Skip to main content
Environment variables are the strongest configuration source for a Roomote deployment. They are best for values that belong to infrastructure: public URLs, database and Redis connections, storage credentials, provider API keys, signing keys, and production-only overrides. Most day-to-day setup can also be managed from the Roomote UI. Use environment variables when you want configuration to be explicit, reproducible, managed by your deployment platform, or unavailable to in-app editors.

Precedence

Roomote resolves configuration in layers:
  1. Process environment variables supplied by Docker Compose, the one-command installer, a PaaS, or the shell.
  2. Saved deployment environment variables encrypted in Roomote during setup or from Settings pages.
  3. Persisted runtime settings such as the selected default model, compute provider, or preview settings.
  4. Derived defaults for local development and release-managed values.
The exact order depends on the setting. A few important cases:
  • Provider credentials usually resolve as process env first, then saved deployment env vars.
  • Model role env vars such as ROOMOTE_MODEL override the same role selected in Settings > Models.
  • Preview env vars such as PREVIEW_PROXY_BASE_URL override values saved from Settings > Live Previews.
  • Compute provider credentials resolve as process env first, then saved deployment env vars. The default compute provider is special: an explicit admin selection saved in Roomote wins over DEFAULT_COMPUTE_PROVIDER because local and Compose stacks often set a default automatically.
  • Local development has safe defaults for Postgres, Redis, MinIO, signing keys, and local URLs. Production does not.

UI locking

When a supported setting is provided by the process environment, Roomote treats it as operator-managed infrastructure. Settings pages may show the value as configured, masked, or env-managed, but they should not overwrite it. This is intentional. It lets production operators keep secrets and platform configuration in the deployment system while still letting admins manage non-env settings in the app. Use the UI when:
  • the value is safe for an admin to rotate from Roomote
  • the setting is expected to change without redeploying
  • the deployment platform does not make env management easy
Use environment variables when:
  • the value is required for boot, networking, or storage
  • the value is a production secret managed by your host or secret manager
  • you want changes reviewed in infrastructure config
  • you need to prevent in-app overrides

Production recommendations

For production and shared self-hosted deployments:
  • Set NODE_ENV=production and APP_ENV=production.
  • Set stable public URLs with ROOMOTE_APP_URL, TRPC_URL, and, when previews are enabled, PREVIEW_PROXY_BASE_URL.
  • Provide DATABASE_URL, REDIS_URL, and S3-compatible artifact storage.
  • Generate strong ENCRYPTION_KEY, ARTIFACT_SIGNING_KEY, and DASHBOARD_PASSWORD values.
  • Either provide both job and preview auth keypairs or set ROOMOTE_AUTO_GENERATE_KEYS=true so Roomote generates and persists them.
  • Keep provider credentials in environment variables or a secret manager when they are controlled by the operator.
  • Prefer immutable worker image tags for hosted compute providers.
  • Avoid SKIP_ENV_VALIDATION outside build tooling or one-off diagnostics.

Supported env vars

The table below lists operator-supported deployment configuration. It does not include task-scoped internal variables that Roomote injects into sandboxes, such as per-task auth tokens or workspace paths.

Runtime and URLs

Env varRequiredUsed for
NODE_ENVProductionNode runtime mode: development, test, or production. Production deploys should set production.
APP_ENVRecommendedRoomote app environment: development, preview, or production. Also affects monitoring and local URL defaults.
ROOMOTE_PUBLIC_URLLocal callbacksStable public HTTPS origin used by local development for OAuth and webhook callbacks.
ROOMOTE_APP_URLProductionPublic web app origin. Workers and integrations use it for links back to Roomote.
TRPC_URLProductionAPI/tRPC origin used by workers and services. In single-origin production, this is often the app URL plus /_roomote-api.
NEXT_PUBLIC_GITHUB_APP_SLUGGitHub setupGitHub App slug exposed to the browser. GITHUB_APP_SLUG is also accepted during source-control setup.
SETUP_TOKENRequired (non-local)One-time bootstrap token that admits the first admin at /setup. Required on every non-local deployment — tokenless bootstrap is allowed only when NODE_ENV is not production and APP_ENV is development, so anything running with NODE_ENV=production needs it. Without it, first-admin bootstrap stays closed so nobody can claim the founding-admin slot by reaching the URL first. Optional only in local development.
DASHBOARD_PASSWORDProductionLocal fallback/admin password value used by the deployment. Generate a strong secret.
WEB_DEV_LOGIN_EMAILLocal onlyConvenience email for development login flows. Do not use as production access control.
SKIP_ENV_VALIDATIONAvoidSkips env validation when present. Useful for narrow tooling cases, not normal deployments.

