llm.txthome

Environment

This is the canonical Lucent environment reference.

Use it as the single source of truth for:

  • what is required vs optional
  • what belongs to Lucent core vs optional integrations
  • which values are acceptable only for local development

Required For Most Apps

These are the variables most Lucent apps need in production.

VariableRequired WhenNotes
DATABASE_URLAlways for db.adapter: "postgres"PostgreSQL connection string
JWT_SECRETJWT auth is enabledMust be at least 32 characters
SESSION_SECRETSession auth is enabledMust be at least 32 characters

Optional By Feature

Only set these when the corresponding feature is enabled.

Redis / Cache

VariableRequired WhenNotes
REDIS_URLUsing response cacheExample: redis://localhost:6379

Queues

VariableRequired WhenNotes
REDIS_URLUsing LucentQueueManagerExample: redis://localhost:6379

SMTP Email

VariableRequired WhenNotes
SMTP_HOSTUsing SMTP email providerSMTP server hostname
SMTP_PORTUsing SMTP email providerOptional, defaults to 587 in most setups
SMTP_SECUREUsing SMTP email providerOptional, use true for port 465
SMTP_USERUsing SMTP email providerSMTP username
SMTP_PASSUsing SMTP email providerSMTP password
SMTP_FROMSending emailFallback sender address

Resend Email

VariableRequired WhenNotes
RESEND_API_KEYUsing Resend providerAPI key for Resend
SMTP_FROMSending emailStill used as the default from address

S3 Storage

VariableRequired WhenNotes
S3_BUCKETUsing storage.provider: "s3"Bucket name
S3_REGIONUsing storage.provider: "s3"Region name
AWS_ACCESS_KEY_IDUsing storage.provider: "s3"Access key
AWS_SECRET_ACCESS_KEYUsing storage.provider: "s3"Secret key

Google Drive Storage

VariableRequired WhenNotes
GOOGLE_DRIVE_CLIENT_EMAILUsing upload.provider: "googleDrive"Service account email
GOOGLE_DRIVE_PRIVATE_KEYUsing upload.provider: "googleDrive"Service account private key
GOOGLE_DRIVE_FOLDER_IDUsing upload.provider: "googleDrive"Shared drive folder ID or URL

Google Drive service-account uploads require a Google Workspace Shared drive folder, or domain-wide delegation to a Workspace user with Drive storage quota. A normal My Drive folder shared with the service account is not sufficient for uploads.

Secrets

VariableRequired WhenNotes
LUCENT_SECRETS_KEYUsing secrets.enabled: true32-byte master key generated by LucentSecrets.generateMasterKey()

SurrealDB

VariableRequired WhenNotes
SURREAL_URLUsing db.adapter: "surrealdb"Example: ws://localhost:8000
SURREAL_NAMESPACEOptional for SurrealDBIf not passed in config
SURREAL_DATABASEOptional for SurrealDBIf not passed in config
SURREAL_USERNAMEOptional for SurrealDB authIf auth is enabled
SURREAL_PASSWORDOptional for SurrealDB authIf auth is enabled

App-Level Convenience Variables

Lucent does not require these, but many apps use them.

VariablePurpose
PORTBun server port
NODE_ENVStandard runtime mode
COOKIE_DOMAINShared cookie domain for JWT/session cookie setups
VERIFY_EMAIL_URLBase URL for verification links

Local Development Example

DATABASE_URL=postgresql://postgres:password@localhost:5432/lucent_example
JWT_SECRET=dev-secret-change-before-production-123
SESSION_SECRET=dev-session-secret-change-before-prod-123
PORT=3000
NODE_ENV=development

If you use optional features, extend that with:

REDIS_URL=redis://localhost:6379
SMTP_HOST=smtp.example.com
SMTP_USER=user
SMTP_PASS=pass
SMTP_FROM="My App <noreply@example.com>"
RESEND_API_KEY=re_xxx
S3_BUCKET=my-bucket
S3_REGION=us-east-1
AWS_ACCESS_KEY_ID=xxx
AWS_SECRET_ACCESS_KEY=xxx

Production Rules

  • Never rely on development fallback secrets in production
  • Do not use wildcard CORS with credentials enabled
  • Ensure Redis durability and high availability for BullMQ jobs that must survive restarts
  • Treat email and storage credentials as required only when those integrations are enabled
  • Keep app-level variables such as PORT and reverse proxy config outside Lucent-specific docs where possible