Environment variables

Author: danciaclara

api-reference/issue/list-issues.mdx

@@ -8,5 +8,5 @@ api: GET /api/v1/workspaces/{workspace-slug}/projects/{project_id}/issues/
 
 <ParamField path="workspace-slug" type="string" required></ParamField>
 <ParamField path="project_id" type="string" required></ParamField>
-<ParamField query="fields" type="string" required></ParamField>
-<ParamField query="expand" type="string" required></ParamField>
+<ParamField query="fields" type="string"></ParamField>
+<ParamField query="expand" type="string"></ParamField>

mint.json

@@ -91,6 +91,7 @@
         },
         "self-hosting/govern/communication",
         "self-hosting/govern/database-and-storage",
+        "self-hosting/govern/env-variables",
         "self-hosting/govern/custom-domain",
         "self-hosting/govern/private-bucket",
         {

self-hosting/govern/env-variables.mdx

@@ -0,0 +1,138 @@
+---
+title: Environment variables reference guide
+sidebarTitle: Environment variables
+---
+
+This guide provides a comprehensive overview of all environment variables used in the Commercial Edition. These variables allow you to customize your Plane instance to best fit your organization's needs.
+
+## Where to find the .env file
+
+The environment file for Plane Commercial Edition is located at:
+    ```bash
+    /opt/plane/plane.env
+    ```
+
+This is where you'll make all configuration changes. Remember to restart the instance after making changes to ensure they take effect.
+
+## Environment variables
+
+### General settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **DOMAIN_NAME** | Primary domain name for your Plane instance. This determines how users will access your installation. | `localhost` |
+| **APP_RELEASE_VERSION** | The version of Plane Commercial Edition you're running. This helps with troubleshooting and ensures compatibility. | *Current release version* |
+| **WEB_URL** | The complete base URL for the web application including protocol (e.g., `https://plane.example.com`).|`http://localhost`|
+| **API_BASE_URL** | The base URL for API services. In most setups, this will be the same as your WEB_URL with `/api` appended. |`http://api:8000`|
+| **CORS_ALLOWED_ORIGINS** | Comma-separated list of origins allowed to make cross-origin requests to your API. Usually, this should include your WEB_URL. |`http://localhost`|
+| **DEBUG** | Toggles debug mode for more verbose logging and debugging information.| `0` (disabled) |
+
+### Database settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **PGHOST** | Hostname or IP address of your PostgreSQL server. | `plane-db` |
+| **PGDATABASE** | Name of the PostgreSQL database Plane will use. | `plane` |
+| **POSTGRES_USER** | Username for PostgreSQL authentication. | `plane` |
+| **POSTGRES_PASSWORD** | Password for PostgreSQL authentication. **Critical:** Use a strong, unique password here. |`plane`|
+| **POSTGRES_DB** | Same as PGDATABASE - the name of the PostgreSQL database. | `plane` |
+| **POSTGRES_PORT** | TCP port your PostgreSQL server is listening on. | `5432` |
+| **PGDATA** | Directory path where PostgreSQL data is stored. Only relevant if you're managing PostgreSQL within the same container/system. | `/var/lib/postgresql/data` |
+| **DATABASE_URL** | Full connection string for PostgreSQL. If provided, this takes precedence over individual connection parameters. Format: `postgresql://username:password@host:port/dbname` | *Constructed from individual settings* |
+
+### Redis settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **REDIS_HOST** | Hostname or IP address of your Redis server. | `plane-redis` |
+| **REDIS_PORT** | TCP port your Redis server is listening on. | `6379` |
+| **REDIS_URL** | Full connection string for Redis.|  |
+
+### RabbitMQ settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **RABBITMQ_HOST** | Hostname or IP address of your RabbitMQ server. | `plane-mq` |
+| **RABBITMQ_PORT** | TCP port your RabbitMQ server is listening on. | `5672` |
+| **RABBITMQ_DEFAULT_USER** | Username for RabbitMQ authentication. | `plane` |
+| **RABBITMQ_DEFAULT_PASS** | Password for RabbitMQ authentication. | `plane` |
+| **RABBITMQ_DEFAULT_VHOST** | Virtual host for RabbitMQ, providing logical separation of resources. | `plane` |
+| **AMQP_URL** | Full connection string for RabbitMQ. Format: `amqp://username:password@host:port/vhost` |  |
+
+### Security and API settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **SECRET_KEY** | Secret key used for various cryptographic operations, including JWT token signing. | |
+| **API_KEY_RATE_LIMIT** | Rate limit for API requests to prevent abuse. Format: `number/timeunit` | `60/minute` |
+| **SENTRY_DSN** | Data Source Name for Sentry error tracking integration. Leave empty if not using Sentry. ||
