Environment Variables Reference
This file documents all supported .env entries for the Frafos monitoring stack. Place your .env file in the same directory as your docker-compose.yml or manifest files to configure your deployment.
Example .env File
Show example .env file
⬇️ Download env.example
.env
# --- Generic ---
# NODE_ENV=production # Specifies the current environment for the application. Affects configuration, logging, and feature toggles throughout the app. Defaults to 'production'. | required | enum: [dev, test, production, CI]
# MOKI_DEBUG=false # Enable verbose debug logging and additional diagnostic output for Moki. Useful for troubleshooting and development. | DEPRECATED | required
# ADDR=0.0.0.0 # IP address or hostname for the Express.js server to bind to. Must be a valid IPv4 or IPv6 address. | required
# SERVER_PORT=5000 # Port number for the server to listen on. | required | min: 0 (exclusive), max: 65536
# PORT= # Port number for the server to listen on, used for compatibility. Will be deprecated in future versions and will be replaced by SERVER_PORT. Still has the higher priority for the server port. | DEPRECATED | optional | min: 0 (exclusive), max: 65536
# PUBLIC_URL= # Publicly accessible URL of the application. Used for generating links and references. Must be a valid URL. | optional
# STATIC_DOC_FILES_PATH=/moki/documentations # Filesystem path to static documentation files served by the application. Used for hosting and accessing documentation. | required
# GUI_TLS_CERT_PATH= # The absolute filesystem path to the TLS/SSL certificate file used to secure the web interface (GUI) with HTTPS. The file must exist, have a valid '.pem' or '.crt' extension, and contain a valid certificate. | optional
# GUI_TLS_KEY_PATH= # The absolute filesystem path to the private key file corresponding to the TLS/SSL certificate for the web interface (GUI). The file must exist, have a valid '.pem', '.crt', or '.key' extension, and contain a valid private key. | optional
# LOG_PATH=/data/abc-monitor/logs # Filesystem path where application log files are stored. Used for tracking server and application events. | required
# LOG_LEVEL=info # Logging level for application output. Controls verbosity: trace (most detailed), debug, info, warn, error, fatal (least detailed). | required | enum: [trace, debug, info, warn, error, fatal]
# REPORT_URL=http://localhost:5000/report # URL endpoint for accessing application reports. Must be a valid URL. | required
# BROWSER_URL=http://chrome:9222/ # URL of the browser endpoint used for remote browser automation or debugging. Must be a valid URL. | required
# PYTHON_PATH=python3 # Filesystem path or command to the Python executable used for running Python scripts or integrations. | required
# EVENT_GENERATOR_PATH=event-generator-cli # Filesystem path or command to the event generator CLI tool. Used for generating events in the application. | required
# WEB_PUSH_VAPID_PUB=BDMDdcui_F0YkNqSG6y-OJdm_rCluBUXm7g8Bz02BShFoi4knfKPRX-YiILV6l0mi1BwHBif6r-RhfMNYgLeFd0 # Public VAPID key used for authenticating web push notifications sent to clients. Must be a valid VAPID public key string, typically generated for your push service. | required
# WEB_PUSH_VAPID_PRV=m_zagbTESoDoxQVFg00EbbHLPt0zLI28f9FoXzU3Uj0 # Private VAPID key used for signing web push notifications sent to clients. Must be a valid VAPID private key string, kept secret and paired with the public key. | required
# START_PERIODIC_JOBS_ON_BOOT=true # Enable periodic job scheduling on boot | required
# DOCS_PROXY_URL= # URL of the external documentation service to proxy requests to. If set, documentation is hosted externally and `STATIC_DOC_FILES_PATH` is ignored. | optional
# --- Auth ---
# JWT_required=false # Require JWT authentication for SIP user access. If true, users must provide a valid JWT token to authenticate. | required
# BYPASS_AUTH=false # If true, the login page is displayed for user authentication; if false, users are redirected directly to the dashboard without authentication. | required
# CCM= # IP address or hostname of the CCM server used for SIP communications. Must be a valid IPv4, IPv6, or hostname. | optional
# CCM_API_TOKEN= # CCM