Self-Hosting
Loading...

Environment variables

Complete reference for all Tambo self-hosting environment variables.

All configuration is done through environment variables in the docker.env file. This page covers every variable grouped by category.

Core configuration

VariableRequiredDescription
POSTGRES_PASSWORDYesPostgreSQL password
POSTGRES_DBNoDatabase name (default: tambo)
POSTGRES_USERNoDatabase user (default: postgres)
API_KEY_SECRETYes32+ character secret for API key encryption
PROVIDER_KEY_SECRETYes32+ character secret for provider key encryption
NEXTAUTH_SECRETYesSecret for NextAuth.js sessions
NEXTAUTH_URLYesBase URL for auth callbacks (e.g., http://localhost:8260 or https://your-domain.com)

OpenAI configuration

VariableRequiredDescription
OPENAI_API_KEYNoPrimary OpenAI key for generation
FALLBACK_OPENAI_API_KEYYesDefault OpenAI key when projects don't have custom keys

Authentication (OAuth or email)

To sign in to the dashboard, configure either at least one OAuth provider (Google or GitHub) or email login (Resend). If you configure neither, users cannot sign in.

If any OAuth provider is configured, the deployment uses OAuth login only (even if email settings are present). Email login is only enabled when no OAuth providers are configured.

For step-by-step setup, see Authentication setup.

OAuth

Configure at least one provider to enable OAuth login.

VariableDescription
GOOGLE_CLIENT_IDGoogle OAuth client ID
GOOGLE_CLIENT_SECRETGoogle OAuth client secret
GITHUB_CLIENT_IDGitHub OAuth client ID
GITHUB_CLIENT_SECRETGitHub OAuth client secret

Email login

Email login requires at minimum RESEND_API_KEY and EMAIL_FROM_DEFAULT.

VariableDescription
RESEND_API_KEYResend API key for sending emails
RESEND_AUDIENCE_IDResend audience for newsletters
EMAIL_FROM_DEFAULTDefault sender email address
EMAIL_FROM_PERSONALPersonal/support sender email
EMAIL_REPLY_TO_SUPPORTSupport reply-to address

Optional features

VariableDescription
ALLOWED_LOGIN_DOMAINRestrict logins to a specific email domain
DISALLOWED_EMAIL_DOMAINSBlock signups from these domains
LANGFUSE_PUBLIC_KEYLangfuse analytics public key
LANGFUSE_SECRET_KEYLangfuse analytics secret key
LANGFUSE_HOSTLangfuse host URL
NEXT_PUBLIC_POSTHOG_KEYPostHog analytics key
NEXT_PUBLIC_POSTHOG_HOSTPostHog host URL
SENTRY_DSNSentry error tracking DSN

Whitelabeling

VariableDescription
TAMBO_WHITELABEL_ORG_NAMEOrganization name displayed in UI
TAMBO_WHITELABEL_ORG_LOGOURL to organization logo