+| **SENTRY_ENVIRONMENT** | Environment identifier for Sentry logging, helping you distinguish between different deployments. | `production` |
+
+### Storage and file uploads
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **USE_MINIO** | Determines whether to use MinIO for object storage. Set to `1` to enable MinIO, `0` to use configured S3 or local storage. | `1` |
+| **AWS_REGION** | AWS region for S3 storage services. | |
+| **AWS_ACCESS_KEY_ID** | Access key for MinIO or AWS S3 authentication. |  |
+| **AWS_SECRET_ACCESS_KEY** | Secret key for MinIO or AWS S3 authentication. |  |
+| **AWS_S3_ENDPOINT_URL** | Custom endpoint URL for MinIO or S3-compatible storage. | `http://plane-minio:9000`|
+| **AWS_S3_BUCKET_NAME** | S3 bucket name for file storage. | `uploads` |
+| **FILE_SIZE_LIMIT** | Maximum file upload size in bytes. | `5242880` (5MB) |
+| **MINIO_ENDPOINT_SSL** | Force HTTPS for MinIO when dealing with SSL termination. Set to `1` to enable. | `0` |
+
+### Workers and Performance
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **GUNICORN_WORKERS** | Number of Gunicorn workers for handling web requests. Increase for better performance on high-traffic instances. | `2` |
+| **WEB_REPLICAS** | Number of web server replicas for load balancing. | `1` |
+| **SPACE_REPLICAS** | Number of space service replicas for workspaces. | `1` |
+| **ADMIN_REPLICAS** | Number of admin service replicas. | `1` |
+| **API_REPLICAS** | Number of API service replicas. | `1` |
+| **WORKER_REPLICAS** | Number of worker service replicas for background tasks. | `1` |
+| **BEAT_WORKER_REPLICAS** | Number of beat worker replicas for scheduled tasks. | `1` |
+| **LIVE_REPLICAS** | Number of live service replicas for real-time updates. | `1` |
+
+### Installation and system settings
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **INSTALL_DIR** | Directory where Plane is installed. | `/opt/plane` |
+| **MACHINE_SIGNATURE** | Unique identifier for your instance, used for licensing and authentication.| |
+
+### Networking and SSL
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **LISTEN_HTTP_PORT** | Port for HTTP traffic. | `80` |
+| **LISTEN_HTTPS_PORT** | Port for HTTPS traffic. | `443` |
+| **APP_PROTOCOL** | Protocol to be used, either `http` or `https`. | `http` |
+| **TRUSTED_PROXIES** | CIDR notation of trusted proxies for request forwarding. Important when behind load balancers or reverse proxies. | `0.0.0.0/0` |
+| **CERT_EMAIL** | Email used for SSL certificate registration with Let's Encrypt or other ACME providers. |`[email protected]`|
+| **CERT_ACME_CA** | ACME Certificate Authority URL for SSL certificate issuance. | `https://acme-v02.api.letsencrypt.org/directory` |
+| **CERT_ACME_DNS** | DNS provider configuration for SSL certificate domain validation. Format varies by provider. |  |
+| **SSL_VERIFY** | Whether to verify SSL certificates for outgoing connections. Set to `0` only in development environments. | `1` |
+
+### Monitoring and feature flags
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **FEATURE_FLAG_SERVER_BASE_URL** | Base URL for feature flag service, enabling granular control over feature availability. | `http://monitor:8080`|
+| **PAYMENT_SERVER_BASE_URL** | Base URL for payment service, handling licensing and subscription management. |`http://monitor:8080`|
+
+### Silo and Integrations
+
+| Variable | Description | Default Value |
+|----------|-------------|---------------|
+| **SILO_HMAC_SECRET_KEY** | Secret key for Silo authentication and secure communication. | |
+| **GITHUB_CLIENT_ID** | OAuth client ID for GitHub integration. |  |
+| **GITHUB_CLIENT_SECRET** | OAuth client secret for GitHub integration. |  |
+| **GITHUB_APP_NAME** | GitHub App name for enhanced GitHub integration. |  |
+| **GITHUB_APP_ID** | GitHub App ID for enhanced GitHub integration. |  |
+| **GITHUB_PRIVATE_KEY** | Private key for GitHub App authentication. | |
+| **SLACK_CLIENT_ID** | OAuth client ID for Slack integration. |  |
+| **SLACK_CLIENT_SECRET** | OAuth client secret for Slack integration. |  |
+| **GITLAB_CLIENT_ID** | OAuth client ID for GitLab integration. |  |
+| **GITLAB_CLIENT_SECRET** | OAuth client secret for GitLab integration. | |
+

self-hosting/govern/external-secrets.mdx

@@ -9,7 +9,7 @@ This guide explains how to integrate Plane with external secret management solut
 
 1. Create a dedicated IAM user (e.g., `external-secret-access-user`). You can uncheck **Console Access Required**.
 2. Generate `ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` and keep them handy.
-3. Note the user's ARN for later use (format: `arn:aws:iam::<account-id>:user/<user-name>`).
+3. Note the user's ARN for later use (format: `arn:aws:iam::<account-id>:user/<user-name>`).
 
 4. Create IAM policy (e.g., `external-secret-access-policy`) with the following JSON: