Environment Variables Reference
Complete reference for all environment variables used in AuditSwarm.
Required Variables
Database
DATABASE_URL
Required: Yes
Format: Connection string
Example: sqlserver://server:port/database?user=xxx&password=xxx
Database connection string for Prisma ORM.
NEXTAUTH_URL
Required: Yes (production)
Format: URL
Example: https://your-domain.com
Base URL for NextAuth.js authentication callbacks.
NEXTAUTH_SECRET
Required: Yes
Format: Random string (32+ characters)
Example: Generate with openssl rand -base64 32
Secret for signing JWT tokens and session cookies.
ENCRYPTION_KEY
Required: Yes
Format: Random string (32+ characters)
Example: Generate with openssl rand -base64 32
Key for encrypting sensitive data at rest.
OAuth Configuration
Google OAuth
GOOGLE_CLIENT_ID
Required: If using Google OAuth
Format: Google OAuth client ID
Example: 123456789-abc123.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET
Required: If using Google OAuth Format: Google OAuth client secret
GitHub OAuth
GITHUB_CLIENT_ID
Required: If using GitHub OAuth Format: GitHub OAuth app client ID
GITHUB_CLIENT_SECRET
Required: If using GitHub OAuth Format: GitHub OAuth app client secret
MCP Server Configuration
MCP_PORT
Required: No
Default: 3001
Format: Port number
Port for MCP HTTP server.
MCP_LOCAL_USER_EMAIL
Required: STDIO transport only
Format: Email address
Example: admin@example.com
Email for local STDIO authentication (Claude Desktop).
MCP_DEBUG
Required: No
Default: false
Format: true | false
Enable verbose MCP server logging.
Cloud Storage (Optional)
GCP_PROJECT_ID
Required: If using GCP Storage Format: GCP project ID
GCP_STORAGE_BUCKET
Required: If using GCP Storage
Format: Bucket name
Example: auditswarms-storage
AZURE_STORAGE_CONNECTION_STRING
Required: If using Azure Storage Format: Azure connection string
Development
NODE_ENV
Required: No
Default: development
Values: development | production | test
Node environment.
LOG_LEVEL
Required: No
Default: info
Values: error | warn | info | debug
Winston logger level.
Example .env File
# Database
DATABASE_URL="sqlserver://localhost:1433/auditswarms?user=sa&password=YourPassword"
# NextAuth
NEXTAUTH_URL="http://localhost:3000"
NEXTAUTH_SECRET="your-secret-here-generate-with-openssl"
# Encryption
ENCRYPTION_KEY="your-encryption-key-generate-with-openssl"
# Google OAuth (optional)
GOOGLE_CLIENT_ID="123456789-abc123.apps.googleusercontent.com"
GOOGLE_CLIENT_SECRET="GOCSPX-xxxxxxxxxxxx"
# GitHub OAuth (optional)
GITHUB_CLIENT_ID="Iv1.xxxxxxxxxxxxxxxx"
GITHUB_CLIENT_SECRET="xxxxxxxxxxxxxxxxxxxx"
# MCP Server
MCP_PORT="3001"
MCP_DEBUG="true"
# GCP Storage (optional)
GCP_PROJECT_ID="auditswarm-prod"
GCP_STORAGE_BUCKET="auditswarms-storage"
# Development
NODE_ENV="development"
LOG_LEVEL="debug"
Security Best Practices
✅ Do:
- Generate secrets with
openssl rand -base64 32 - Use GCP Secret Manager in production
- Rotate secrets regularly (every 90 days)
- Use different secrets for dev/staging/prod
❌ Don't:
- Commit
.envfiles to version control - Use default/example secrets in production
- Share secrets in Slack/email
- Reuse secrets across environments