Environment Variables
All Strawly configuration is managed through a .env file in the deployment directory. Copy the template to get started:
cp .env.example .env
Then fill in the values described below.
Core variables
These are required for every Strawly deployment.
Database
| Variable | Description | Example |
|---|---|---|
POSTGRES_DB |
Database name | strawly |
POSTGRES_USER |
Database user | strawly |
POSTGRES_PASSWORD |
Database password — use a strong random value | changeme |
Backend
| Variable | Description |
|---|---|
JWT_SECRET |
48-byte hex string used to sign authentication tokens |
CREDENTIALS_ENCRYPTION_KEY |
32-byte hex string used to encrypt stored credentials |
CORS_ORIGIN |
Allowed origin for CORS — set to your frontend URL (e.g. http://localhost:3000) |
Generate JWT_SECRET and CREDENTIALS_ENCRYPTION_KEY with the provided script:
./scripts/generate-secrets.sh >> .env
Container registry
| Variable | Description | Default |
|---|---|---|
CODEBERG_USERNAME |
Your Codeberg username — used to construct image URLs | strawly |
Module variables
These are only required when the corresponding module is enabled in strawly-deployment.yml.
Azure Optimizations (optimizations-azure)
| Variable | Description |
|---|---|
AZURE_TENANT_ID |
Azure Active Directory tenant ID |
AZURE_CLIENT_ID |
Service Principal application (client) ID |
AZURE_CLIENT_SECRET |
Service Principal client secret |
AZURE_SUBSCRIPTION_ID |
Azure subscription to scan |
The Service Principal must have Cost Management Reader and Reader roles on the subscription. See Azure Optimizations for setup instructions.
Production overrides
For production deployments, also set:
| Variable | Description |
|---|---|
CORS_ORIGIN |
Your public frontend URL (e.g. https://strawly.example.com) |
DATABASE_URL |
Full PostgreSQL connection string when using a managed database |
See Production for the full production hardening checklist.