Database, Redis, and artifacts

Env varRequiredUsed for
DATABASE_URLProductionPostgres connection string. Local development defaults to the local Compose database.
REDIS_URLProductionRedis connection string for queues and runtime coordination.
S3_ENDPOINTProductionS3-compatible artifact storage endpoint used by services.
S3_PRESIGN_ENDPOINTRecommendedEndpoint used when signing artifact URLs for workers or browsers. Set this when the public or worker-reachable URL differs from S3_ENDPOINT.
S3_REGIONProductionS3 region. MinIO deployments commonly use us-east-1.
S3_ACCESS_KEY_IDProductionArtifact-storage access key.
S3_SECRET_ACCESS_KEYProductionArtifact-storage secret key.
S3_BUCKET_ARTIFACTSProductionBucket used for Roomote artifacts.
S3_AUTO_CREATE_BUCKETOptionalSet to true or 1 to create the artifacts bucket at API boot when it is missing.

Security and signing

Env varRequiredUsed for
ENCRYPTION_KEYProductionSecret used to encrypt deployment-stored secrets. Must be at least 32 characters.
BETTER_AUTH_SECRETOptionalDedicated secret for signing sign-in session cookies. At least 32 characters. Falls back to ENCRYPTION_KEY when unset; setting it later invalidates existing sessions.
ARTIFACT_SIGNING_KEYProductionSecret used to sign artifact access. Must be at least 32 characters.
ARTIFACT_SIGNING_KEY_PREVIOUSRotationPrevious artifact signing key during rotation.
JOB_AUTH_PRIVATE_KEYProduction unless auto-generatedBase64-encoded P-256 private key for job auth tokens.
JOB_AUTH_PUBLIC_KEYProduction unless auto-generatedBase64-encoded P-256 public key for job auth token verification.
PREVIEW_AUTH_PRIVATE_KEYProduction unless auto-generatedBase64-encoded P-256 private key for preview auth tokens.
PREVIEW_AUTH_PUBLIC_KEYProduction unless auto-generatedBase64-encoded P-256 public key for preview auth token verification.
ROOMOTE_AUTO_GENERATE_KEYSOptionalSet to true or 1 to generate missing job and preview keypairs at first startup and persist them encrypted in the database.
SANDBOX_OIDC_PRIVATE_KEYOptionalPrivate key for sandbox OIDC token signing when using OIDC-backed sandbox auth flows.
SANDBOX_OIDC_PUBLIC_KEYOptionalPrimary public key for sandbox OIDC verification.
SANDBOX_OIDC_PUBLIC_KEY_SECONDARYRotationSecondary sandbox OIDC public key during key rotation.

Models and inference providers

Env varRequiredUsed for
ROOMOTE_MODELOptionalEnv-level default coding model. Overrides the default selected in Settings > Models for new task starts.
ROOMOTE_SMALL_MODELOptionalHelper model for routing, titles, summaries, and lightweight model calls.
ROOMOTE_VISION_MODELOptionalVision-capable model for visual inspection and screenshot/image work.
ROOMOTE_CODE_REVIEW_MODELOptionalModel for initial PR/MR review and review-sync tasks.
ROOMOTE_EXPLORE_MODELOptionalExploration/helper model for investigation-oriented subtasks.
ROOMOTE_PLANNING_MODELOptionalPlanning model used for longer coding-task planning.
ROOMOTE_MODEL_REASONING_EFFORTOptionalReasoning level for the coding model: low, medium, high, or xhigh.
ROOMOTE_SMALL_MODEL_REASONING_EFFORTOptionalReasoning level for the helper model.
ROOMOTE_VISION_MODEL_REASONING_EFFORTOptionalReasoning level for the vision model.
ROOMOTE_CODE_REVIEW_MODEL_REASONING_EFFORTOptionalReasoning level for the code review model.
ROOMOTE_EXPLORE_MODEL_REASONING_EFFORTOptionalReasoning level for the exploration model.
ROOMOTE_PLANNING_MODEL_REASONING_EFFORTOptionalReasoning level for the planning model.
ROOMOTE_MODEL_ENV_KEYSOptionalComma- or space-separated list of extra provider key env vars to forward to task workers.
OPENROUTER_API_KEYProvider keyOpenRouter API key. Can also be saved from Settings > Models.
AI_GATEWAY_API_KEYProvider keyVercel AI Gateway API key.
OPENAI_API_KEYProvider keyOpenAI API key.
ANTHROPIC_API_KEYProvider keyAnthropic API key.
MOONSHOT_API_KEYProvider keyMoonshot AI / Kimi API key.
MINIMAX_API_KEYProvider keyMiniMax API key.
OPENCODE_API_KEYProvider keyOpenCode Zen / Go API key.
GOOGLE_GENERATIVE_AI_API_KEYProvider keyGoogle/Gemini provider key forwarded when configured or inferred.
GEMINI_API_KEYProvider keyAlternate Gemini provider key.
MISTRAL_API_KEYProvider keyMistral provider key forwarded when configured.

