Skip to main content
Reference for environment variables relevant to self-hosting Inbox Zero. Hosted-only billing, analytics, and internal operations variables are intentionally omitted unless they affect common self-hosted deployments.

Self-Hosting Environment Variables

VariableRequiredDescriptionDefault
Core
DATABASE_URLYesPostgreSQL connection string
DIRECT_URLNo*Direct PostgreSQL connection used by Prisma migrations. Set this when your pooled DATABASE_URL cannot run migrations. Docker Compose sets it automatically.DATABASE_URL
DATABASE_URL_UNPOOLEDNoAlternative unpooled PostgreSQL URL used by the app runtime in preview-style environments
NEXT_PUBLIC_BASE_URLYesPublic URL where app is hosted (e.g., https://yourdomain.com)
INTERNAL_API_KEYYesSecret key for internal API calls. Generate with openssl rand -hex 32
AUTH_SECRETYesbetter-auth secret. Generate with openssl rand -hex 32
NODE_ENVNoEnvironment modedevelopment
Encryption
EMAIL_ENCRYPT_SECRETYesSecret for encrypting OAuth tokens. Generate with openssl rand -hex 32
EMAIL_ENCRYPT_SALTYesSalt for encrypting OAuth tokens. Generate with openssl rand -hex 16
Google OAuth
GOOGLE_CLIENT_IDYesOAuth client ID from Google Cloud Console
GOOGLE_CLIENT_SECRETYesOAuth client secret from Google Cloud Console
Microsoft OAuth
MICROSOFT_CLIENT_IDNoOAuth client ID from Azure Portal
MICROSOFT_CLIENT_SECRETNoOAuth client secret from Azure Portal
MICROSOFT_TENANT_IDNoMicrosoft tenant used for OAuth (common for multi-tenant/personal-account support, or your tenant ID for single tenant)common
MICROSOFT_WEBHOOK_CLIENT_STATENoSecret for Microsoft webhook verification. Generate with openssl rand -hex 32
Slack
SLACK_CLIENT_IDNoSlack OAuth client ID
SLACK_CLIENT_SECRETNoSlack OAuth client secret
SLACK_SIGNING_SECRETNoSlack signing secret used to verify requests
NEXT_PUBLIC_SLACK_BOT_NAMENoBot display name shown in the appInbox Zero
Messaging Adapters
TEAMS_BOT_APP_IDNoMicrosoft Teams bot app ID
TEAMS_BOT_APP_PASSWORDNoMicrosoft Teams bot app password/secret
TEAMS_BOT_APP_TENANT_IDNoTenant ID, required when Microsoft Teams integration is enabled
TELEGRAM_BOT_TOKENNoTelegram bot token from BotFather
TELEGRAM_BOT_SECRET_TOKENNoOptional Telegram webhook secret token (sent in x-telegram-bot-api-secret-token)
Google PubSub
GOOGLE_PUBSUB_TOPIC_NAMEYesFull topic name (e.g., projects/my-project/topics/gmail)
GOOGLE_PUBSUB_VERIFICATION_TOKENYes*Token for webhook verification
Redis
UPSTASH_REDIS_URLNo*Upstash Redis URL or any Upstash-compatible HTTP Redis endpoint (*required if not using Docker Compose with local Redis)
UPSTASH_REDIS_TOKENNo*Upstash Redis token or serverless-redis-http token (*required if not using Docker Compose)
REDIS_URLNoRedis URL for subscriptions and the optional BullMQ worker
Image Proxy (Optional)
NEXT_PUBLIC_IMAGE_PROXY_BASE_URLNoBase URL for the optional remote-image proxy. Example: https://img.example.com/proxy
NEXT_PUBLIC_IMAGE_PROXY_USE_APP_ROUTENoSet to true to proxy remote images through the app’s own Next.js route at /api/image-proxy instead of a separate proxy servicefalse
IMAGE_PROXY_SIGNING_SECRETNoShared HMAC secret used to sign proxy URLs for the bundled Cloudflare Worker or a compatible proxy. Proxy validators may use a comma-separated list, but each signer should still be configured with a single secret.
