Environment Variables
Configure Tzylo Auth CE using environment variables.
Tzylo Auth CE is configured entirely through environment variables. This page documents all supported variables, their purpose, and defaults.
Environment variables are read at startup. Changes require a server restart.
Required Variables
The following variables are mandatory. The server will not start if any of them are missing or invalid.
Required
JWT_SECRET=your-secret
DATABASE_URL=postgresql://user:pass@host:5432/db- JWT_SECRET – Secret key used to sign and verify access tokens.
- DATABASE_URL – SQL database connection string.
Application Settings
- NODE_ENV (default:
development) – Application environment mode. - APP_NAME (default:
Tzylo) – Application name used in emails and metadata. - CORS_ORIGIN (default:
*) – Allowed CORS origins.
Token Configuration
- ACCESS_TOKEN_EXPIRES_IN (default:
15m) – Access token lifetime. - REFRESH_TOKEN_EXPIRES_IN (default:
7d) – Refresh token lifetime. - COOKIE_SECRET – Secret used to sign cookies.
- COOKIE_SAME_SITE – Cookie SameSite policy (
Lax,Strict,None).
Security Settings
- BCRYPT_SALT_ROUNDS (default:
10) – Cost factor used for password hashing. - RATE_LIMIT_ENABLED (default:
true) – Additional toggle for rate limiting.
Email (SMTP) Configuration
These variables are required only if you use email-based OTP flows.
- SMTP_HOST (default:
smtp.gmail.com) - SMTP_PORT (default:
587) - SMTP_USERNAME
- SMTP_PASSWORD
Redis Configuration
Redis is optional but recommended for production environments.
- REDIS_URL – Redis connection URL
- REDIS_MAX_RETRIES (default:
1) – Maximum connection retry attempts
If Redis is not configured, Auth CE falls back to in-memory caching.