Environment Variables
All configuration is done via environment variables. For Docker Compose deployments, copy apps/web/.env.example to .env in the repo root and edit it.
These variables are required for TheTerms to start.
| Variable | Required | Description | Example |
|---|---|---|---|
DATABASE_URL | Yes | PostgreSQL connection string. Set automatically by Docker Compose. | postgresql://postgres:password@localhost:5432/theterms |
REDIS_URL | Yes | Redis connection string. Set automatically by Docker Compose. | redis://localhost:6379 |
NEXTAUTH_URL | Yes | Full public URL of the app, including protocol. Must match your domain exactly. | https://your-domain.com |
NEXTAUTH_SECRET | Yes | Random secret for signing JWT session tokens. Generate with openssl rand -base64 32. | your-secret-here |
NEXT_PUBLIC_APP_URL | Yes | Same value as NEXTAUTH_URL. Used in client-side code. | https://your-domain.com |
Required for sending signing invitations and team invitations.
| Variable | Required | Description | Example |
|---|---|---|---|
RESEND_API_KEY | For emails | Resend API key. Without this, emails won’t send. | re_your_key_here |
EMAIL_FROM | For emails | Sender address shown in emails. | TheTerms <noreply@yourdomain.com> |
Optional. Required only if you want Google or Microsoft sign-in.
| Variable | Required | Description |
|---|---|---|
GOOGLE_CLIENT_ID | No | Google OAuth 2.0 client ID |
GOOGLE_CLIENT_SECRET | No | Google OAuth 2.0 client secret |
MICROSOFT_CLIENT_ID | No | Microsoft Azure AD application (client) ID |
MICROSOFT_CLIENT_SECRET | No | Microsoft Azure AD client secret |
To enable Google OAuth, create credentials at console.cloud.google.com. Set the authorized redirect URI to https://your-domain.com/api/auth/callback/google.
To enable Microsoft OAuth, register an app at portal.azure.com. Set the redirect URI to https://your-domain.com/api/auth/callback/azure-ad.
Storage
Section titled “Storage”Optional. Required only if you use Supabase Storage for file attachments.
| Variable | Required | Description |
|---|---|---|
NEXT_PUBLIC_SUPABASE_URL | No | Your Supabase project URL |
SUPABASE_SERVICE_ROLE_KEY | No | Supabase service role key (server-side only) |
Docker Compose
Section titled “Docker Compose”These variables are read by docker-compose.yml to configure the stack. Set them in your .env file in the repo root.
| Variable | Default | Description |
|---|---|---|
PORT | 3000 | Host port to expose the app on |
POSTGRES_PASSWORD | password | Password for the postgres database user |