API token that has full read access, to generate the token, `https://x.x.x.x/api/v1/auth_token` replace the `x.x.x.x` with CCM address. Required when CCM address is specified. | optional
# --- Elasticsearch ---
# ES= # URL of the Elasticsearch server to override the value from database. Must be a valid URL. Used for connecting to the Elasticsearch instance. | optional
# ES_USERNAME= # Username for authenticating with the Elasticsearch server. Required if ES_PASSWORD is provided. | optional
# ES_PASSWORD= # Password for authenticating with the Elasticsearch server. Required if ES_USERNAME is provided. | optional
# ES_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required to complete the recovery process in Elasticsearch operations. Controls how many successful confirmations are needed before recovery is considered complete. | required
# --- Vector ---
# VECTOR_RUNNER=local # Specify your desired runner | required | enum: [podman, docker, local]
# VECTOR_ES_ENDPOINT= # Override Elasticsearch URL from value config.ES | optional
# VECTOR_SYSLOG_ENABLED= # Enable syslog | optional
# VECTOR_SYSLOG_PORT= # Vector SYSLOG port used for communication | optional | min: 0 (exclusive), max: 65536
# VECTOR_SYSLOG_TLS_ENABLED= # Force using GUI TLS key and cert | optional
# VECTOR_SYSLOG_TRANSPORT_PROTOCOL= # Vector SYSLOG transport layer protocol | optional | enum: [tcp, udp]
# VECTOR_SYSLOG_CRT_FILE= # Path to the certificate file used for SSL/TLS for syslog source | optional
# VECTOR_SYSLOG_KEY_FILE= # Path to the certificate-key file used for SSL/TLS for syslog source | optional
# VECTOR_SOCKET_PORT= # Vector TCP port used for communication | optional | min: 0 (exclusive), max: 65536
# VECTOR_SOCKET_TLS_PORT= # Vector TCP port used for TLS communication | optional | min: 0 (exclusive), max: 65536
# VECTOR_SOCKET_ADDR=0.0.0.0 # Vector host address used for communication | required
# INPUT_TLS_ONLY= # Enable TLS for Vector | optional
# VECTOR_LOG= # The vector log. Default will be handled by vector start script | optional | enum: [trace, debug, info, warn, error, off]
# VECTOR_API_ADDRESS=127.0.0.1:8686 # Vector API Address. Only used for health check. It should be `IP:PORT` format | required
# VECTOR_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required for recovery | required
# EVENT_TLS_CACERT= # Path to the CA file used for SSL/TLS | optional
# EVENT_TLS_CERT= # Path to the certificate file used for SSL/TLS | optional
# EVENT_TLS_KEY= # Path to the certificate-key file used for SSL/TLS | optional
# EVENT_TLS_KEY_PASS= # Passphrase for certificate key | optional
# TLS_CERT_VERIFY_LEVEL=false # Peer certificate verification level | required
# VECTOR_WATCH_CONFIG=true # When this option is enabled, vector will restart on any config change | required
# VECTOR_GRACEFUL_SHUTDOWN_LIMIT_SECS=60 # Set the duration in seconds to wait for graceful shutdown after SIGINT or SIGTERM are received. After the duration has passed, Vector will force shutdown. default is 60 | required
# --- AA ---
# ADVANCED_ALERTS= # Enable advanced alerts for enhanced monitoring and notification features | optional
# ADVANCED_ALERTS_URL= # The endpoint URL used for advanced alerts when ADVANCED_ALERTS is enabled. Must be a valid URL. | optional
# AA_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required to complete the recovery process. Controls how many successful confirmations are needed before recovery is considered complete. | required | min: 1, max: 100
# --- Redis ---
# REDIS_ENDPOINT= # Redis endpoint. eg: redis://redis:6379/0 | optional
# REDIS_RECOVERY_CONFIRMATION_COUNT=3 # Number of confirmations required for recovery | required
# --- S3 ---
# UPLOAD_API_PORT=3042 # Port number for the upload API server to listen on. | required | min: 0 (exclusive), max: 65536
# UPLOAD_API_TLS_KEY_PATH= # Filesystem path to the TLS key file used for HTTPS connections in the upload API. | optional
# UPLOAD_API_TLS_CERT_PATH= # Filesystem path to the TLS certificate file used for HTTPS connections in the upload API. | optional
# UPLOAD_API_TLS_CA_PATH= # Filesystem path to the TLS CA certificate file for validating client certificates in mutual