For production deployments, use S3-compatible object storage (
s3 / minio) with public/private dual buckets. Also ensure the public bucket is configured with public-read + CORS. See: Object Storage (S3-compatible).| Environment Variable | Description | Default Value | Required | Example |
|---|---|---|---|---|
| Core Configuration | ||||
| PUBLIC_ORIGIN | Public origin for generating complete URLs, must be set to your app’s access address | - | Yes | https://app.teable.ai |
| SECRET_KEY | Key for JWT, sessions, and sharing, use a strong password | defaultSecretKey | Yes | yourStrongSecretKey |
| PORT | Port on which the application runs | 3000 | - | 3000 |
| LOG_LEVEL | Log level, options: fatal, error, warn, info, debug, trace | info | - | debug |
| NEXT_ENV_IMAGES_ALL_REMOTE | Whether to allow loading third-party images | false | - | true |
| Storage Configuration | ||||
| BACKEND_STORAGE_PROVIDER | Storage provider, options: local, minio, s3, aliyun | local | - | s3 |
| BACKEND_STORAGE_LOCAL_PATH | Local storage path | .assets/uploads | - | .assets/uploads |
| BACKEND_STORAGE_PUBLIC_BUCKET | Public bucket name | public | - | teable-public |
| BACKEND_STORAGE_PRIVATE_BUCKET | Private bucket name | private | - | teable-private |
| BACKEND_STORAGE_PUBLIC_URL | Public URL override for public bucket (optional) | - | - | https://cdn.example.com |
| BACKEND_STORAGE_PRIVATE_BUCKET_ENDPOINT | Private bucket endpoint override (optional) | - | - | https://private-bucket.endpoint |
| BACKEND_STORAGE_S3_REGION | S3 storage region, required when BACKEND_STORAGE_PROVIDER is s3 | - | - | us-east-2 |
| BACKEND_STORAGE_S3_ENDPOINT | S3 storage endpoint, required when BACKEND_STORAGE_PROVIDER is s3 | - | - | https://s3.us-east-2.amazonaws.com |
| BACKEND_STORAGE_S3_INTERNAL_ENDPOINT | S3 internal endpoint (optional) | - | - | http://s3.internal |
| BACKEND_STORAGE_S3_ACCESS_KEY | S3 storage access key, required when BACKEND_STORAGE_PROVIDER is s3 | - | - | your_access_key |
| BACKEND_STORAGE_S3_SECRET_KEY | S3 storage secret key, required when BACKEND_STORAGE_PROVIDER is s3 | - | - | your_secret_key |
| BACKEND_STORAGE_S3_MAX_SOCKETS | S3 max sockets (optional) | 100 | - | 100 |
| BACKEND_STORAGE_MINIO_ENDPOINT | MinIO storage endpoint | - | - | minio.example.com |
| BACKEND_STORAGE_MINIO_PORT | MinIO port | 9000 | - | 443 |
| BACKEND_STORAGE_MINIO_USE_SSL | Whether MinIO uses SSL | false | - | true |
| BACKEND_STORAGE_MINIO_ACCESS_KEY | MinIO access key | - | - | access-key |
| BACKEND_STORAGE_MINIO_SECRET_KEY | MinIO secret key | - | - | secret-key |
| BACKEND_STORAGE_MINIO_INTERNAL_ENDPOINT | MinIO internal endpoint (optional, no HTTPS) | - | - | minio.internal |
| BACKEND_STORAGE_MINIO_INTERNAL_PORT | MinIO internal port (optional) | 9000 | - | 9000 |
| BACKEND_STORAGE_MINIO_REGION | MinIO region (optional) | - | - | us-east-1 |
| BACKEND_STORAGE_UPLOAD_METHOD | Upload method | put | - | put |
| STORAGE_PREFIX | Storage prefix, defaults to PUBLIC_ORIGIN | PUBLIC_ORIGIN | - | http://localhost:3000 |
| Cache Configuration | ||||
| BACKEND_CACHE_PROVIDER | Cache provider, options: sqlite, memory, redis | sqlite | - | redis |
| BACKEND_CACHE_REDIS_URI | Redis cache connection URI, required when BACKEND_CACHE_PROVIDER is redis | - | - | redis://default:teable@127.0.0.1:6379/0 |
| Performance Cache Configuration | ||||
