Self Hosting
Configuration
Complete list of environment variables for LangWatch self-hosting
Environment Variables
This page provides a comprehensive list of all environment variables that can be configured for LangWatch self-hosting deployments. These variables control various aspects of the application including authentication, database connections, external services, and feature flags.Environment Variables Reference
| Variable | Description | Required | Default |
|---|---|---|---|
| Core Configuration | |||
DATABASE_URL | PostgreSQL database connection URL | Yes | - |
NODE_ENV | Application environment (development, test, production) | Yes | - |
BASE_HOST | Base URL of the application | Yes | - |
API_TOKEN_JWT_SECRET | Secret key for JWT token signing | Yes | - |
CREDENTIALS_SECRET | Secret for credential encryption, Base16 encoded | Yes | - |
| Authentication (NextAuth) | |||
NEXTAUTH_PROVIDER | Authentication provider (azure-ad, okta, auth0, etc.) | No | |
NEXTAUTH_SECRET | Secret for NextAuth.js session encryption | Yes | - |
NEXTAUTH_URL | URL of the authentication service | Yes | - |
| Search & Storage | |||
ELASTICSEARCH_NODE_URL | Elasticsearch/OpenSearch cluster endpoint | Yes | - |
ELASTICSEARCH_API_KEY | Elasticsearch/OpenSearch API key for authentication | Yes | - |
IS_OPENSEARCH | Flag to indicate OpenSearch instead of Elasticsearch | No | false |
IS_QUICKWIT | Flag to indicate Quickwit instead of Elasticsearch | No | false |
REDIS_URL | Redis connection URL | No | - |
REDIS_CLUSTER_ENDPOINTS | If using Redis cluster, specify the endpoints (comma-separated) | No | - |
| S3 Storage | |||
USE_S3_STORAGE | Enable S3-compatible storage for datasets | No | false |
S3_ENDPOINT | S3-compatible storage endpoint | No | - |
S3_ACCESS_KEY_ID | S3 access key ID | No | - |
S3_SECRET_ACCESS_KEY | S3 secret access key | No | - |
S3_BUCKET_NAME | S3 bucket name for dataset storage | No | - |
S3_KEY_SALT | Salt for S3 key encryption | No | - |
| Evaluation Providers | |||
AZURE_OPENAI_ENDPOINT | Azure OpenAI endpoint URL for jailbreak and content safety evaluators | No | - |
AZURE_OPENAI_KEY | Azure OpenAI API key for jailbreak and content safety evaluators | No | - |
GOOGLE_APPLICATION_CREDENTIALS | Google Cloud service account credentials for PII detection fallback (when internal Presidio check fails) | No | - |
| NLP Services | |||
LANGWATCH_NLP_SERVICE | Custom NLP service endpoint | Yes | - |
TOPIC_CLUSTERING_SERVICE | Topic clustering service endpoint | Yes | - |
LANGEVALS_ENDPOINT | LangEvals evaluation service endpoint | No | - |
LANGWATCH_NLP_LAMBDA_CONFIG | Lambda configuration for NLP services | No | - |
| Email Services | |||
SENDGRID_API_KEY | SendGrid API key for email delivery | No | - |
EMAIL_DEFAULT_FROM | Default sender email address | No | - |
| Analytics & Monitoring | |||
DISABLE_USAGE_STATS | Disable usage statistics collection | No | false |
SENTRY_DSN | Sentry DSN for error tracking | No | - |
| SSO Providers | |||
AUTH0_CLIENT_ID | Auth0 client ID | No | - |
AUTH0_CLIENT_SECRET | Auth0 client secret | No | - |
AUTH0_ISSUER | Auth0 issuer URL | No | - |
AZURE_CLIENT_ID | Azure AD client ID | No | - |
AZURE_CLIENT_SECRET | Azure AD client secret | No | - |
AZURE_TENANT_ID | Azure AD tenant ID | No | - |
COGNITO_CLIENT_ID | AWS Cognito client ID | No | - |
COGNITO_ISSUER | AWS Cognito issuer URL | No | - |
COGNITO_CLIENT_SECRET | AWS Cognito client secret | No | - |
GITHUB_CLIENT_ID | GitHub OAuth client ID | No | - |
GITHUB_CLIENT_SECRET | GitHub OAuth client secret | No | - |
GITLAB_CLIENT_ID | GitLab OAuth client ID | No | - |
GITLAB_CLIENT_SECRET | GitLab OAuth client secret | No | - |
GOOGLE_CLIENT_ID | Google OAuth client ID | No | - |
GOOGLE_CLIENT_SECRET | Google OAuth client secret | No | - |
OKTA_CLIENT_ID | Okta client ID | No | - |
OKTA_CLIENT_SECRET | Okta client secret | No | - |
OKTA_ISSUER | Okta issuer URL | No | - |