Compute providers

Env varRequiredUsed for
DEFAULT_COMPUTE_PROVIDEROptionalRuntime default compute provider when no admin default is saved. Supported values are docker, modal, e2b, and daytona.
EXCLUDED_COMPUTE_PROVIDERSOptionalComma-separated provider IDs to hide or exclude from default selection.
DOCKER_WORKER_IMAGEOptionalWorker image for Docker and hosted compute derivation. In production, prefer an immutable registry-qualified tag.
ROOMOTE_WORKER_IMAGE_REPOOptionalRegistry repository used to derive the worker image from RELEASE_VERSION when DOCKER_WORKER_IMAGE is unset.
DOCKER_WORKER_PLATFORMOptionalDocker worker platform. Defaults to linux/amd64.
DOCKER_WORKER_NETWORKSelf-host DockerDocker network for worker containers in Compose/self-host mode.
DOCKER_WORKER_RELEASE_PATHOptionalPath to a packaged worker release archive used by Docker worker bootstrap.
MODAL_TOKEN_IDModalModal token ID. Can also be saved from Settings > Compute.
MODAL_TOKEN_SECRETModalModal token secret.
MODAL_BASE_IMAGE_REFModalModal base image reference. Usually derived from the worker image; set only to pin a custom image.
MODAL_ENDPOINTOptionalModal endpoint override.
MODAL_ENVIRONMENTOptionalModal environment name.
MODAL_APP_NAMEOptionalModal app name override.
MODAL_REGISTRY_USERNAMEPrivate registryRegistry username for private non-ECR image pulls.
MODAL_REGISTRY_PASSWORDPrivate registryRegistry password for private non-ECR image pulls.
MODAL_ECR_OIDC_ROLE_ARNECRAWS IAM role ARN used by Modal for ECR OIDC pulls.
MODAL_ECR_REGIONECRAWS region for Modal ECR OIDC pulls.
E2B_API_KEYE2BE2B API key. Can also be saved from Settings > Compute.
E2B_TEMPLATE_IDE2BWorker template ID. Usually provisioned from the worker image by Roomote.
E2B_DOMAINOptionalE2B domain for self-hosted or custom E2B clusters.
E2B_MAX_SANDBOX_TIMEOUT_MSOptionalMaximum E2B sandbox timeout Roomote will request. Defaults to one hour.
DAYTONA_API_KEYDaytonaDaytona API key. Can also be saved from Settings > Compute.
DAYTONA_API_URLOptionalDaytona API URL override.
DAYTONA_TARGETOptionalDaytona target or region.
DAYTONA_SNAPSHOT_NAMEDaytonaWorker snapshot name. Usually registered from the worker image by Roomote.
WORKER_RELEASE_CHANNELOptionalWorker release channel, stable or preview, for hosted worker release selection.
WORKER_RELEASE_VERSIONOptionalExplicit worker release version for hosted worker bootstrap.
LOCAL_SANDBOX_FILES_DIRLocal developmentLocal override for sandbox bootstrap files. Used only by development workflows.