| BACKEND_PERFORMANCE_CACHE | Performance cache Redis URL for query result caching, improves multi-user collaboration efficiency. Recommended to use separate Redis instance from BACKEND_CACHE_REDIS_URI | - | - | redis://default:teable@127.0.0.1:6379/0 |
| Authentication Configuration | ||||
| SOCIAL_AUTH_PROVIDERS | List of social auth providers, comma-separated | - | - | github,google,oidc |
| BACKEND_GITHUB_CLIENT_ID | GitHub OAuth client ID | - | - | github_client_id |
| BACKEND_GITHUB_CLIENT_SECRET | GitHub OAuth client secret | - | - | github_client_secret |
| BACKEND_GOOGLE_CLIENT_ID | Google OAuth client ID | - | - | google_client_id |
| BACKEND_GOOGLE_CLIENT_SECRET | Google OAuth client secret | - | - | google_client_secret |
| BACKEND_OIDC_CLIENT_ID | OIDC client ID | - | - | google_client_id |
| BACKEND_OIDC_CLIENT_SECRET | OIDC client secret | - | - | google_client_secret |
| BACKEND_OIDC_CALLBACK_URL | OIDC callback URL | - | - | https://app.teable.ai/api/auth/oidc/callback |
| Security & Verification | ||||
| TURNSTILE_SITE_KEY | Cloudflare Turnstile site key for authentication verification | - | - | 1x00000000000000000000AA |
| TURNSTILE_SECRET_KEY | Cloudflare Turnstile secret key for authentication verification | - | - | 1x0000000000000000000000000000000AA |
| BACKEND_SIGNUP_VERIFICATION_CODE_RATE_LIMIT_SECONDS | Rate limit interval (seconds) for sending signup verification emails | - | - | 30 |
| Email Configuration (Deprecated - Use Admin Panel > Instance settings > Email) | ||||
| BACKEND_MAIL_HOST | Default mail server address. We recommend configuring Notify email and Automation email visually in Admin Panel > Instance settings > Email | smtp.teable.ai | - | smtp.gmail.com |
| BACKEND_MAIL_PORT | Default mail server port | 465 | - | 465 |
| BACKEND_MAIL_SECURE | Whether the default mail service uses SSL/TLS | true | - | true |
| BACKEND_MAIL_SENDER | Default sender address | noreply.teable.ai | - | noreply@company.com |
| BACKEND_MAIL_SENDER_NAME | Default sender name | Teable | - | Teable |
| BACKEND_MAIL_AUTH_USER | Default mail server authentication username | - | - | username |
| BACKEND_MAIL_AUTH_PASS | Default mail server authentication password | - | - | usertoken |
| Session/JWT Configuration | ||||
| BACKEND_SESSION_EXPIRES_IN | Session expiration time | 7d | - | 7d |
| BACKEND_SESSION_COOKIE_SECURE | Whether to secure session cookie | false | - | true |
| BACKEND_SESSION_ORIGIN_CHECK_ENABLED | Enable Origin and Fetch Metadata checks for unsafe browser session-cookie API requests. Enable only when your reverse proxy or CDN preserves these headers | false | - | false |
| BACKEND_JWT_EXPIRES_IN | JWT expiration time | 20d | - | 20d |
| BACKEND_RESET_PASSWORD_EMAIL_EXPIRES_IN | Reset password email expiration time | 30m | - | 30m |
| Resource Limits | ||||
| MAX_COPY_CELLS | Maximum number of cells to copy in a single request | - | - | 50000 |
| MAX_READ_ROWS | Maximum number of rows to read in a single request | - | - | 10000 |
| MAX_ATTACHMENT_UPLOAD_SIZE | Maximum attachment upload size (bytes) | - | - | 2147483648 |
| MAX_SPACE_OWNER_COUNT | Maximum number of spaces a user can own | 10 | - | 10 |
| TASK_MAX_FIELDS_PER_BATCH | Maximum number of AI fields sent to the model in one batch request. Values are clamped from 1 to 20 | 5 | - | 5 |
