/realms/My_Realm.
OIDC_NAME: Lowercase provider name (used for IDs and icons).OIDC_CLIENT_IDOIDC_CLIENT_SECRETOIDC_WELL_KNOWN_URL: OpenID well-known discovery URL.OIDC_ALLOW_DANGEROUS_EMAIL_LINKING: Optional flag to allow email-based account linking.
WEB_PUSH_PRIVATE_KEYWEB_PUSH_PUBLIC_KEYWEB_PUSH_EMAIL
FEEDBACK_EMAIL
CURRENCY_RATE_PROVIDER:frankfurter,openexchangerates, ornbp.OPEN_EXCHANGE_RATES_APP_ID: Required if using Open Exchange Rates.
DATABASE_URL="postgresql://postgres:strong-password@localhost:5432/splitpro"
NEXTAUTH_SECRET="<generated>"
NEXTAUTH_URL="https://splitpro.example.com"
FROM_EMAIL="SplitPro <no-reply@example.com>"
EMAIL_SERVER_HOST="smtp.example.com"
EMAIL_SERVER_PORT="587"
EMAIL_SERVER_USER="smtp-user"
EMAIL_SERVER_PASSWORD="smtp-password"DATABASE_URL="postgresql://postgres:strong-password@localhost:5432/splitpro"
NEXTAUTH_SECRET="<generated>"
NEXTAUTH_URL="https://splitpro.example.com"
GOOGLE_CLIENT_ID="<client-id>"
GOOGLE_CLIENT_SECRET="<client-secret>"DATABASE_URL="postgresql://postgres:strong-password@localhost:5432/splitpro"
NEXTAUTH_SECRET="<generated>"
NEXTAUTH_URL="https://splitpro.example.com"
OIDC_NAME="keycloak"
OIDC_CLIENT_ID="<client-id>"
OIDC_CLIENT_SECRET="<client-secret>"
OIDC_WELL_KNOWN_URL="https://keycloak.example.com/realms/My_Realm/.well-known/openid-configuration"- Rotate
NEXTAUTH_SECRETif it is ever exposed. - Prefer
_FILEsuffix env vars when deploying with Docker secrets (supported for all values). - in order to lock down your instance, you should configure either your OAuth/ OIDC provider to only allow trusted users, or disable email signups and invites with
DISABLE_EMAIL_SIGNUP=true.