Environment Variables

Complete reference for TaskView environment variables - database connection, JWT authentication, OAuth providers, SMTP email, GitHub/GitLab integration, encryption, and CORS configuration for your self-hosted Docker deployment.

TaskView is configured through environment variables set in the .env.taskview file (or passed directly to the Docker container). This page documents every available variable.

Database

These must match your PostgreSQL setup.

Variable	Required	Default	Description
`DB_HOST`	Yes	-	Database hostname. Use `db` when running in Docker Compose.
`DB_USER`	Yes	-	Database username
`DB_PASSWORD`	Yes	-	Database password
`DB_NAME`	Yes	-	Database name
`DB_PORT`	No	`5432`	Database port

Application

Variable	Required	Default	Description
`APP_PORT`	No	`1401`	Port the API server listens on
`APP_URL`	Yes	https://app.taskview.tech	Full URL of the web app (e.g. `https://tasks.company.com`). Used for OAuth redirects and email links.

Authentication

Variable	Required	Default	Description
`JWT_SIGN`	Yes	-	Secret key for signing JWT tokens. Use a long random string.
`ACCESS_LIFE_TIME`	No	`1d`	How long access tokens are valid. Examples: `1h`, `1d`, `7d`
`REFRESH_LIFE_TIME`	No	`2d`	How long refresh tokens are valid
`JWT_ALG`	No	`HS256`	JWT signing algorithm

Generate a strong JWT secret: node -e "console.log(require('crypto').randomBytes(64).toString('hex'))"

SMTP (Email)

Required for password recovery, email confirmation, and invitation notifications. Without SMTP, these features won't work, but everything else functions normally.

Variable	Required	Default	Description
`SMTP_HOST`	No	-	SMTP server hostname
`SMTP_PORT`	No	`465`	SMTP port
`SMTP_USERNAME`	No	-	SMTP login
`SMTP_PASSWORD`	No	-	SMTP password
`SMTP_ENCRYPTION`	No	`ssl`	`ssl` or `tls`
`SMTP_FROM_NAME`	No	`TaskView`	Sender name in emails
`SMTP_FROM_EMAIL`	No	-	Sender email address

Encryption

Required for SSO (SAML/OIDC) and GitHub/GitLab integrations. Secrets are encrypted at rest using AES-256-GCM.

Variable	Required	Default	Description
`ENCRYPTION_KEY`	Yes	-	32-byte hex string (64 characters). Required for SSO and integrations.

Generate a key:

openssl rand -hex 32

What is encrypted:

SSO: SAML certificates, SAML signing keys, OIDC client secrets
Integrations: GitHub/GitLab OAuth tokens, webhook secrets

If you change or lose the encryption key, all stored SSO configurations and integration tokens become unreadable. You'll need to reconfigure SSO providers and reconnect GitHub/GitLab integrations.

GitHub Integration

For connecting GitHub repositories. See GitHub & GitLab Setup for a step-by-step guide.

Variable	Required	Default	Description
`GITHUB_INTEGRATION_CLIENT_ID`	No	-	OAuth App client ID
`GITHUB_INTEGRATION_CLIENT_SECRET`	No	-	OAuth App client secret
`GITHUB_INTEGRATION_CALLBACK_URL`	No	-	OAuth callback URL
`GITHUB_BASE_URL`	No	`https://github.com`	Override for GitHub Enterprise
`GITHUB_API_URL`	No	`https://api.github.com`	Override for GitHub Enterprise API

GitLab Integration

For connecting GitLab repositories.

Variable	Required	Default	Description
`GITLAB_INTEGRATION_CLIENT_ID`	No	-	OAuth App client ID
`GITLAB_INTEGRATION_CLIENT_SECRET`	No	-	OAuth App client secret
`GITLAB_INTEGRATION_CALLBACK_URL`	No	-	OAuth callback URL
`GITLAB_BASE_URL`	No	`https://gitlab.com`	Override for self-hosted GitLab
`GITLAB_API_URL`	No	`https://gitlab.com/api/v4`	Override for self-hosted GitLab API

Notifications

Optional configuration for real-time and push notification delivery.

Centrifugo (real-time WebSocket notifications)

Required for in-app real-time notification delivery. Without Centrifugo, notifications are still saved to the database but will not appear instantly in the browser. Users will see them on the next page load.