| TASK_MAX_CONCURRENCY | Maximum pending AI field task runs dispatched in one scheduling cycle. Values are clamped from 1 to 20 | 5 | - | 5 |
| TABLE_LIMIT_FIELD_OPTIONS_MAX_BYTES | Maximum serialized field option bytes | 262144 | - | 262144 |
| TABLE_LIMIT_SELECT_CHOICES_MAX | Maximum select choices per select field | 1000 | - | 1000 |
| TABLE_LIMIT_SELECT_CHOICE_NAME_MAX_LENGTH | Maximum select choice name length | 1000 | - | 1000 |
| TABLE_LIMIT_SELECT_DEFAULT_VALUES_MAX | Maximum select default values | 100 | - | 100 |
| TABLE_LIMIT_CELL_VALUE_MAX_BYTES | Maximum cell value bytes | 262144 | - | 262144 |
| TABLE_LIMIT_RECORD_FIELDS_MAX_BYTES | Maximum serialized record fields bytes | 1048576 | - | 1048576 |
| TABLE_LIMIT_RECORDS_PER_MUTATION_MAX | Maximum records per mutation | 20000 | - | 20000 |
| TABLE_LIMIT_COMPUTED_CELL_VALUE_MAX_BYTES | Maximum computed cell value bytes | 262144 | - | 262144 |
| TABLE_LIMIT_FORMULA_MAX_LENGTH | Maximum formula length | 8192 | - | 8192 |
| TABLE_LIMIT_TABLES_PER_BASE_MAX | Maximum tables per base | 1000 | - | 1000 |
| TABLE_LIMIT_FIELDS_PER_TABLE_MAX | Maximum fields per table | 500 | - | 500 |
| TABLE_LIMIT_VIEWS_PER_TABLE_MAX | Maximum views per table | 100 | - | 100 |
| TABLE_LIMIT_CREATE_TABLE_FIELDS_MAX | Maximum fields accepted when creating a table | 1000 | - | 1000 |
| TABLE_LIMIT_CREATE_TABLE_VIEWS_MAX | Maximum views accepted when creating a table | 20 | - | 20 |
| TABLE_LIMIT_CREATE_TABLE_RECORDS_MAX | Maximum records accepted when creating a table | 20000 | - | 20000 |
| TABLE_LIMIT_RECORDS_PER_TABLE_MAX | Maximum rows per table. Empty means no instance-level row limit | - | - | 1000000 |
| TABLE_LIMIT_VIEW_FILTER_ITEMS_MAX | Maximum filter items in a view | 100 | - | 100 |
| TABLE_LIMIT_VIEW_FILTER_DEPTH_MAX | Maximum nested filter depth in a view | 5 | - | 5 |
| TABLE_LIMIT_VIEW_SORT_ITEMS_MAX | Maximum sort items in a view | 20 | - | 20 |
| TABLE_LIMIT_VIEW_GROUP_ITEMS_MAX | Maximum group items in a view | 3 | - | 3 |
| TABLE_LIMIT_VIEW_OPTIONS_MAX_BYTES | Maximum serialized view option bytes | 262144 | - | 262144 |
| TABLE_LIMIT_NAME_MAX_LENGTH | Maximum display name length for supported table objects | 100 | - | 100 |
| TABLE_LIMIT_DESCRIPTION_MAX_LENGTH | Maximum description length for supported table objects | 2000 | - | 2000 |
| Feature Toggles | ||||
| RECORD_HISTORY_DISABLED | Whether to disable record history, defaults to false | false | - | true |
| PASSWORD_LOGIN_DISABLED | Whether to disable password login (OAuth and OIDC still available) | false | - | true |
| Analytics & Monitoring | ||||
| MICROSOFT_CLARITY_ID | Microsoft Clarity metrics ID, for enabling Microsoft Clarity analytics | - | - | your-metrics-id |
| OTEL_EXPORTER_OTLP_ENDPOINT | OpenTelemetry OTLP endpoint | - | - | http://jaeger:4317 |
| TELEMETRY_REPORT_DISABLED | Disable self-hosted telemetry reporting, including license compliance reports from connected instances | false | - | true |
| Database Configuration | ||||
| PRISMA_DATABASE_URL | Database connection URL, must be configured | - | Yes | postgresql://teable:teable@127.0.0.1:5432/teable |
| PRISMA_TRANSACTION_TIMEOUT | Maximum time (ms) a transaction can run before timing out. Increase for long-running transactions (e.g., bulk updates with many foreign keys) | 5000 | - | 60000 |
| PRISMA_TRANSACTION_MAX_WAIT | Maximum time (ms) to wait to acquire a transaction from the pool | 2000 | - | 5000 |