Environment Variables
Configuration options for the QueryGlow container. These should be defined in your .env file or passed via Docker Compose. The deploy.sh script generates this file automatically.
Critical Security Variables
| Variable | Required | Description |
|---|---|---|
| SESSION_SECRET | YES | A 64-character hex string used to derive the encryption key for database passwords and SSH keys. Encrypts using AES-256-GCM with scrypt key derivation. Warning: If you lose this, all saved database passwords become unreadable. Back up your .env file securely! |
| ENCRYPTION_SALT | AUTO | Auto-generated by deploy.sh. Each installation gets a unique salt for credential encryption.Do not manually set this unless migrating installations. |
| NODE_ENV | REC | Set to production for production deployments. Enables performance optimizations and disables verbose logging. |
Safe Mode Configuration
| Variable | Default | Description |
|---|---|---|
| QUERYGLOW_ALLOW_DESTRUCTIVE | false | Controls Query Editor safety behavior: false = Safe Mode (default) Blocks DROP TABLE, TRUNCATE, DELETE/UPDATE without WHERE true = Power Mode All SQL commands allowed in Query Editor Note: This only affects the Query Editor (raw SQL). Data Browser buttons (edit/delete single rows) always work. |
Always blocked (cannot be enabled): DROP DATABASE, SHUTDOWN, INTO OUTFILE, LOAD_FILE, xp_cmdshell, COPY TO/FROM PROGRAM
System Configuration
| Variable | Default | Description |
|---|---|---|
| PORT | 3000 | Internal port the Next.js server listens on. Auto-detected by deploy.sh if 3000 is in use (tries 3001, 3002, etc.). |
| DATA_DIR | /app/data | Directory path where persistent JSON files are stored:
|
AI Assistant (Optional)
Providing these keys enables the AI query generation feature. Requests are proxied through your server, keeping API keys secret from the browser. Leave blank to disable AI features—the app works perfectly without AI.
| Variable | Provider | Description |
|---|---|---|
| OPENAI_API_KEY | OpenAI | Enables GPT-4o model. Key format: sk-... |
| ANTHROPIC_API_KEY | Anthropic | Enables Claude 3.5 Sonnet model. Key format: sk-ant-... |
| GOOGLE_API_KEY | Enables Gemini 1.5 Pro model. Key format: AIza... |
Rate limited to 30 requests/minute to prevent API cost abuse.
Example .env File
# ==============================================
# QueryGlow Configuration
# ==============================================
# CRITICAL: Security
# Generate with: openssl rand -hex 32
SESSION_SECRET=your-64-character-hex-string-here
# Auto-generated by deploy.sh (unique per installation)
ENCRYPTION_SALT=auto-generated-do-not-set-manually
# Environment
NODE_ENV=production
# Safe Mode (default: false = Safe Mode ON)
# Set to true only if you need DROP TABLE, TRUNCATE, etc.
QUERYGLOW_ALLOW_DESTRUCTIVE=false
# Data persistence
DATA_DIR=/app/data
# Port (default: 3000, auto-detected if in use)
PORT=3000
# Optional: AI Assistant (add one or more)
OPENAI_API_KEY=sk-...
ANTHROPIC_API_KEY=sk-ant-...
GOOGLE_API_KEY=AIza...Generate a secure SESSION_SECRET: openssl rand -hex 32 (produces 64 hex characters)
Quick Reference
| Variable | Required | Default | Purpose |
|---|---|---|---|
| SESSION_SECRET | Yes | — | Encryption key derivation |
| ENCRYPTION_SALT | Auto | generated | Unique salt per installation |
| QUERYGLOW_ALLOW_DESTRUCTIVE | No | false | Safe Mode control |
| NODE_ENV | Rec | development | Production optimizations |
| PORT | No | 3000 | Server port |
| DATA_DIR | No | /app/data | Persistent storage path |
| OPENAI_API_KEY | No | — | GPT-4o AI |
| ANTHROPIC_API_KEY | No | — | Claude AI |
| GOOGLE_API_KEY | No | — | Gemini AI |