Skip to main content

Environment Variables

In the following you can find all the environment variables used in the TruBudget project. Use this list as reference for development and deployment.

Excel export serviceexcel
Storage servicestorage
Email notification serviceemail

If you need a .env_example file as a template, use the .env_example file in /scripts/operation. This file has all values pre-filled.

Env VariableRequiredDefault ValueUsed byDescription
ORGANIZATIONyes-bc/apiIn the blockchain network, each node is represented by its organization name. This environment variable sets this organization name. It is used to create the organization stream on the blockchain and is also displayed in the frontend's top right corner.
ORGANIZATION_VAULT_SECRETyes-apiThis is the key to en-/decrypt user data of an organization. If you want to add a new node for your organization, you want users to be able to log in on either node. Make sure that the api connected to the new node has the same organization vault secret.
Caution: If you want to run TruBudget in production,make sure NOT to use the default value from the .env_example file!
API_HOSTnobc/provThe IP address of one api which is connected to the node you want to connect to (The IP addresses are usually the same as for the P2P host address).
API_PORTno8080bc/provThe port used to connect to the api.
JWT_SECRETno[random]api/bcA string that is used to sign JWT which are created by the authenticate endpoint of the api
P2P_HOSTnobcThe IP address of the blockchain node you want to connect to.
P2P_PORTno7447bcThe port on which all nodes in the blockchain network have exposed their MultiChain daemon for peer-to-peer connections. Beta nodes will connect to the P2P_PORT of the Alpha node through this variable. Alpha nodes will expose their MultiChain daemon through this variable.
PORTno8080 for api, 8888 for excelapi/exportThe port used to expose the API and excel-export for your installation. Example: If you run TruBudget locally and set API_PORT to 8080, you can reach the API via localhost:8080/api.
ROOT_SECRETno[random]apiThe root secret is the password for the root user. If you start with an empty blockchain, the root user is needed to add other users, approve new nodes,.. If you don't set a value via the environment variable, the API generates one randomly and prints it to the console
Caution: If you want to run TruBudget in production, make sure to set a secure root secret.
MULTICHAIN_RPC_PASSWORDno[hardcoded]api/bcPassword used by the API to connect to the blockchain. The password is set by the origin node upon start. Every beta node needs to use the same RPC password in order to be able to connect to the blockchain.
Hint: Although the MULTICHAIN_RPC_PASSWORD is not required it is highly recommended to set an own secure one
MULTICHAIN_RPC_PORTno8000api/bcThe port used to expose the multichain daemon of your TruBudget blockchain installation(bc) for RPC connections. The port used to connect to the api of the multichain daemon. This will be used internally for the communication between the API and the multichain daemon.
MULTICHAIN_RPC_USERnomultichainrpcapi/bcThe user used to connect to the multichain daemon.
MULTICHAIN_FEED_ENABLEDnofalsebcIf set to true the multichain-feed go script in src/multichain-feed/multichain-feed is passed to the mutlichain daemon and executed in a separate process.
AUTOSTARTnotruebcIf set to false multichain daemon will not start automatically.
EXTERNAL_IPnobcThe IP address with which the current node can be reached. Example: If you have a VM with an alpha node running on and you want to connect a beta node to your alpha node, you set the EXTERNAL_IP of the alpha node to
NODE_ENVyesdevelopment or productionbcEnvironment: Default development when running development-script. Production when running production-script
CERT_PATHnobcThe path to the certificate used by the blockchain to authenticate with the connection peer. Note that self-signed certificates are not allowed in production environments. More information can be found here
CERT_CA_PATHnobcThe path to the certificate authority root certificate by the blockchain to authenticate with the connection peer. Note that self-signed certificates are not allowed in production environments.More information can be found here
CERT_KEY_PATHnobcThe path to the certificate key used by the blockchain to authenticate with the connection peer. More information can be found here
ACCESS_CONTROL_ALLOW_ORIGINno"*"bc/api/excel/storageSince the services use CORS, the domain by which it can be called needs to be set. Setting this value to "*" means that it can be called from any domain. Read more about this topic here.
MULTICHAIN_DIRno/rootbcThe path to the multichain folder where the blockchain data is persisted. For installations via docker-compose, this refers to the path within the docker container of the blockchain. For bare metal installations, this refers to the path on the machine the blockchain is running on.
PRETTY_PRINTnotrue*Decides whether the logs printed by services are pretty printed or not. Pretty printed logs are easier to read while non-pretty printed logs are easier to store and use e.g. in the ELK (Elasticsearch-Logstash-Kabana) stack.
