This guide provides a comprehensive overview of all environment variables used in the Commercial Edition. These variables allow you to customize your Plane instance to best fit your organization’s needs.
Where to find the .env file
The environment file for Plane Commercial Edition is located at:
This is where you’ll make all configuration changes. Remember to restart the instance after making changes to ensure they take effect.
Environment variables
General settings
| Variable | Description | Default Value |
|---|
| INSTALL_DIR | Directory where Plane is installed. | /opt/plane |
| DOMAIN_NAME | Primary domain name for your Plane instance. This determines how users will access your installation. | localhost |
| APP_RELEASE_VERSION | The version of Plane Commercial Edition you’re running. This helps with troubleshooting and ensures compatibility. | Current release version |
| WEB_URL | The complete base URL for the web application including protocol (e.g., https://plane.example.com). | http://localhost |
| CORS_ALLOWED_ORIGINS | Comma-separated list of origins allowed to make cross-origin requests to your API. Usually, this should include your WEB_URL. | http://localhost |
| DEBUG | Toggles debug mode for more verbose logging and debugging information. | 0 (disabled) |
| Variable | Description | Default Value |
|---|
| WEB_REPLICAS | Number of web server replicas for load balancing. | 1 |
| SPACE_REPLICAS | Number of space service replicas for workspaces. | 1 |
| ADMIN_REPLICAS | Number of admin service replicas. | 1 |
| API_REPLICAS | Number of API service replicas. | 1 |
| WORKER_REPLICAS | Number of worker service replicas for background tasks. | 1 |
| BEAT_WORKER_REPLICAS | Number of beat worker replicas for scheduled tasks. | 1 |
| LIVE_REPLICAS | Number of live service replicas for real-time updates. | 1 |
| GUNICORN_WORKERS | Number of Gunicorn workers for handling web requests. Increase for better performance on high-traffic instances. | 2 |
Networking and security
| Variable | Description | Default Value |
|---|
| LISTEN_HTTP_PORT | Port for HTTP traffic. | 80 |
| LISTEN_HTTPS_PORT | Port for HTTPS traffic. | 443 |
| APP_PROTOCOL | Protocol to be used, either http or https. | http |
| TRUSTED_PROXIES | CIDR notation of trusted proxies for request forwarding. Important when behind load balancers or reverse proxies. | 0.0.0.0/0 |
| SSL_VERIFY | Whether to verify SSL certificates for outgoing connections. Set to 0 only in development environments. | 1 |
SSL and certificates
| Variable | Description | Default Value |
|---|
| CERT_EMAIL | Email used for SSL certificate registration with Let’s Encrypt or other ACME providers. | admin@example.com |
| CERT_ACME_CA | ACME Certificate Authority URL for SSL certificate issuance. | https://acme-v02.api.letsencrypt.org/directory |
| CERT_ACME_DNS | DNS provider configuration for SSL certificate domain validation. Format varies by provider. | |
| SITE_ADDRES | The domain name and port required by Caddy for serving your Plane instance. This determines how Caddy will handle incoming requests. | localhost:80 |
Database settings
| Variable | Description | Default Value |
|---|
| PGHOST | Hostname or IP address of your PostgreSQL server. | plane-db |
| PGDATABASE | Name of the PostgreSQL database Plane will use. | plane |
| POSTGRES_USER | Username for PostgreSQL authentication. | plane |
| POSTGRES_PASSWORD | Password for PostgreSQL authentication. Critical: Use a strong, unique password here. | plane |
| POSTGRES_DB | Same as PGDATABASE - the name of the PostgreSQL database. | plane |
| POSTGRES_PORT | TCP port your PostgreSQL server is listening on. | 5432 |