TLS setups. | optional
# UPLOAD_API_MUTUAL_AUTH=false # Enable mutual TLS authentication for the upload API. If true, both client and server must present valid certificates. | required
# UPLOAD_API_RSYNC_PORT=1873 # Port number for the rsync server used by the upload API for file synchronization. | required | min: 0 (exclusive), max: 65536
# UPLOAD_API_RSYNC_USER=sbcsync # Username for authenticating with the rsync server in the upload API. | required
# UPLOAD_API_RSYNC_PASSWORD=ZJaqCW6zwznD # Password for authenticating with the rsync server in the upload API. | required
# UPLOAD_API_STORAGE_TYPE=file # Type of storage backend used by the upload API. | required | enum: [s3, file, null]
# STORAGE_LOCATION= # Filesystem path or S3 bucket name where uploaded files are stored. | optional
# UPLOAD_API_S3_FORCE_PATH_STYLE=false # Force path-style access for S3 buckets in the upload API. Useful for S3-compatible services or custom endpoints. | required
# AWS_REGION=auto # AWS region for S3 storage operations. Used to select the correct S3 endpoint. | required
# AWS_ENDPOINT_URL_S3= # Custom endpoint URL for S3 storage. Must be a valid URL. Used for S3-compatible services or local testing. | optional
# AWS_ACCESS_KEY_ID= # AWS Access Key ID for authenticating S3 storage operations. | optional
# AWS_SECRET_ACCESS_KEY= # AWS Secret Access Key for authenticating S3 storage operations. | optional
# --- Client ---
# ALLOWED_HOSTS=localhost,127.0.0.1 # List of hostnames or IP addresses allowed for the UI to connect to the server and used in SSL certificate validation. | optional
# UI_PORT=3000 # Port number for the user interface (UI) to listen on. | required | min: 0 (exclusive), max: 65536
# --- Channel ---
# DEFAULT_CHANNEL_ID= # Unique identifier for the notification channel. Used to reference and manage the channel in the system. Must be a non-empty string. | optional | min: 1
# DEFAULT_CHANNEL_TYPE= # Type of the notification channel, such as 'email', 'sms', or 'webhook'. Determines how notifications are delivered. | optional | min: 1
# DEFAULT_CHANNEL_NAME= # Human-readable name for the channel. Used for display and identification purposes. Must be at least 5 characters. | optional | min: 5
# DEFAULT_CHANNEL_PARAMS= # JSON string containing channel-specific configuration parameters. | optional
Ports
- SERVER_PORT: 5000
- PORT:
- VECTOR_SYSLOG_PORT:
- VECTOR_SOCKET_PORT:
- VECTOR_SOCKET_TLS_PORT:
- UPLOAD_API_PORT: 3042
- UPLOAD_API_RSYNC_PORT: 1873
- UI_PORT: 3000
Variable Definitions
- Generic
- Auth
- Elasticsearch
- Vector
- AA
- Redis
- S3
- Client
- Channel
Generic environment variables used for core application configuration, debugging, server address, ports, URLs, and paths. These variables control the main behavior and entry points of the monitoring stack.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| NODE_ENV | enum [dev, test, production, CI] | production | enum: [dev, test, production, CI] | Specifies the current environment for the application. Affects configuration, logging, and feature toggles throughout the app. Defaults to 'production'. |
| MOKI_DEBUG | [DEPRECATED] boolean | false | - | Enable verbose debug logging and additional diagnostic output for Moki. Useful for troubleshooting and development. |
| ADDR | string | 0.0.0.0 | - | IP address or hostname for the Express.js server to bind to. Must be a valid IPv4 or IPv6 address. |
| SERVER_PORT | number | 5000 | min: 0 (exclusive), max: 65536 | Port number for the server to listen on. |
| PORT | [DEPRECATED] number | - | min: 0 (exclusive), max: 65536 | Port number for the server to listen on, used for compatibility. Will be deprecated in future versions and will be replaced by SERVER_PORT. Still has the higher priority for the server port. |
| PUBLIC_URL | string | - | - | Publicly accessible URL of the application. Used for generating links and references. Must be a valid URL. |
| STATIC_DOC_FILES_PATH | string | /moki/documentations | - | Filesystem path to static documentation files served by the application. Used for hosting and accessing documentation. |
