# Environment Variables Most of these variables are used in [runtime.exs](https://github.com/supabase/realtime/blob/main/config/runtime.exs), check it out for more details and usage. > **Tip** > Use a [mise.local.toml](https://mise.jdx.dev/configuration.html) file to set values in your local environment (gitignored). | Variable | Type | Description | | ----------------------------------------------- | ------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | PORT | number | Port which you can connect your client/listeners | | DB_HOST | string | Database host URL | | DB_PORT | number | Database port | | DB_USER | string | Database user | | DB_PASSWORD | string | Database password | | DB_NAME | string | Postgres database name | | DB_ENC_KEY | string | Key used to encrypt sensitive fields in \_realtime.tenants and \_realtime.extensions tables. Recommended: 16 characters. | | DB_AFTER_CONNECT_QUERY | string | Query that is run after server connects to database. | | DB_IP_VERSION | string | Sets the IP Version to be used for database connections. Allowed values are "ipv6" and "ipv4". If none are set we will try to infer the correct version | | REALTIME_IP_VERSION | string | Sets the IP Version for the HTTP listener. Allowed values are "ipv6" and "ipv4". If none are set we will try to detect IPv6 support and fall back to IPv4. | | DB_SSL | boolean | Whether or not the connection will be set-up using SSL | | DB_SSL_CA_CERT | string | Filepath to a CA trust store (e.g.: /etc/cacert.pem). If defined it enables server certificate verification | | API_JWT_SECRET | string | Secret that is used to sign tokens used to manage tenants and their extensions via HTTP requests. | | API_TOKEN_BLOCKLIST | string | Comma-separated list of tokens blocked for tenant management API access. Defaults to an empty list. | | SECRET_KEY_BASE | string | Secret used by the server to sign cookies. Recommended: 64 characters. | | ERL_AFLAGS | string | Set to either "-proto_dist inet_tcp" or "-proto_dist inet6_tcp" depending on whether or not your network uses IPv4 or IPv6, respectively. | | APP_NAME | string | A name of the server. | | CLUSTER_STRATEGIES | string | Comma-separated cluster backends to enable. Supported values are `EPMD`, `DNS`, and `POSTGRES`. Defaults to `EPMD` outside production and `POSTGRES` in production. | | DNS_NODES | string | Node name used when running server in a cluster. | | DB_MASTER_REGION | string | Overrides the primary region used for region-aware routing and tenant placement. If not set, Realtime uses the current `REGION`. | | MAX_CONNECTIONS | string | Set the soft maximum for WebSocket connections. Defaults to '16384'. | | MAX_HEADER_LENGTH | string | Set the maximum header length for connections (in bytes). Defaults to '4096'. | | NUM_ACCEPTORS | string | Set the number of server processes that will relay incoming WebSocket connection requests. Defaults to '100'. | | DB_QUEUE_TARGET | string | Maximum time to wait for a connection from the pool. Defaults to '5000' or 5 seconds. See for more info: [DBConnection](https://hexdocs.pm/db_connection/DBConnection.html#start_link/2-queue-config). | | DB_QUEUE_INTERVAL | string | Interval to wait to check if all connections were checked out under DB_QUEUE_TARGET. If all connections surpassed the target during this interval than the target is doubled. Defaults to '5000' or 5 seconds. See for more info: [DBConnection](https://hexdocs.pm/db_connection/DBConnection.html#start_link/2-queue-config). | | DB_POOL_SIZE | string | Sets the number of connections in the database pool. Defaults to '5'. | | DB_REPLICA_HOST | string | Hostname for the replica database. If set, enables the main replica connection pool. | | DB_HOST_REPLICA_FRA | string | Hostname for the FRA replica database used by the legacy replica repos. Defaults to `DB_HOST`. | | DB_HOST_REPLICA_IAD | string | Hostname for the IAD replica database used by the legacy replica repos. Defaults to `DB_HOST`. | | DB_HOST_REPLICA_SIN | string | Hostname for the SIN replica database used by the legacy replica repos. Defaults to `DB_HOST`. | | DB_HOST_REPLICA_SJC | string | Hostname for the SJC replica database used by the legacy replica repos. Defaults to `DB_HOST`. | | DB_REPLICA_POOL_SIZE | string | Sets the number of connections in the replica database pool. Defaults to '5'. | | SLOT_NAME_SUFFIX | string | This is appended to the replication slot which allows making a custom slot name. May contain lowercase letters, numbers, and the underscore character. Together with the default `supabase_realtime_replication_slot`, slot name should be up to 64 characters long. | | TENANT_CACHE_EXPIRATION_IN_MS | string | Set tenant cache TTL in milliseconds | | TENANT_MAX_BYTES_PER_SECOND | string | The default value of maximum bytes per second that each tenant can support, used when creating a tenant for the first time. Defaults to '100_000'. | | TENANT_MAX_CHANNELS_PER_CLIENT | string | The default value of maximum number of channels each tenant can support, used when creating a tenant for the first time. Defaults to '100'. | | TENANT_MAX_CONCURRENT_USERS | string | The default value of maximum concurrent users per channel that each tenant can support, used when creating a tenant for the first time. Defaults to '200'. | | TENANT_MAX_EVENTS_PER_SECOND | string | The default value of maximum events per second that each tenant can support, used when creating a tenant for the first time. Defaults to '100'. | | TENANT_MAX_JOINS_PER_SECOND | string | The default value of maximum channel joins per second that each tenant can support, used when creating a tenant for the first time. Defaults to '100'. | | CLIENT_PRESENCE_MAX_CALLS | number | Maximum number of presence calls allowed per client (per WebSocket connection) within the time window. Defaults to '5'. | | CLIENT_PRESENCE_WINDOW_MS | number | Time window in milliseconds for per-client presence rate limiting. Defaults to '30000' (30 seconds). | | SEED_SELF_HOST | boolean | Seeds the system with default tenant | | SELF_HOST_TENANT_NAME | string | Tenant reference to be used for self host. Do keep in mind to use a URL compatible name | | REGION | string | Region name for the current node. Used in logs, latency reporting, and region-aware routing. | | LOG_LEVEL | string | Sets log level for Realtime logs. Defaults to info, supported levels are: info, emergency, alert, critical, error, warning, notice, debug | | LOGS_ENGINE | string | Log backend selector. Set to `logflare` to enable the Logflare HTTP backend. If unset, standard logger output is used. | | LOGFLARE_LOGGER_BACKEND_URL | string | Endpoint used by the Logflare logger backend. Defaults to `https://api.logflare.app`. | | LOGFLARE_API_KEY | string | API key required when `LOGS_ENGINE=logflare`. | | LOGFLARE_SOURCE_ID | string | Source ID required when `LOGS_ENGINE=logflare`. | | DISABLE_HEALTHCHECK_LOGGING | boolean | Disables request logging for healthcheck endpoints (/healthcheck and /api/tenants/:tenant_id/health). Defaults to false. | | RUN_JANITOR | boolean | Do you want to janitor tasks to run | | JANITOR_SCHEDULE_TIMER_IN_MS | number | Time in ms to run the janitor task | | JANITOR_SCHEDULE_RANDOMIZE | boolean | Adds a randomized value of minutes to the timer | | JANITOR_RUN_AFTER_IN_MS | number | Tells system when to start janitor tasks after boot | | JANITOR_MAX_CHILDREN | number | Maximum number of concurrent tasks working on janitor cleanup. Defaults to `5`. | | JANITOR_CHILDREN_TIMEOUT | number | Timeout in milliseconds for each janitor child task. Defaults to `5000`. | | JANITOR_CHUNK_SIZE | number | Number of tenants to process per chunk. Each chunk will be processed by a Task | | MIGRATION_PARTITION_SLOTS | number | Number of dynamic supervisor partitions used by the migrations process | | CONNECT_PARTITION_SLOTS | number | Number of dynamic supervisor partitions used by the Connect, ReplicationConnect processes | | METRICS_CLEANER_SCHEDULE_TIMER_IN_MS | number | Time in ms to run the Metric Cleaner task | | METRICS_RPC_TIMEOUT_IN_MS | number | Time in ms to wait for RPC call to fetch Metric per node | | WEBSOCKET_MAX_HEAP_SIZE | number | Max number of bytes to be