LLM Provider Selection
DEFAULT_LLMSYesOrdered default model list in provider:model,provider:model format. First valid entry is primary; later entries are fallbacks.
ECONOMY_LLMSNoOrdered model list for cheaper operationsFalls back to DEFAULT_LLMS
CHAT_LLMSNoOrdered model list for chat operationsFalls back to DEFAULT_LLMS
NANO_LLMSNoOrdered model list for lightweight classification/extraction tasksFalls back to economy/default
DRAFT_LLMSNoOrdered model list for drafting repliesFalls back to DEFAULT_LLMS
DEFAULT_OPENROUTER_PROVIDERSNoComma-separated list of OpenRouter providers
ECONOMY_OPENROUTER_PROVIDERSNoOpenRouter providers for economy model
CHAT_OPENROUTER_PROVIDERSNoOpenRouter providers for chat
DEFAULT_LLM_PROVIDERDeprecatedLegacy primary LLM provider. Converted into DEFAULT_LLMS at startup.
DEFAULT_LLM_MODELDeprecatedLegacy default model. Converted into DEFAULT_LLMS at startup.Provider default
DEFAULT_LLM_FALLBACKSDeprecatedLegacy default fallback chain. Converted into DEFAULT_LLMS at startup.
ECONOMY_LLM_PROVIDERDeprecatedLegacy economy provider. Converted into ECONOMY_LLMS at startup.
ECONOMY_LLM_MODELDeprecatedLegacy economy model. Converted into ECONOMY_LLMS at startup.
ECONOMY_LLM_FALLBACKSDeprecatedLegacy economy fallback chain. Converted into ECONOMY_LLMS at startup.
CHAT_LLM_PROVIDERDeprecatedLegacy chat provider. Converted into CHAT_LLMS at startup.
CHAT_LLM_MODELDeprecatedLegacy chat model. Converted into CHAT_LLMS at startup.
CHAT_LLM_FALLBACKSDeprecatedLegacy chat fallback chain. Converted into CHAT_LLMS at startup.
NANO_LLM_PROVIDERDeprecatedLegacy nano provider. Converted into NANO_LLMS at startup.
NANO_LLM_MODELDeprecatedLegacy nano model. Converted into NANO_LLMS at startup.
DRAFT_LLM_PROVIDERDeprecatedLegacy draft provider. Converted into DRAFT_LLMS at startup.
DRAFT_LLM_MODELDeprecatedLegacy draft model. Converted into DRAFT_LLMS at startup.
LLM Provider Credentials
LLM_API_KEYNoShared fallback API key for simple single-provider setups; use provider-specific keys when mixing providers.
ANTHROPIC_API_KEYNoAnthropic API key
OPENAI_API_KEYNoOpenAI API key
OPENAI_ZERO_DATA_RETENTIONNoPass OpenAI zero-data-retention provider options when your OpenAI account is approved for itfalse
GOOGLE_API_KEYNoGoogle Gemini API key
GOOGLE_THINKING_BUDGETNoOverride the thinking budget for Gemini 2.x/2.5 models used through Google, Vertex, or AI Gateway. Set to 0 to omit the budget. Gemini 3 models still use minimal thinking.128
GROQ_API_KEYNoGroq API key
OPENROUTER_API_KEYNoOpenRouter API key
AI_GATEWAY_API_KEYNoAI Gateway API key
PERPLEXITY_API_KEYNoPerplexity API key for guest research for meeting briefs
Azure OpenAI
AZURE_API_KEYNoAzure OpenAI API key (required when azure is used and LLM_API_KEY is not set)
AZURE_RESOURCE_NAMENoAzure OpenAI resource name (required when azure is used as a default or fallback provider)
AZURE_API_VERSIONNoAzure OpenAI API version override
Google Vertex
GOOGLE_VERTEX_PROJECTNoGoogle Cloud project ID for Vertex AI (required when vertex is used as a default or fallback provider)
GOOGLE_VERTEX_LOCATIONNoVertex AI locationus-central1
GOOGLE_VERTEX_CLIENT_EMAILNoService account client email for Vertex auth (when not using ADC file)
GOOGLE_VERTEX_PRIVATE_KEYNoService account private key for Vertex auth (supports \n escaped newlines)
GOOGLE_APPLICATION_CREDENTIALSNoPath to a Google service account JSON file for ADC/Vertex auth
AWS Bedrock
BEDROCK_ACCESS_KEYNoAWS access key for Bedrock. See AI SDK Bedrock documentation.