| GUI_TLS_CERT_PATH | string | - | - | The absolute filesystem path to the TLS/SSL certificate file used to secure the web interface (GUI) with HTTPS. The file must exist, have a valid '.pem' or '.crt' extension, and contain a valid certificate. |
| GUI_TLS_KEY_PATH | string | - | - | The absolute filesystem path to the private key file corresponding to the TLS/SSL certificate for the web interface (GUI). The file must exist, have a valid '.pem', '.crt', or '.key' extension, and contain a valid private key. |
| LOG_PATH | string | /data/abc-monitor/logs | - | Filesystem path where application log files are stored. Used for tracking server and application events. |
| LOG_LEVEL | enum [trace, debug, info, warn, error, fatal] | info | enum: [trace, debug, info, warn, error, fatal] | Logging level for application output. Controls verbosity: trace (most detailed), debug, info, warn, error, fatal (least detailed). |
| REPORT_URL | string | http://localhost:5000/report | - | URL endpoint for accessing application reports. Must be a valid URL. |
| BROWSER_URL | string | http://chrome:9222/ | - | URL of the browser endpoint used for remote browser automation or debugging. Must be a valid URL. |
| PYTHON_PATH | string | python3 | - | Filesystem path or command to the Python executable used for running Python scripts or integrations. |
| EVENT_GENERATOR_PATH | string | event-generator-cli | - | Filesystem path or command to the event generator CLI tool. Used for generating events in the application. |
| WEB_PUSH_VAPID_PUB | string | BDMDdcui_F0YkNqSG6y-OJdm_rCluBUXm7g8Bz02BShFoi4knfKPRX-YiILV6l0mi1BwHBif6r-RhfMNYgLeFd0 | - | Public VAPID key used for authenticating web push notifications sent to clients. Must be a valid VAPID public key string, typically generated for your push service. |
| WEB_PUSH_VAPID_PRV | string | m_zagbTESoDoxQVFg00EbbHLPt0zLI28f9FoXzU3Uj0 | - | Private VAPID key used for signing web push notifications sent to clients. Must be a valid VAPID private key string, kept secret and paired with the public key. |
| START_PERIODIC_JOBS_ON_BOOT | boolean | true | - | Enable periodic job scheduling on boot |
| DOCS_PROXY_URL | string | - | - | URL of the external documentation service to proxy requests to. If set, documentation is hosted externally and STATIC_DOC_FILES_PATH is ignored. |
Authentication-related variables. Configure JWT requirements, login bypass, and CCM server integration for secure access and user management.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| JWT_required | boolean | false | - | Require JWT authentication for SIP user access. If true, users must provide a valid JWT token to authenticate. |
| BYPASS_AUTH | boolean | false | - | If true, the login page is displayed for user authentication; if false, users are redirected directly to the dashboard without authentication. |
| CCM | string | - | - | IP address or hostname of the CCM server used for SIP communications. Must be a valid IPv4, IPv6, or hostname. |
| CCM_API_TOKEN | string | - | - | CCM API token that has full read access, to generate the token, [https://x.x.x.x/api/v1/auth_token](https://x.x.x.x/api/v1/auth_token`) replace the x.x.x.x with CCM address. Required when CCM address is specified. |
Elasticsearch configuration. Set connection details, credentials, and recovery options for the main data store powering search and analytics.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| ES | string | - | - | URL of the Elasticsearch server to override the value from database. Must be a valid URL. Used for connecting to the Elasticsearch instance. |
| ES_USERNAME | string | - | - | Username for authenticating with the Elasticsearch server. Required if ES_PASSWORD is provided. |
| ES_PASSWORD | string | - | - | Password for authenticating with the Elasticsearch server. Required if ES_USERNAME is provided. |
| ES_RECOVERY_CONFIRMATION_COUNT | number | 3 | - | Number of confirmations required to complete the recovery process in Elasticsearch operations. Controls how many successful confirmations are needed before recovery is considered complete. |
Vector database configuration. Define connection settings, credentials, and recovery options for vector-based data storage and retrieval.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| VECTOR_RUNNER | enum [podman, docker, local] | local | enum: [podman, docker, local] | Specify your desired runner |
