---
title: 'Environment Variables'
description: 'Configure MCPHub using environment variables'
---

# Environment Variables

MCPHub uses environment variables for configuration. This guide covers all available variables and their usage.

## Core Application Settings

### Server Configuration

| Variable | Default | Description |
| --- | --- | --- |
| `PORT` | `3000` | Port number for the HTTP server |
| `INIT_TIMEOUT` | `300000` | Initial timeout for the application |
| `BASE_PATH` | `''` | The base path of the application |
| `READONLY` | `false` | Set to `true` to enable readonly mode |
| `MCPHUB_SETTING_PATH` | | Path to the MCPHub settings |
| `NODE_ENV` | `development` | Application environment (`development`, `production`, `test`) |

```env
PORT=3000
INIT_TIMEOUT=300000
BASE_PATH=/api
READONLY=true
MCPHUB_SETTING_PATH=/path/to/settings
NODE_ENV=production
```

## Authentication & Security

### JWT Configuration

| Variable | Default | Description |
| --- | --- | --- |
| `JWT_SECRET` | - | Secret key for JWT token signing (required) |

```env
JWT_SECRET=your-super-secret-key-change-this-in-production
```

## Configuration Examples

### Development Environment

```env
# .env.development
NODE_ENV=development
PORT=3000

# Auth
JWT_SECRET=dev-secret-key
```

### Production Environment

```env
# .env.production
NODE_ENV=production
PORT=3000

# Security
JWT_SECRET=your-super-secure-production-secret
```

### Docker Environment

```env
# .env.docker
NODE_ENV=production
PORT=3000

# Security
JWT_SECRET_FILE=/run/secrets/jwt_secret
```

## Environment Variable Loading

MCPHub loads environment variables in the following order:

1. System environment variables
2. `.env.local` (ignored by git)
3. `.env.{NODE_ENV}` (e.g., `.env.production`)
4. `.env`

### Using dotenv-expand

MCPHub supports variable expansion:

```env
BASE_URL=https://api.example.com
API_ENDPOINT=${BASE_URL}/v1
```

## Security Best Practices

1. **Never commit secrets** to version control
2. **Use strong, unique secrets** for production
3. **Rotate secrets regularly**
4. **Use environment-specific files**
5. **Validate all environment variables** at startup
6. **Use Docker secrets** for container deployments