| PGDATA | Directory path where PostgreSQL data is stored. Only relevant if you’re managing PostgreSQL within the same container/system. | /var/lib/postgresql/data |
| DATABASE_URL | Full connection string for PostgreSQL. If provided, this takes precedence over individual connection parameters. Format: postgresql://username:password@host:port/dbname | |
Redis settings
| Variable | Description | Default Value |
|---|
| REDIS_HOST | Hostname or IP address of your Redis server. | plane-redis |
| REDIS_PORT | TCP port your Redis server is listening on. | 6379 |
| REDIS_URL | Full connection string for Redis. | |
RabbitMQ settings
| Variable | Description | Default Value |
|---|
| RABBITMQ_HOST | Hostname or IP address of your RabbitMQ server. | plane-mq |
| RABBITMQ_PORT | TCP port your RabbitMQ server is listening on. | 5672 |
| RABBITMQ_DEFAULT_USER | Username for RabbitMQ authentication. | plane |
| RABBITMQ_DEFAULT_PASS | Password for RabbitMQ authentication. | plane |
| RABBITMQ_DEFAULT_VHOST | Virtual host for RabbitMQ, providing logical separation of resources. | plane |
| AMQP_URL | Full connection string for RabbitMQ. Format: amqp://username:password@host:port/vhost | |
Authentication and security
| Variable | Description | Default Value |
|---|
| SECRET_KEY | Secret key used for various cryptographic operations, including JWT token signing. | |
| MACHINE_SIGNATURE | Unique identifier for your instance, used for licensing and authentication. | |
File Storage (MinIO / S3)
| Variable | Description | Default Value |
|---|
| USE_MINIO | Determines whether to use MinIO for object storage. Set to 1 to enable MinIO, 0 to use configured S3 or local storage. | 1 |
| AWS_REGION | AWS region for S3 storage services. | |
| AWS_ACCESS_KEY_ID | Access key for MinIO or AWS S3 authentication. | |
| AWS_SECRET_ACCESS_KEY | Secret key for MinIO or AWS S3 authentication. | |
| AWS_S3_ENDPOINT_URL | Custom endpoint URL for MinIO or S3-compatible storage. | http://plane-minio:9000 |
| AWS_S3_BUCKET_NAME | S3 bucket name for file storage. | uploads |
| MINIO_ROOT_USER | Username for MinIO authentication. This is effectively your MinIO admin account. | access-key |
| MINIO_ROOT_PASSWORD | Password for MinIO root user authentication. Keep this secure as it provides full access to your storage. | secret-key |
| BUCKET_NAME | S3 bucket name where all file uploads will be stored. This bucket will be automatically created if it doesn’t exist. | uploads |
| FILE_SIZE_LIMIT | Maximum file upload size in bytes. | 5242880 (5MB) |
| MINIO_ENDPOINT_SSL | Force HTTPS for MinIO when dealing with SSL termination. Set to 1 to enable. | 0 |
GitHub integration
| Variable | Description | Default Value |
|---|
| GITHUB_CLIENT_ID | OAuth client ID for GitHub integration. | |
| GITHUB_CLIENT_SECRET | OAuth client secret for GitHub integration. | |
| GITHUB_APP_NAME | GitHub App name for enhanced GitHub integration. | |
| GITHUB_APP_ID | GitHub App ID for enhanced GitHub integration. | |
| GITHUB_PRIVATE_KEY | Private key for GitHub App authentication. | |
Slack integration
| Variable | Description | Default Value |
|---|
| SLACK_CLIENT_ID | OAuth client ID for Slack integration. | |
| SLACK_CLIENT_SECRET | OAuth client secret for Slack integration. | |
GitLab integration
| Variable | Description | Default Value |
|---|
| GITLAB_CLIENT_ID | OAuth client ID for GitLab integration. | |
| GITLAB_CLIENT_SECRET | OAuth client secret for GitLab integration. | |
API settings
| Variable | Description | Default Value |
|---|
| API_KEY_RATE_LIMIT | Rate limit for API requests to prevent abuse. Format: number/timeunit | 60/minute |