| VECTOR_ES_ENDPOINT | string | - | - | Override Elasticsearch URL from value config.ES |
| VECTOR_SYSLOG_ENABLED | boolean | - | - | Enable syslog |
| VECTOR_SYSLOG_PORT | number | - | min: 0 (exclusive), max: 65536 | Vector SYSLOG port used for communication |
| VECTOR_SYSLOG_TLS_ENABLED | boolean | - | - | Force using GUI TLS key and cert |
| VECTOR_SYSLOG_TRANSPORT_PROTOCOL | enum [tcp, udp] | - | enum: [tcp, udp] | Vector SYSLOG transport layer protocol |
| VECTOR_SYSLOG_CRT_FILE | string | - | - | Path to the certificate file used for SSL/TLS for syslog source |
| VECTOR_SYSLOG_KEY_FILE | string | - | - | Path to the certificate-key file used for SSL/TLS for syslog source |
| VECTOR_SOCKET_PORT | number | - | min: 0 (exclusive), max: 65536 | Vector TCP port used for communication |
| VECTOR_SOCKET_TLS_PORT | number | - | min: 0 (exclusive), max: 65536 | Vector TCP port used for TLS communication |
| VECTOR_SOCKET_ADDR | string | 0.0.0.0 | - | Vector host address used for communication |
| INPUT_TLS_ONLY | boolean | - | - | Enable TLS for Vector |
| VECTOR_LOG | enum [trace, debug, info, warn, error, off] | - | enum: [trace, debug, info, warn, error, off] | The vector log. Default will be handled by vector start script |
| VECTOR_API_ADDRESS | string | 127.0.0.1:8686 | - | Vector API Address. Only used for health check. It should be IP:PORT format |
| VECTOR_RECOVERY_CONFIRMATION_COUNT | number | 3 | - | Number of confirmations required for recovery |
| EVENT_TLS_CACERT | string | - | - | Path to the CA file used for SSL/TLS |
| EVENT_TLS_CERT | string | - | - | Path to the certificate file used for SSL/TLS |
| EVENT_TLS_KEY | string | - | - | Path to the certificate-key file used for SSL/TLS |
| EVENT_TLS_KEY_PASS | string | - | - | Passphrase for certificate key |
| TLS_CERT_VERIFY_LEVEL | boolean | false | - | Peer certificate verification level |
| VECTOR_WATCH_CONFIG | boolean | true | - | When this option is enabled, vector will restart on any config change |
| VECTOR_GRACEFUL_SHUTDOWN_LIMIT_SECS | number | 60 | - | Set the duration in seconds to wait for graceful shutdown after SIGINT or SIGTERM are received. After the duration has passed, Vector will force shutdown. default is 60 |
Analytics and Alerts (AA) configuration. Enable advanced alerting, set endpoints, and control confirmation requirements for alert workflows.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| ADVANCED_ALERTS | boolean | - | - | Enable advanced alerts for enhanced monitoring and notification features |
| ADVANCED_ALERTS_URL | string | - | - | The endpoint URL used for advanced alerts when ADVANCED_ALERTS is enabled. Must be a valid URL. |
| AA_RECOVERY_CONFIRMATION_COUNT | number | 3 | min: 1, max: 100 | Number of confirmations required to complete the recovery process. Controls how many successful confirmations are needed before recovery is considered complete. |
Redis environment.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| REDIS_ENDPOINT | string | - | - | Redis endpoint. eg: redis://redis:6379/0 |
| REDIS_RECOVERY_CONFIRMATION_COUNT | number | 3 | - | Number of confirmations required for recovery |
S3 storage configuration. Manage upload API, TLS, rsync, storage type, region, endpoint, and credentials for file storage and backup.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| UPLOAD_API_PORT | number | 3042 | min: 0 (exclusive), max: 65536 | Port number for the upload API server to listen on. |
| UPLOAD_API_TLS_KEY_PATH | string | - | - | Filesystem path to the TLS key file used for HTTPS connections in the upload API. |
| UPLOAD_API_TLS_CERT_PATH | string | - | - | Filesystem path to the TLS certificate file used for HTTPS connections in the upload API. |
| UPLOAD_API_TLS_CA_PATH | string | - | - | Filesystem path to the TLS CA certificate file for validating client certificates in mutual TLS setups. |
| UPLOAD_API_MUTUAL_AUTH | boolean | false | - | Enable mutual TLS authentication for the upload API. If true, both client and server must present valid certificates. |
