Skip to main content

Configuration

VariableDefaultDescription
DATABASE_URLpostgres://localhost:5432/terusinPostgres connection
REDIS_URLredis://127.0.0.1:6379Redis connection
PORTbackend 3001Process port
BACKEND_URLhttp://localhost:$BACKEND_PORTWeb upstream
AUTH_USERNAMEadminLegacy Basic seed user
AUTH_PASSWORDchange-me-in-productionLegacy Basic seed password
JWT_SECRET-JWT cookie secret; use a strong production value
GOOGLE_CLIENT_ID-Google OAuth client ID
GOOGLE_CLIENT_SECRET-Google OAuth client secret
GITHUB_CLIENT_ID-GitHub OAuth App client ID
GITHUB_CLIENT_SECRET-GitHub OAuth App client secret
APP_URLhttp://localhost:5173Canonical dashboard URL; determines the default OAuth callback
OAUTH_REDIRECT_URI$APP_URL/api/auth/callback/googleOptional explicit callback registered in Google
FRONTEND_URLAPP_URLOptional dashboard URL after OAuth completes
TURNSTILE_SECRET_KEY-Enables required Cloudflare Turnstile verification for browser sign-in
DEFAULT_TARGET_URLemptyFallback target
ALLOW_PUBLIC_TARGET_OVERRIDEfalseOpt-in legacy X-Target-Url on public ingest; still subject to URL policy
ALLOW_PRIVATE_TARGETSfalseAllows loopback/private targets for local development
DEFAULT_SIGNING_SECRETemptyGlobal outbound HMAC secret
MAX_RETRIES5Network retry limit
WORKER_COUNT4Parallel delivery workers
WEB_URLlocalhost development originsComma-separated CORS origins
PUBLIC_URLhttps://ingest.trusin.my.idURL shown by the dashboard
TERUSIN_TOKEN-CLI/MCP token
HOSTED_MODEfalseEnables hosted Free-plan entitlements and quotas
INGEST_CANONICAL_HOSTingest.trusin.my.idCNAME target for customer ingest domains
PLATFORM_ADMIN_TOKEN-One-time bearer secret for platform-operator bootstrap; never send it to a browser

For production, use HTTPS for FRONTEND_URL, a secret manager for sensitive values, and the exact public redirect URI registered in Google Cloud. For hosted trusin, use https://app.trusin.my.id as FRONTEND_URL and a WEB_URL origin, plus https://ingest.trusin.my.id as PUBLIC_URL.

HOSTED_MODE=false (default) leaves self-hosted installations without quotas. With HOSTED_MODE=true, the Free plan limits accepted events to 10,000 per UTC month, one active domain, ten providers, three active API keys, one user, and seven days of event retention.