TAGnomainscriptsThe tag defines the version of the image that is pulled from the docker hub.
NODE_ENVnoui/apiIf set to development search Trubudget's external services on localhost, api will allow any string as password. If set to production disable Redux devtools extension.
REACT_APP_VERSIONnouiInjected version via $npm_package_version in.env file to ensure the version is shown in the frontend
INLINE_RUNTIME_CHUNKnofalsefrontendScripts that are injected by React will not be injected inline but as script with src="...". Important for being able to enforce a stricter Content Security Policy
REACT_APP_EMAIL_SERVICE_ENABLEDnofalseuiWhen enabled, the frontend requests a email-service readiness call when entering the login screen.
If true the email section in the user-profile is enabled
EMAIL_HOSTno-uiIP address of the email notification service
EMAIL_PORTno8890uiPort of the email notification service
REACT_APP_EXPORT_SERVICE_ENABLEDnofalseuiIf true the frontend requests a export-service readiness call when entering the login screen and
the export button is shown at the side navbar
EXPORT_HOSTno-uiIP address of the excel export service
EXPORT_PORTno8888uiPort of the excel export service
REACT_APP_LOGGINGnofalseuiWhen enabled, the log/error messages on the frontend are send back to the logging-service
REACT_APP_LOG_LEVELnotraceuiValues are: info or error or trace. When set to trace all state transitions of the ui are logged to console & sent back to the logging-service
REACT_APP_LOGGING_SERVICE_HOSTnolocalhostuiHost of the logging-service
REACT_APP_LOGGING_SERVICE_PORTno3000uiPort on which the logging-service is listening
REACT_APP_LOGGING_SERVICE_HOST_SSLnofalseuiDefines whether the frontend logger uses SSL to communicate with the logging-service. When used in production, SSL must be enabled!
REACT_APP_LOGGING_PUSH_INTERVALno20uiDefines in which intervals the collected log-messages should be push to the logging-service (in seconds).
DB_TYPEnopgemailType of database. A supported list can be found in the Database Configuration section
DB_NAMEnotrubudget_email_serviceemailName of the database
DB_USERnopostgresemailUser name for connected database
DB_PASSWORDnotestemailPassword for connected database
DB_HOSTnolocalhostemailIP of connected database
DB_PORTno5432emailPort of connected database
DB_SCHEMAnopublicemailSchema of connected database
DB_SSLnofalseemailIf true the DB connection is using the SSL protocol
USER_TABLEnousersemailName of the table which is created if the first email address is inserted
SMTP_USERnotestuseremailThis is forwarded to the auth prop of the nodemailer's transport-options, to authenticate with the credentials of the configured SMTP server
SMTP_PASSWORDnotestemailIP of external SMTP-Server used to actually send notification emails
SMTP_HOSTnolocalhostemailIP of external SMTP-Server used to actually send notification emails
SMTP_PORTno2500emailPort of external SMTP-Server
SMTP_SSLnofalseemailIf true the external SMTP-Server connection is using the SSL protocol
SQL_DEBUGnofalseemailThe SQL Debug option is forwarded to the knex configuration
EMAIL_FROMnoTrubudget Notification Service👻emailThis is injected into the from field of the email notification
EMAIL_SUBJECTnoTrubudget NotificationemailThis is injected into the subject field of the email notification
EMAIL_TEXTnoYou have received a notification.emailThis is injected into the body of the email notification
LOG_LEVELnoinfoallDefines the log output. Supported levels are trace, debug, info, warn, error, fatal
JWT_SECRETno- (required)emailA secret of min length of 32 - It is used to verify the JWT_TOKEN sent by users of the email-service endpoints
AUTHENTICATIONnoJWTemailIf set to none, no JWT-Token is required for all endpoints. If set JWT, a JWT token is necessary
STORAGE_SERVICE_HOSTnolocalhoststorageIP address of storage service
STORAGE_SERVICE_PORTno8090storagePort of storage service
MINIO_ACCESS_KEYnominiostorageAccess key for Minio server
MINIO_SECRET_KEYnominio123storageSecret (Password) for Minio server
MINIO_PORTno9000storagePort of connected Minio
MINIO_HOSTnolocalhoststorageIP address of connected Minio server
MINIO_BUCKET_NAMEnotrubudgetstorageBucket name of the connected Minio server
LOGGER_PORTyes3000loggingPort where the logging-service is exposed
API_HOSTyeslocalhostloggingAPI host
API_PORTyes8080loggingAPI port
LOGGING_SERVICE_CACHE_DURATIONyes20loggingDefines how long valid JWT should be cached (in minutes).


Env VariableRequiredDefault ValueUsed byDescription
EXPOSE_MCnofalsebcIf set to true Trubudget tries to expose it's multichain via kubernetes' ingress. First a kubernetes config file is searched in /.kube/config. If not found and the MC is deployed in a cluster, it is searching for the service account to get the information. After configuration the externalip arg is set to the ip of the service' ingress of the configured clusterSERVICE_NAME and NAMESPACE are required to access the ingress of the service.
SERVICE_NAMEnobcThis variable is only required if EXPOSE_MC is set to true. It defines which service the kubernetes client should search for in the configured kubernetes cluster
NAMESPACEnobcThis variable is only required if EXPOSE_MC is set to true. It defines in which namespace the kubernetes client should search for the given service