| UPLOAD_API_RSYNC_PORT | number | 1873 | min: 0 (exclusive), max: 65536 | Port number for the rsync server used by the upload API for file synchronization. |
| UPLOAD_API_RSYNC_USER | string | sbcsync | - | Username for authenticating with the rsync server in the upload API. |
| UPLOAD_API_RSYNC_PASSWORD | string | ZJaqCW6zwznD | - | Password for authenticating with the rsync server in the upload API. |
| UPLOAD_API_STORAGE_TYPE | enum [s3, file, null] | file | enum: [s3, file, null] | Type of storage backend used by the upload API. |
| STORAGE_LOCATION | string | - | - | Filesystem path or S3 bucket name where uploaded files are stored. |
| UPLOAD_API_S3_FORCE_PATH_STYLE | boolean | false | - | Force path-style access for S3 buckets in the upload API. Useful for S3-compatible services or custom endpoints. |
| AWS_REGION | string | auto | - | AWS region for S3 storage operations. Used to select the correct S3 endpoint. |
| AWS_ENDPOINT_URL_S3 | string | - | - | Custom endpoint URL for S3 storage. Must be a valid URL. Used for S3-compatible services or local testing. |
| AWS_ACCESS_KEY_ID | string | - | - | AWS Access Key ID for authenticating S3 storage operations. |
| AWS_SECRET_ACCESS_KEY | string | - | - | AWS Secret Access Key for authenticating S3 storage operations. |
Client-side configuration. Specify allowed hosts and frontend settings for application access and security.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| ALLOWED_HOSTS | array | localhost,127.0.0.1 | - | List of hostnames or IP addresses allowed for the UI to connect to the server and used in SSL certificate validation. |
| UI_PORT | number | 3000 | min: 0 (exclusive), max: 65536 | Port number for the user interface (UI) to listen on. |
Channel creation configuration. Define the unique ID, type (e.g., email, sms, webhook), human-readable name, and any custom parameters for the channel setup.
| Variable | Type | Default Value | Restrictions | Description |
|---|---|---|---|---|
| DEFAULT_CHANNEL_ID | string | - | min: 1 | Unique identifier for the notification channel. Used to reference and manage the channel in the system. Must be a non-empty string. |
| DEFAULT_CHANNEL_TYPE | string | - | min: 1 | Type of the notification channel, such as 'email', 'sms', or 'webhook'. Determines how notifications are delivered. |
| DEFAULT_CHANNEL_NAME | string | - | min: 5 | Human-readable name for the channel. Used for display and identification purposes. Must be at least 5 characters. |
| DEFAULT_CHANNEL_PARAMS | string | - | - | JSON string containing channel-specific configuration parameters. |
Usage Notes
info
- Add or override variables as needed for your deployment.
- For sensitive values, consider using
Docker secretsorKubernetes secrets. - Not all variables are required for every service; check your compose/manifest for usage.
Config Adapters
Under the hood we are allowing different sources for configurations. This is done smoothly using Config Adapters:
| Priority | Adapter | Definition | How it works | Source | Overrides |
|---|---|---|---|---|---|
| 1 | Default settings adapter | Provides baseline configuration | Loads values from defaults.json | defaults.json file | None (lowest priority) |
| 2 | Sqlite settings adapter | Project-level stored settings | Reads key/value pairs from SQLite table | SQLite DB | Defaults |
| 3 | dotEnv adapter for .env | Environment file overrides | Parses .env and merges variables | .env file | Defaults, Sqlite |
| 4 | dotEnv adapter for .env.{NODE_ENV} | Environment-specific overrides | Parses .env.dev, .env.production, etc. | .env.{NODE_ENV} file | All lower priorities (1–3) |
| 5 | systemEnv adapter | System-level overrides | Reads from actual OS environment variables | Process environment | All lower priorities (1–4) |
Adapter Priority
Adapters are evaluated in order, from lowest to highest priority.
- Lower-priority adapters (smaller numbers) provide defaults or fallbacks.
- Higher-priority adapters (larger numbers) can override values from lower-priority ones.
- The highest-priority adapter always wins if multiple adapters define the same key.
- After all adapters are applied in sequence, the final result is validated against the Zod schema rules.