Environment Variables

Required

VariableDescription
DATABASE_URLPostgreSQL connection string
BETTER_AUTH_SECRETAuth secret (32 hex chars): openssl rand -hex 32
BETTER_AUTH_URLYour app URL
ENCRYPTION_KEYEncryption key (32 hex chars): openssl rand -hex 32
INTERNAL_API_SECRETInternal API secret (32 hex chars): openssl rand -hex 32
NEXT_PUBLIC_APP_URLPublic app URL
NEXT_PUBLIC_SOCKET_URLOptional. WebSocket URL — defaults to the page origin; set only if realtime is on a separate host.

AI Providers

VariableProvider
OPENAI_API_KEYOpenAI
ANTHROPIC_API_KEY_1Anthropic Claude
GEMINI_API_KEY_1Google Gemini
MISTRAL_API_KEYMistral
OLLAMA_URLOllama (default: http://localhost:11434)

For load balancing, add multiple keys with _1, _2, _3 suffixes (e.g., OPENAI_API_KEY_1, OPENAI_API_KEY_2). Works with OpenAI, Anthropic, and Gemini.

In Docker, use OLLAMA_URL=http://host.docker.internal:11434 for host-machine Ollama.

Azure OpenAI

VariableDescription
AZURE_OPENAI_API_KEYAzure OpenAI API key
AZURE_OPENAI_ENDPOINTAzure OpenAI endpoint URL
AZURE_OPENAI_API_VERSIONAPI version (e.g., 2024-02-15-preview)

vLLM (Self-Hosted)

VariableDescription
VLLM_BASE_URLvLLM server URL (e.g., http://localhost:8000/v1)
VLLM_API_KEYOptional bearer token for vLLM

OAuth Providers

VariableDescription
GOOGLE_CLIENT_IDGoogle OAuth client ID
GOOGLE_CLIENT_SECRETGoogle OAuth client secret
GITHUB_CLIENT_IDGitHub OAuth client ID
GITHUB_CLIENT_SECRETGitHub OAuth client secret

Optional

VariableDescription
API_ENCRYPTION_KEYEncrypts stored API keys (32 hex chars): openssl rand -hex 32
COPILOT_API_KEYAPI key for copilot features
ADMIN_API_KEYAdmin API key for GitOps operations
ALLOWED_LOGIN_DOMAINSRestrict signups to domains (comma-separated)
ALLOWED_LOGIN_EMAILSRestrict signups to specific emails (comma-separated)
DISABLE_REGISTRATIONSet to true to disable new user signups

File Storage

By default Sim writes uploads to local disk. For production, point it at AWS S3 or Azure Blob. See Object Storage for the full setup, bucket layout, and IAM policy.

VariableDescription
AWS_REGIONAWS region — set with S3_BUCKET_NAME to enable S3
AWS_ACCESS_KEY_IDAWS access key. Omit to use the instance/IRSA credential chain
AWS_SECRET_ACCESS_KEYAWS secret key. Omit to use the instance/IRSA credential chain
S3_BUCKET_NAMEGeneral workspace files bucket — set with AWS_REGION to enable S3
AZURE_STORAGE_CONTAINER_NAMEGeneral files container — set with Azure credentials to enable Blob (takes precedence over S3)
AZURE_CONNECTION_STRINGAzure connection string, or use AZURE_ACCOUNT_NAME + AZURE_ACCOUNT_KEY

Email Providers

Configure one provider — the mailer auto-detects in priority order: Resend → AWS SES → SMTP → Azure Communication Services. If none are configured, emails are logged to the console instead.

VariableDescription
FROM_EMAIL_ADDRESSSender address (e.g. Sim <noreply@example.com>). Falls back to noreply@EMAIL_DOMAIN.
EMAIL_DOMAINDefault domain when FROM_EMAIL_ADDRESS is unset
EMAIL_VERIFICATION_ENABLEDSet to true to require email verification on signup

Resend

VariableDescription
RESEND_API_KEYAPI key from resend.com

AWS SES

VariableDescription
AWS_SES_REGIONAWS region for SES (e.g. us-east-1). Credentials are resolved through the standard AWS SDK provider chain (env vars, IRSA, ECS/EC2 instance role, SSO).

SMTP (works with MailHog, Postfix, SendGrid SMTP, etc.)

VariableDescription
SMTP_HOSTSMTP server hostname
SMTP_PORT465 for implicit TLS, 587 for STARTTLS, 25 for plain
SMTP_USEROptional — omit for unauthenticated relays
SMTP_PASSOptional — omit for unauthenticated relays
SMTP_SECURESet to true to force TLS on connect; auto-true on port 465

Azure Communication Services

VariableDescription
AZURE_ACS_CONNECTION_STRINGAzure Communication Services connection string

Example .env

DATABASE_URL=postgresql://postgres:postgres@db:5432/simstudio
BETTER_AUTH_SECRET=<openssl rand -hex 32>
BETTER_AUTH_URL=https://sim.yourdomain.com
ENCRYPTION_KEY=<openssl rand -hex 32>
INTERNAL_API_SECRET=<openssl rand -hex 32>
NEXT_PUBLIC_APP_URL=https://sim.yourdomain.com
OPENAI_API_KEY=sk-...

See apps/sim/.env.example for all options.

PreviousObject StorageNextTroubleshooting

On this page

Required
AI Providers
Azure OpenAI
vLLM (Self-Hosted)
OAuth Providers
Optional
File Storage
Email Providers
Example .env