Reference

Environment Variables

All environment variables required and optional for running Technical Debt Radar.

Environment Variables

Complete list of environment variables used by Technical Debt Radar's API server, workers, and CLI.

Core

VariableRequiredDescriptionExample
NODE_ENVYesRuntime environmentproduction, development, test
APP_URLYesFrontend application URLhttps://app.radar.dev
API_URLYesAPI server URLhttps://api.radar.dev

Database

VariableRequiredDescriptionExample
DATABASE_URLYesPostgreSQL connection stringpostgresql://user:pass@localhost:5432/radar?schema=public

The connection string is used by Prisma. It supports all standard PostgreSQL connection parameters:

postgresql://USER:PASSWORD@HOST:PORT/DATABASE?schema=SCHEMA&connection_limit=5

For production, include connection_limit to control the Prisma connection pool size. Default is 5 connections.

Redis

VariableRequiredDescriptionExample
REDIS_URLYesRedis connection string for BullMQredis://localhost:6379

Redis is used for the BullMQ job queue (PR analysis, background processing). For production, use a dedicated Redis instance or Redis cluster.

redis://:PASSWORD@HOST:PORT/DB_NUMBER

Authentication

VariableRequiredDescriptionExample
JWT_SECRETYesSecret key for signing JWT access tokensyour-256-bit-secret-key
JWT_EXPIRYNoAccess token expiration time15m (default)
REFRESH_TOKEN_EXPIRYNoRefresh token expiration time7d (default)

Generate a strong JWT secret:

node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"

GitHub Integration

GitHub App

VariableRequiredDescriptionExample
GITHUB_APP_IDYes*GitHub App ID123456
GITHUB_PRIVATE_KEYYes*GitHub App private key (PEM format)-----BEGIN RSA PRIVATE KEY-----\n...
GITHUB_WEBHOOK_SECRETYes*Webhook signature verification secretwhsec_abc123...

*Required when using the GitHub App integration for PR analysis.

The private key can be provided as a file path or inline with \n for newlines:

# File path
GITHUB_PRIVATE_KEY="$(cat ./github-app-private-key.pem)"

# Inline (replace newlines with \n)
GITHUB_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIIE..."

GitHub OAuth

VariableRequiredDescriptionExample
GITHUB_CLIENT_IDYes*OAuth App client IDIv1.abc123def456
GITHUB_CLIENT_SECRETYes*OAuth App client secretghs_abc123...

*Required when enabling GitHub OAuth login.

Google OAuth

VariableRequiredDescriptionExample
GOOGLE_CLIENT_IDYes*Google OAuth client ID123456.apps.googleusercontent.com
GOOGLE_CLIENT_SECRETYes*Google OAuth client secretGOCSPX-abc123...

*Required when enabling Google OAuth login. Configure the OAuth consent screen and authorized redirect URIs in the Google Cloud Console.

Stripe (Billing)

VariableRequiredDescriptionExample
STRIPE_SECRET_KEYYes*Stripe API secret keysk_live_abc123...
STRIPE_WEBHOOK_SECRETYes*Stripe webhook signing secretwhsec_abc123...

*Required when enabling Stripe billing.

Use sk_test_... and whsec_test_... keys for development. Set up the webhook endpoint in the Stripe Dashboard pointing to https://api.radar.dev/v1/billing/webhook/stripe.

PayPal (Billing)

VariableRequiredDescriptionExample
PAYPAL_CLIENT_IDYes*PayPal REST API client IDAaBbCc123...
PAYPAL_CLIENT_SECRETYes*PayPal REST API client secretEeFfGg456...
PAYPAL_WEBHOOK_IDYes*PayPal webhook ID for signature verificationWH-abc123...

*Required when enabling PayPal billing.

For development, use PayPal Sandbox credentials. Set the webhook URL to https://api.radar.dev/v1/billing/webhook/paypal.

AI (Anthropic)

VariableRequiredDescriptionExample
ANTHROPIC_API_KEYYes*Anthropic API key for Claudesk-ant-api03-abc123...

*Required when enabling AI-powered features (scan summaries, cross-file analysis, fix suggestions).

The API key is used server-side only. AI analysis uses Claude Sonnet for cost-effective, high-quality code analysis.

CLI

VariableRequiredDescriptionExample
RADAR_API_KEYYes*API key for CLI authenticationrdr_abc123...

*Required when using the CLI tool to interact with the Radar API. Generate an API key from the dashboard settings.

The CLI also respects these optional variables:

# Override the API endpoint (for self-hosted)
RADAR_API_URL=https://radar.internal.company.com/v1

# Enable verbose output
RADAR_VERBOSE=true

Complete .env Template

# ── Core ─────────────────────────────────────────
NODE_ENV=development
APP_URL=http://localhost:3000
API_URL=http://localhost:3001

# ── Database ─────────────────────────────────────
DATABASE_URL=postgresql://postgres:postgres@localhost:5432/radar?schema=public

# ── Redis ────────────────────────────────────────
REDIS_URL=redis://localhost:6379

# ── Auth ─────────────────────────────────────────
JWT_SECRET=change-me-to-a-random-256-bit-hex-string
JWT_EXPIRY=15m
REFRESH_TOKEN_EXPIRY=7d

# ── GitHub App ───────────────────────────────────
GITHUB_APP_ID=
GITHUB_PRIVATE_KEY=
GITHUB_WEBHOOK_SECRET=

# ── GitHub OAuth ─────────────────────────────────
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

# ── Google OAuth ─────────────────────────────────
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=

# ── Stripe ───────────────────────────────────────
STRIPE_SECRET_KEY=
STRIPE_WEBHOOK_SECRET=

# ── PayPal ───────────────────────────────────────
PAYPAL_CLIENT_ID=
PAYPAL_CLIENT_SECRET=
PAYPAL_WEBHOOK_ID=

# ── AI ───────────────────────────────────────────
ANTHROPIC_API_KEY=

# ── CLI ──────────────────────────────────────────
RADAR_API_KEY=

Security Notes

  1. Never commit .env files to version control. Add .env to .gitignore.
  2. Use different secrets per environment. Development, staging, and production should each have unique JWT secrets and API keys.
  3. Rotate secrets regularly. Especially JWT_SECRET, GITHUB_PRIVATE_KEY, and payment provider keys.
  4. Use a secrets manager in production. AWS Secrets Manager, HashiCorp Vault, or your cloud provider's equivalent.
  5. Restrict API key permissions. GitHub App permissions should be minimal: read access to code, write access to pull requests and commit statuses.
PreviousFramework Handler DetectionNextTroubleshooting
Technical Debt Radar Documentation