Environment variables

All runtime configuration is read from environment variables. The .env.docker.example file in the repository root is the canonical reference — this page documents the variables you are most likely to change.

Required for production

Variable	Description
DJANGO_SECRET_KEY	Used for cryptographic signing. Generate a fresh value for every deployment.
JWT_SIGNING_KEY	HMAC key for access and refresh tokens. Rotate to invalidate all sessions.
DATABASE_URL	postgres://app_user:…@db:5432/bottlecrm — do not use the postgres superuser.
REDIS_URL	redis://redis:6379/0 for Celery broker + result backend.
ALLOWED_HOSTS	Comma-separated list of hostnames Django will accept.
CORS_ALLOWED_ORIGINS	Comma-separated frontend origins (e.g. https://crm.acme.com).
DEBUG	False in production. True enables the dev-login command.

Google OAuth

To enable Google sign-in:

Variable	Description
GOOGLE_CLIENT_ID	OAuth client ID from Google Cloud Console
GOOGLE_CLIENT_SECRET	Matching secret
GOOGLE_REDIRECT_URI	Public URL of /auth/google/callback

The frontend uses PUBLIC_GOOGLE_CLIENT_ID (the same value, exposed at build time) to render the Sign-in-with-Google button.

Email (magic links + notifications)

Variable	Description
EMAIL_HOST	SMTP server hostname
EMAIL_PORT	Typically 587 for STARTTLS
EMAIL_HOST_USER	SMTP username
EMAIL_HOST_PASSWORD	SMTP password
DEFAULT_FROM_EMAIL	The From: address used for outbound mail

Storage

By default attachments and media files live on the local filesystem under media/. To store on S3-compatible object storage, set:

Variable	Description
AWS_STORAGE_BUCKET_NAME	Bucket to write into
AWS_ACCESS_KEY_ID	Access key
AWS_SECRET_ACCESS_KEY	Secret
AWS_S3_ENDPOINT_URL	Override for non-AWS providers (e.g. R2, MinIO, Backblaze B2)

Frontend

The SvelteKit app reads:

Variable	Description
PUBLIC_API_URL	Base URL of the Django backend (e.g. https://api.acme.com)
PUBLIC_GOOGLE_CLIENT_ID	OAuth client ID for the Google button

Anything prefixed PUBLIC_ is shipped to the browser — never put secrets there.