allocated as heap for the WebSocket transport process. If the limit is reached the process is brutally killed. Defaults to 50MB. | | REQUEST_ID_BAGGAGE_KEY | string | OTEL Baggage key to be used as request id | | JWT_CLAIM_VALIDATORS | string | JSON object of claim validators applied to incoming JWTs, for example `{"iss":"Issuer"}`. Defaults to `{}`. | | METRICS_JWT_SECRET | string | Secret used to sign JWTs for metrics endpoints. Required outside tests. | | METRICS_TOKEN_BLOCKLIST | string | Comma-separated list of tokens blocked from metrics access. Defaults to an empty list. | | OTEL_SDK_DISABLED | boolean | Disable OpenTelemetry tracing completely when 'true' | | OTEL_TRACES_EXPORTER | string | Possible values: `otlp` or `none`. See [https://github.com/open-telemetry/opentelemetry-erlang/tree/v1.4.0/apps#os-environment] for more details on how to configure the traces exporter. | | OTEL_TRACES_SAMPLER | string | Default to `parentbased_always_on` . More info [here](https://opentelemetry.io/docs/languages/erlang/sampling/#environment-variables) | | GEN_RPC_TCP_SERVER_PORT | number | Port served by `gen_rpc`. Must be secured just like the Erlang distribution port. Defaults to 5369 | | GEN_RPC_TCP_CLIENT_PORT | number | `gen_rpc` connects to another node using this port. Most of the time it should be the same as GEN_RPC_TCP_SERVER_PORT. Defaults to 5369 | | GEN_RPC_SSL_SERVER_PORT | number | Port served by `gen_rpc` secured with TLS. Must also define GEN_RPC_CERTFILE, GEN_RPC_KEYFILE and GEN_RPC_CACERTFILE. If this is defined then only TLS connections will be set-up. | | GEN_RPC_SSL_CLIENT_PORT | number | `gen_rpc` connects to another node using this port. Most of the time it should be the same as GEN_RPC_SSL_SERVER_PORT. Defaults to 6369 | | GEN_RPC_CERTFILE | string | Path to the public key in PEM format. Only needs to be provided if GEN_RPC_SSL_SERVER_PORT is defined | | GEN_RPC_KEYFILE | string | Path to the private key in PEM format. Only needs to be provided if GEN_RPC_SSL_SERVER_PORT is defined | | GEN_RPC_CACERTFILE | string | Path to the certificate authority public key in PEM format. Only needs to be provided if GEN_RPC_SSL_SERVER_PORT is defined | | GEN_RPC_CONNECT_TIMEOUT_IN_MS | number | `gen_rpc` client connect timeout in milliseconds. Defaults to 10000. | | GEN_RPC_SEND_TIMEOUT_IN_MS | number | `gen_rpc` client and server send timeout in milliseconds. Defaults to 10000. | | GEN_RPC_SOCKET_IP | string | Interface which `gen_rpc` will bind to. Defaults to "0.0.0.0" (ipv4) which means that all interfaces are going to expose the `gen_rpc` port. | | GEN_RPC_IPV6_ONLY | boolean | Configure `gen_rpc` to use IPv6 only. | | GEN_RPC_MAX_BATCH_SIZE | integer | Configure `gen_rpc` to batch when possible RPC casts. Defaults to 0 | | GEN_RPC_COMPRESS | integer | Configure `gen_rpc` to compress or not payloads. 0 means no compression and 9 max compression level. Defaults to 0. | | GEN_RPC_COMPRESSION_THRESHOLD_IN_BYTES | integer | Configure `gen_rpc` to compress only above a certain threshold in bytes. Defaults to 1000. | | MAX_GEN_RPC_CLIENTS | number | Max amount of `gen_rpc` TCP connections per node-to-node channel | | MAX_GEN_RPC_CALL_CLIENTS | number | Max amount of `gen_rpc` TCP call connections per node-to-node channel. Defaults to `1`. | | REBALANCE_CHECK_INTERVAL_IN_MS | number | Time in ms to check if process is in the right region | | NODE_BALANCE_UPTIME_THRESHOLD_IN_MS | number | Minimum node uptime in ms before using load-aware node picker. Nodes below this threshold use random selection as their metrics are not yet reliable. Defaults to 5 minutes. | | CONNECT_ERROR_BACKOFF_MS | number | Time in ms to wait before returning a connection error to the client. Applied to all WebSocket connection failures (invalid JWT, tenant not found, rate limits, etc.). Acts as a backoff to slow down reconnection storms. Defaults to 2000 (2 seconds). | | CHANNEL_ERROR_BACKOFF_MS | number | Time in ms to wait before returning a channel join error to the client. Applied to all channel join failures (invalid JWT, rate limits, DB unavailable, etc.) including