Source control providers

Env varRequiredUsed for
NEXT_PUBLIC_GITHUB_APP_SLUGGitHubBrowser-visible GitHub App slug.
GITHUB_APP_SLUGGitHubAlternate setup-time GitHub App slug accepted by source-control setup.
GITHUB_APP_IDGitHubGitHub App ID.
GITHUB_APP_PRIVATE_KEYGitHubRaw GitHub App private key PEM, usually with newlines escaped as \\n.
GITHUB_CLIENT_IDGitHubGitHub OAuth client ID.
GITHUB_CLIENT_SECRETGitHubGitHub OAuth client secret.
GITHUB_WEBHOOK_SECRETGitHubGitHub webhook secret.
GITHUB_MCP_SERVER_URLOptionalGitHub MCP server URL override.
GITHUB_AUTOMATED_SKIP_REPOSOptionalRepository skip list for automated GitHub processing.
GITHUB_AUTOMATED_SKIP_OWNERSOptionalOwner skip list for automated GitHub processing.
GITLAB_TOKENGitLabGitLab personal access token for source-control setup.
GITLAB_BASE_URLOptionalGitLab base URL for self-managed GitLab.
GITLAB_CLIENT_IDOptionalGitLab OAuth client ID.
GITLAB_CLIENT_SECRETOptionalGitLab OAuth client secret.
GITLAB_WEBHOOK_SIGNING_TOKENOptionalGitLab webhook signing token.
GITLAB_WEBHOOK_SECRETOptionalGitLab webhook secret.
GITEA_BASE_URLGiteaGitea base URL.
GITEA_TOKENGiteaGitea access token.
GITEA_USERNAMEOptionalGitea username.
GITEA_CLIENT_IDOptionalGitea OAuth client ID.
GITEA_CLIENT_SECRETOptionalGitea OAuth client secret.
GITEA_WEBHOOK_SECRETOptionalGitea webhook secret.
ADO_ORGANIZATIONAzure DevOpsAzure DevOps organization.
ADO_TOKENAzure DevOpsAzure DevOps access token.
ADO_BASE_URLOptionalAzure DevOps base URL.
ADO_USERNAMEOptionalAzure DevOps username.
ADO_CLIENT_IDOptionalMicrosoft Entra client ID for Azure DevOps OAuth.
ADO_CLIENT_SECRETOptionalMicrosoft Entra client secret for Azure DevOps OAuth.
ADO_TENANT_IDOptionalMicrosoft Entra tenant ID for Azure DevOps OAuth. ROOMOTE_AUTH_MICROSOFT_TENANT_ID is also accepted.
ADO_WEBHOOK_SECRETOptionalAzure DevOps webhook secret.

Communications and sign-in

Env varRequiredUsed for
SLACK_APP_IDSlack appSlack app ID for communications setup.
SLACK_CLIENT_IDSlack app/authSlack OAuth client ID. Also accepted for Slack sign-in setup.
SLACK_CLIENT_SECRETSlack app/authSlack OAuth client secret. Also accepted for Slack sign-in setup.
SLACK_REDIRECT_URIOptionalSlack redirect URI override.
SLACK_AUTH_URIOptionalSlack auth URI override.
SLACK_SIGNING_SECRETSlack app/authSlack signing secret for webhook verification.
SLACK_API_BASE_URLOptionalSlack API base URL. Defaults to https://slack.com/api/.
SLACK_UNFURL_ALLOWED_DOMAINSOptionalDomains Slack unfurl handling may allow.
SLACK_API_TIMEOUT_MSOptionalSlack API timeout. Defaults to API_EXTERNAL_REQUEST_TIMEOUT_MS or 10 seconds.
SLACK_DEBUG_LOGSOptionalSet to true or 1 to enable extra Slack logs.
ROUTER_DEBUG_CHANNEL_IDOptionalSlack channel ID for router debug output.
TEAMS_BOT_APP_IDTeamsMicrosoft Teams bot app ID.
TEAMS_BOT_APP_PASSWORDTeamsMicrosoft Teams bot password.
TEAMS_BOT_TENANT_IDOptionalMicrosoft Teams bot tenant ID.
TEAMS_BOT_TOKEN_ENDPOINTOptionalTeams bot token endpoint override.
TEAMS_BOT_OAUTH_SCOPEOptionalTeams bot OAuth scope override.
TELEGRAM_BOT_TOKENTelegramTelegram bot token.
TELEGRAM_WEBHOOK_SECRETTelegramTelegram webhook secret.
TELEGRAM_BOT_USERNAMETelegramTelegram bot username.
ROOMOTE_AUTH_SLACK_CLIENT_IDSlack sign-inSlack sign-in client ID. SLACK_CLIENT_ID is also accepted.
ROOMOTE_AUTH_SLACK_CLIENT_SECRETSlack sign-inSlack sign-in client secret. SLACK_CLIENT_SECRET is also accepted.
ROOMOTE_AUTH_MICROSOFT_CLIENT_IDMicrosoft sign-inMicrosoft OAuth client ID.
ROOMOTE_AUTH_MICROSOFT_CLIENT_SECRETMicrosoft sign-inMicrosoft OAuth client secret.
ROOMOTE_AUTH_MICROSOFT_TENANT_IDMicrosoft sign-inMicrosoft tenant ID. Also accepted as the Azure DevOps tenant ID fallback.
ROOMOTE_ALLOWED_EMAILSOptionalComma-separated email allowlist for deployments that restrict sign-in by email.