BEDROCK_SECRET_KEYNoAWS secret key for Bedrock
BEDROCK_REGIONNoAWS region for Bedrockus-west-2
Ollama (Local LLM)
OLLAMA_BASE_URLNoOllama API endpoint (e.g., http://localhost:11434/api)
OLLAMA_MODELNoOllama model name when configured separately from the selected LLM tier model
OpenAI-Compatible (Local LLM)
OPENAI_COMPATIBLE_BASE_URLNoBase URL for an OpenAI-compatible server (e.g. LM Studio: http://localhost:1234/v1)http://localhost:1234/v1
OPENAI_COMPATIBLE_MODELNoOpenAI-compatible model name when configured separately from the selected LLM tier model
CLI LLM Providers (Experimental)
CLI_LLM_ENABLEDNoEnables community CLI-backed LLM providers (codex-cli, claude-code). Self-host only; requires installing optional provider packages.false
CODEX_CLI_ALLOW_NPXNoAllows the Codex community provider to fall back to npx @openai/codex if codex is not on PATH. Leave disabled unless you trust that install path.false
CODEX_CLI_PATHNoOptional path to the codex binary when using codex-cli.
AI Content Controls
SENSITIVE_DATA_POLICY_DEFAULTNoDefault policy for handling sensitive data matches in LLM requests (ALLOW, REDACT, or BLOCK)ALLOW
NEXT_PUBLIC_SENSITIVE_DATA_POLICY_LOCKEDNoSet to true to enforce the default policy for all accounts, disable account-level edits, and hide the setting in the UIfalse
Reasoning Retention
REASONING_RETENTION_DAYSNoNumber of days to keep stale AI reasoning fields before the daily reasoning-retention cron redacts them. Covers only ExecutedRule.reason and DocumentFiling.reasoning; group learnings and other stored content are not redacted. Leave unset to disable reasoning cleanup.Disabled
DRAFT_SENT_TEXT_RETENTION_DAYSNoNumber of days to keep captured sent draft text before the daily reasoning-retention cron redacts it.14
Background Jobs (QStash, optional)
QSTASH_TOKENNoQStash API token (optional; fallback runs jobs via internal API + cron)
QSTASH_CURRENT_SIGNING_KEYNoCurrent signing key for webhooks
QSTASH_NEXT_SIGNING_KEYNoNext signing key for key rotation
QUEUE_BACKENDNoBackground job transport: qstash, bullmq, or internalAuto-detect (qstash when configured, else internal)
Sentry
SENTRY_AUTH_TOKENNoAuth token for source maps
SENTRY_ORGANIZATIONNoOrganization slug
SENTRY_PROJECTNoProject slug
NEXT_PUBLIC_SENTRY_DSNNoClient-side DSN
Resend
RESEND_API_KEYNoAPI key for transactional emails
RESEND_AUDIENCE_IDNoAudience ID for contacts
RESEND_FROM_EMAILNoFrom email addressInbox Zero <updates@transactional.getinboxzero.com>
NEXT_PUBLIC_IS_RESEND_CONFIGUREDNoClient-side flag indicating if Resend is configured
Other
API_KEY_SALTNo*Salt used to hash external API keys. Generate with openssl rand -hex 32. Required when NEXT_PUBLIC_EXTERNAL_API_ENABLED=true.