unexpected exceptions. Acts as a backoff to slow down reconnection storms. Defaults to 5000 (5 seconds). | | BROADCAST_POOL_SIZE | number | Number of processes to relay Phoenix.PubSub messages across the cluster | | PRESENCE_POOL_SIZE | number | Number of tracker processes for Presence feature. Defaults to 10. Higher values improve concurrency for presence tracking across many channels. | | PRESENCE_BROADCAST_PERIOD_IN_MS | number | Interval in milliseconds to send presence delta broadcasts across the cluster. Defaults to 1500 (1.5 seconds). Lower values increase network traffic but reduce presence sync latency. | | PRESENCE_PERMDOWN_PERIOD_IN_MS | number | Interval in milliseconds to flag a replica as permanently down and discard its state. Defaults to 1200000 (20 minutes). Must be greater than down_period. Higher values are more forgiving of temporary network issues but slower to clean up truly dead replicas. | | POSTGRES_CDC_SCOPE_SHARDS | number | Number of dynamic supervisor partitions used by the Postgres CDC extension. Defaults to 5. | | USERS_SCOPE_SHARDS | number | Number of dynamic supervisor partitions used by the Users extension. Defaults to 5. | | PROM_POLL_RATE | number | Poll interval in milliseconds for PromEx metrics collection. Defaults to `5000`. | | REGION_MAPPING | string | Custom mapping of platform regions to tenant regions. Must be a valid JSON object with string keys and values (e.g., `{"custom-region-1": "us-east-1", "eu-north-1": "eu-west-2"}`). If not provided, uses the default hardcoded region mapping. When set, only the specified mappings are used (no fallback to defaults). | | AWS_EXECUTION_ENV | string | Used to detect whether Realtime is running on ECS Fargate. When unset, the platform defaults to Fly-specific behavior. | | METRICS_PUSHER_ENABLED | boolean | Enable periodic push of Prometheus metrics. Defaults to 'false'. Requires METRICS_PUSHER_URL to be set. | | METRICS_PUSHER_URL | string | Full URL endpoint to push metrics using Prometheus exposition format (e.g., 'https://example.com/api/v1/import/prometheus'). Required when METRICS_PUSHER_ENABLED is 'true'. | | METRICS_PUSHER_USER | string | Username for Basic auth (RFC 7617) on metrics pushes. Defaults to 'realtime'. Used together with METRICS_PUSHER_AUTH to form the Authorization header as `Basic Base64("user:password")`. | | METRICS_PUSHER_AUTH | string | Password for Basic auth (RFC 7617) on metrics pushes. Used together with METRICS_PUSHER_USER to form the Authorization header as `Basic Base64("user:password")`. If not set, requests will be sent without authorization. Keep this secret if used. | | METRICS_PUSHER_INTERVAL_MS | number | Interval in milliseconds between metrics pushes. Defaults to '30000' (30 seconds). | | METRICS_PUSHER_TIMEOUT_MS | number | HTTP request timeout in milliseconds for metrics push operations. Defaults to '15000' (15 seconds). | | METRICS_PUSHER_COMPRESS | boolean | Enable gzip compression for metrics payloads. Defaults to 'true'. | | METRICS_PUSHER_EXTRA_LABELS | string | Comma-separated list of `key=value` pairs appended as `extra_label` query parameters on each metrics push (e.g., `region=us-east-1,env=prod`). Useful for label injection supported by systems like VictoriaMetrics. If not set, no extra labels are added. | | DASHBOARD_AUTH | string | Authentication method for the admin dashboard (`/admin`). Accepted values: `basic_auth` (default) or `zta`. When `basic_auth`, `DASHBOARD_USER` and `DASHBOARD_PASSWORD` are required. When `zta`, `CF_TEAM_DOMAIN` is required. | | DASHBOARD_USER | string | Username for admin dashboard basic auth. Required when `DASHBOARD_AUTH` is `basic_auth`. | | DASHBOARD_PASSWORD | string | Password for admin dashboard basic auth. Required when `DASHBOARD_AUTH` is `basic_auth`. | | CF_TEAM_DOMAIN | string | Cloudflare Zero Trust team domain used for ZTA authentication. Required when `DASHBOARD_AUTH` is `zta`. | The OpenTelemetry variables mentioned above are not an exhaustive list of all [supported environment variables](https://opentelemetry.io/docs/languages/sdk-configuration/).