Integrations

Env varRequiredUsed for
LINEAR_CLIENT_IDLinearLinear OAuth client ID.
LINEAR_CLIENT_SECRETLinearLinear OAuth client secret.
LINEAR_WEBHOOK_SECRETLinearLinear webhook secret.
LINEAR_REDIRECT_URIOptionalLinear redirect URI override.

Live previews

Env varRequiredUsed for
PREVIEW_PROXY_BASE_URLPreview supportPublic preview-proxy origin. Overrides Settings > Live Previews when set.
PREVIEW_DOMAINSOptionalComma-separated preview domains allowed by the preview proxy. Usually derived from PREVIEW_PROXY_BASE_URL.
ROOMOTE_PREVIEW_DOMAINOptionalRoomote preview domain override used by preview runtime analysis.
PREVIEW_TOKEN_TTL_SECONDSOptionalPreview auth token lifetime. Defaults to 3600 seconds.

Observability and request timing

Env varRequiredUsed for
SENTRY_DSNOptionalShared Sentry DSN fallback for Node services that do not have a service-specific DSN.
NEXT_PUBLIC_SENTRY_DSNOptionalBrowser and Next.js web Sentry DSN.
API_SENTRY_DSNOptionalAPI service Sentry DSN. Falls back to SENTRY_DSN.
CONTROLLER_SENTRY_DSNOptionalController service Sentry DSN. Falls back to SENTRY_DSN.
BULLMQ_SENTRY_DSNOptionalBullMQ service Sentry DSN. Falls back to SENTRY_DSN.
WORKER_SENTRY_DSNOptionalWorker service Sentry DSN. Falls back to SENTRY_DSN.
API_DEBUG_LOGSOptionalSet to true or 1 to enable extra API logs.
API_EXTERNAL_REQUEST_TIMEOUT_MSOptionalDefault external request timeout. Defaults to 10 seconds.
API_SLOW_REQUEST_THRESHOLD_MSOptionalThreshold for slow API request logging. Defaults to 5 seconds.
API_SLOW_EXTERNAL_REQUEST_THRESHOLD_MSOptionalThreshold for slow external request logging. Defaults to 2 seconds.
RELEASE_VERSIONRelease imagesBaked release version used for release tagging and worker image derivation.
GITHUB_SHARelease metadataCommit SHA fallback for monitoring release metadata.
VERCEL_GIT_COMMIT_SHARelease metadataVercel commit SHA fallback for monitoring release metadata.

Local development and deploy helpers

Env varRequiredUsed for
NGROK_AUTH_TOKENLocal callbacksLets pnpm dev configure ngrok automatically for local public callbacks.
ROOMOTE_ENV_FILESelf-host scriptsAlternate dotenv file for local self-host Compose scripts.
ROOMOTE_DOCKER_LOAD_ENV_FILESelf-host scriptsCompose wrapper flag controlling image-baked dotenv loading. Normally managed by scripts.
ROOMOTE_APP_DOMAINProduction exampleDomain helper used by production dotenv examples and Caddy deployment files.
ROOMOTE_PREVIEW_DOMAINProduction example/previewsPreview domain helper used by production dotenv examples and preview runtime config.
SKILLS_API_URLOptionalSkill marketplace/API URL override for skill-related tooling.

Environment variables versus environment settings

Roomote also has environment variables inside Settings > Environments. Those are task workspace variables: they are made available to Roomote tasks running in that environment. This page is about deployment configuration variables. Deployment variables configure Roomote itself; environment variables inside an environment configure the codebase Roomote is working on.