Variable	Required	Default	Description
`CENTRIFUGO_API_URL`	No	-	Internal Centrifugo API URL (e.g. `http://centrifugo:8000`)
`CENTRIFUGO_API_KEY`	No	-	Centrifugo API key for server-to-server communication. Must match `http_api.key` in Centrifugo config.
`CENTRIFUGO_TOKEN_SECRET`	No	-	Secret for generating client connection tokens (HMAC). Must match `client.token.hmac_secret_key` in Centrifugo config.
`CENTRIFUGO_PUBLIC_URL`	No	-	Full WebSocket URL for browser clients (e.g. `wss://api.example.com/centrifugo/connection/websocket`)

Firebase Cloud Messaging (mobile push notifications)

Required for native push notifications on iOS and Android. Without Firebase, push notifications are silently skipped.

Variable	Required	Default	Description
`FIREBASE_CREDENTIALS_PATH`	No	-	Path to Firebase service account JSON file (e.g. `./firebase-credentials.json`)

Centrifugo configuration file

Centrifugo v6 uses a nested JSON config. Create centrifugo/config.json:

{
  "client": {
    "allowed_origins": ["https://app.example.com"],
    "token": {
      "hmac_secret_key": "your_centrifugo_token_secret"
    }
  },
  "channel": {
    "namespaces": [
      {
        "name": "personal",
        "presence": false,
        "join_leave": false,
        "history_size": 0,
        "history_ttl": "0s"
      }
    ]
  },
  "http_api": {
    "key": "your_centrifugo_api_key"
  }
}

http_api.key must match CENTRIFUGO_API_KEY in .env.taskview
client.token.hmac_secret_key must match CENTRIFUGO_TOKEN_SECRET in .env.taskview
client.allowed_origins should list your frontend domain(s). Use ["*"] only for development.

Nginx WebSocket proxy

To serve Centrifugo through your existing HTTPS domain, add to your nginx server block:

location /centrifugo/ {
    proxy_pass http://localhost:8000/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
}

Then set CENTRIFUGO_PUBLIC_URL=wss://api.example.com/centrifugo/connection/websocket.

Both Centrifugo and Firebase are optional. If not configured, their respective channels are skipped. Notifications are always persisted to the database.

Full example

Here's a complete .env.taskview file for a production deployment:

DB_HOST="db"
DB_USER="taskview_db_user"
DB_PASSWORD="password"
DB_NAME="taskview"
DB_PORT=5432
APP_PORT=1401
JWT_ALG="HS256"
JWT_SIGN="secret"
ACCESS_LIFE_TIME="3d"
REFRESH_LIFE_TIME="9d"

SMTP_HOST=smtp
SMTP_PORT=587
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_ENCRYPTION=tls
SMTP_FROM_NAME=TaskView
SMTP_FROM_EMAIL=

# Your domain 
APP_URL="https://app.taskview.tech"

GOOGLE_CLIENT_ID=""
GOOGLE_CLIENT_SECRET=""
#You domain
GOOGLE_CALLBACK_URL="https://api.taskview.tech/module/auth/provider/google/callback"
GITHUB_CLIENT_ID=""
GITHUB_CLIENT_SECRET=""
GITHUB_CALLBACK_URL="https://api.taskview.tech/module/auth/provider/github/callback"
APPLE_CLIENT_ID=""
APPLE_TEAM_ID=""
APPLE_KEY_ID=""
APPLE_KEY_LOCATION="/usr/src/app/AuthKey.p8"
# Your domain
APPLE_CALLBACK_URL="https://api.taskview.tech/module/auth/provider/apple/callback"

#integrations
GITHUB_INTEGRATION_CLIENT_ID=
GITHUB_INTEGRATION_CLIENT_SECRET=
GITHUB_INTEGRATION_CALLBACK_URL=https://api.taskview.tech/module/integrations/oauth/github/callback

GITLAB_INTEGRATION_CLIENT_ID=
GITLAB_INTEGRATION_CLIENT_SECRET=
GITLAB_INTEGRATION_CALLBACK_URL=https://api.taskview.tech/module/integrations/oauth/github/callback

ENCRYPTION_KEY=

# Notifications (optional)
# FIREBASE_CREDENTIALS_PATH=./firebase-credentials.json
# CENTRIFUGO_API_URL=http://centrifugo:8000
# CENTRIFUGO_API_KEY=your_centrifugo_api_key
# CENTRIFUGO_TOKEN_SECRET=your_centrifugo_token_secret
# CENTRIFUGO_PUBLIC_URL=wss://api.example.com/centrifugo/connection/websocket

GitHub & GitLab Setup

Connect GitHub and GitLab repositories to TaskView. Import and sync issues as tasks with OAuth authorization, webhook-based real-time updates, and AES-256 encrypted token storage. Supports GitHub Enterprise and self-hosted GitLab.

Authentication

Configure authentication in TaskView - email/password, email/code, OAuth with GitHub, Google, and Apple Sign In. JWT session management, password recovery, and account deletion for your self-hosted instance.