CRON_SECRETNoShared secret that authenticates calls to the scheduled-task endpoints (/api/cron/*, /api/watch/all, /api/meeting-briefs, /api/follow-up-reminders). Required if you trigger these endpoints yourself instead of using the bundled Docker Compose cron container. Generate with openssl rand -hex 32. See Scheduled Tasks.
HEALTH_API_KEYNoAPI key for health checks
WEBHOOK_URLNoExternal webhook URL
INTERNAL_API_URLNoPreferred callback base URL for QStash and server-side internal callbacksNEXT_PUBLIC_BASE_URL
OAUTH_PROXY_URLNoOAuth proxy deployment URL used when callbacks should route through a separate proxy server
IS_OAUTH_PROXY_SERVERNoMarks this deployment as the OAuth proxy serverfalse
ADDITIONAL_TRUSTED_ORIGINSNoComma-separated additional trusted origins for auth/CORS, including wildcard origins such as https://*.vercel.app
Digest Controls
DIGEST_MAX_SUMMARIES_PER_24HNoMaximum digest summaries per email account in a rolling 24-hour window. Set to 0 to disable the cap.50
Admin & Access Control
ADMINSNoComma-separated list of admin emails
AUTH_ALLOWED_EMAILSNoComma-separated list of exact email addresses allowed to create new auth users. Useful for self-hosted or enterprise deployments that want to restrict sign-up.Open sign-up
AUTH_ALLOWED_EMAIL_DOMAINSNoComma-separated list of email domains allowed to create new auth users (for example company.com,subsidiary.org).Open sign-up
AUTO_JOIN_ORGANIZATION_ENABLEDNoAutomatically add new users to the single organization on sign-up. Only enable this if your deployment explicitly wants automatic org membership.false
AUTO_ENABLE_ORG_ANALYTICSNoDefault new organization memberships to analytics enabledfalse
SSO_LOGIN_ENABLEDNoShow and allow SSO login. Configuring an SSO provider is a separate admin setup step.false
NEXT_PUBLIC_SELF_HOSTED_LOGIN_FOOTER_TEXTNoSelf-hosted login footer notice. When unset, the default login footer notice is shown. Set to none to hide the notice.Default notice
Feature Flags
NEXT_PUBLIC_CONTACTS_ENABLEDNoEnable contacts featurefalse
NEXT_PUBLIC_EMAIL_SEND_ENABLEDNoEnable email sendingtrue
NEXT_PUBLIC_EXTERNAL_API_ENABLEDNoEnable external API endpoints, API keys, and API key UI. Also set API_KEY_SALT.false
NEXT_PUBLIC_WEBHOOK_ACTION_ENABLEDNoEnable outgoing webhook rule actions and the webhook-secret UItrue
NEXT_PUBLIC_AI_MODEL_SETTINGS_DISABLEDNoHide user AI model settings and reject account-level changes.false
NEXT_PUBLIC_BYPASS_PREMIUM_CHECKSNoBypass premium checks (recommended for self-hosting)true
NEXT_PUBLIC_DIGEST_ENABLEDNoEnable email digest feature, which sends periodic summaries of emails. Works without QStash (no retries).false
NEXT_PUBLIC_MEETING_BRIEFS_ENABLEDNoEnable meeting briefs, which automatically sends pre-meeting briefings to users. Requires the meeting briefs cron job to be running.false
NEXT_PUBLIC_FOLLOW_UP_REMINDERS_ENABLEDNoEnable follow-up reminders, which allows users to add labels to emails for automatic follow-up tracking. Requires the follow-up reminders cron job to be running.false
NEXT_PUBLIC_INTEGRATIONS_ENABLEDNoEnable the integrations feature, allowing users to connect external services.false
NEXT_PUBLIC_SMART_FILING_ENABLEDNoEnable the Smart Filing feature for automatic document organization from email attachments.false
NEXT_PUBLIC_CLEANER_ENABLEDNoEnable the newer cleaner/bulk cleanup experiencefalse
NEXT_PUBLIC_BOOKING_LINKS_ENABLEDNoEnable booking-link functionality. This is beta and is not actively being worked on.false
NEXT_PUBLIC_AUTO_DRAFT_DISABLEDNoDisable the auto-drafting feature, which automatically drafts replies based on assistant rules.false
NEXT_PUBLIC_TABS_EXTENSION_IDNoChrome extension ID used for Inbox Zero Tabs syncBuilt-in extension ID
White Labeling (Optional)
NEXT_PUBLIC_BRAND_NAMENoBrand name used in UI text and metadataInbox Zero
NEXT_PUBLIC_BRAND_LOGO_URLNoCustom logo URL or public asset path (for example /images/brand-logo.svg)Built-in Inbox Zero logo
NEXT_PUBLIC_BRAND_ICON_URLNoCustom app icon URL or public asset path/icon.png
NEXT_PUBLIC_SUPPORT_EMAILNoContact email shown in support links and error messagessupport@getinboxzero.com
Debugging
DISABLE_LOG_ZOD_ERRORSNoDisable logging Zod validation errors
ENABLE_DEBUG_LOGSNoEnable debug loggingfalse
NEXT_PUBLIC_LOG_SCOPESNoComma-separated log scopes
* Conditional requirements:
  • DIRECT_URL is required only when Prisma migrations need a direct/unpooled database URL that differs from DATABASE_URL.
  • API_KEY_SALT is required only when external API keys are enabled with NEXT_PUBLIC_EXTERNAL_API_ENABLED=true.
  • GOOGLE_PUBSUB_VERIFICATION_TOKEN is required when Gmail Pub/Sub push is enabled. If your deployment authenticates /api/google/webhook upstream, you can set it to an empty string to intentionally disable query-parameter verification.

Setup Guides

For detailed setup instructions, see the Setup Guides:

Notes

  • If running the app in Docker and Ollama locally, use http://host.docker.internal:11434/api as the OLLAMA_BASE_URL.
  • If running the app in Docker and an OpenAI-compatible server locally, replace localhost with host.docker.internal in OPENAI_COMPATIBLE_BASE_URL.
  • CLI LLM providers are experimental and depend on third-party community AI SDK provider packages that spawn local CLI tools. Review their source, pin exact versions, and only enable them on trusted self-hosted deployments.
  • When using Docker Compose with --profile all, database and Redis URLs are auto-configured. See the Docker/VPS Deployment Guide for details.
  • For image privacy, you can deploy the optional proxy separately and point NEXT_PUBLIC_IMAGE_PROXY_BASE_URL at it. See the Image Proxy guide.
  • For Azure OpenAI, set AZURE_RESOURCE_NAME and either AZURE_API_KEY or LLM_API_KEY when using azure as a default or fallback provider.
  • For Google Vertex, set GOOGLE_VERTEX_PROJECT when using vertex as a provider. For auth, use either GOOGLE_APPLICATION_CREDENTIALS (recommended for Node.js) or both GOOGLE_VERTEX_CLIENT_EMAIL and GOOGLE_VERTEX_PRIVATE_KEY. You do not need to set all three auth variables. See AI SDK Google Vertex documentation.
  • AUTH_ALLOWED_EMAILS and AUTH_ALLOWED_EMAIL_DOMAINS only restrict creation of new auth users. They do not retroactively block existing users, and they do not replace invitation-based organization access control.
  • If both auth allowlist variables are unset, sign-up remains open.
  • You can combine exact email allowlisting with domain allowlisting. For example, allow company.com broadly while also permitting a few personal addresses such as founders or contractors.