Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/yocxy2/Flowise/llms.txt

Use this file to discover all available pages before exploring further.

Flowise provides extensive configuration through environment variables. This guide covers all available options organized by category.

Server Configuration

PORT
number
default:"3000"
Port number for the Flowise server to listen on
APP_URL
string
default:"http://localhost:3000"
Base URL of your Flowise application, used for generating links in emails and SSO callbacks
NUMBER_OF_PROXIES
number
default:"1"
Number of proxies between client and server. Used for proper IP address resolution
TRUST_PROXY
string
default:"false"
Trust proxy configuration for Express. Can be true, false, 1, loopback, linklocal, uniquelocal, IP addresses, or comma-separated combinations
CORS_ORIGINS
string
default:"*"
Comma-separated list of allowed CORS origins. Use * to allow all origins
IFRAME_ORIGINS
string
default:"*"
Comma-separated list of allowed iframe origins. Use * to allow all origins
FLOWISE_FILE_SIZE_LIMIT
string
default:"50mb"
Maximum file upload size (e.g., 50mb, 100mb)

Database Configuration

Flowise supports SQLite (default), PostgreSQL, MySQL, and MariaDB.
DATABASE_TYPE
string
default:"sqlite"
Database type. Options: sqlite, postgres, mysql, mariadb
DATABASE_PATH
string
default:"~/.flowise"
Path where the SQLite database file will be stored. Only used when DATABASE_TYPE=sqlite

PostgreSQL / MySQL / MariaDB Configuration

DATABASE_HOST
string
Database server hostname or IP address
DATABASE_PORT
number
default:"5432 (postgres) | 3306 (mysql/mariadb)"
Database server port
DATABASE_NAME
string
default:"flowise"
Name of the database to use
DATABASE_USER
string
default:"root"
Database username
DATABASE_PASSWORD
string
Database password

Database SSL Configuration

DATABASE_SSL
boolean
default:"false"
Enable SSL connection to database
DATABASE_REJECT_UNAUTHORIZED
boolean
default:"true"
Whether to reject unauthorized SSL certificates
DATABASE_SSL_KEY_BASE64
string
Self-signed SSL certificate in BASE64 format for database connection

Authentication & Security

Basic Authentication

FLOWISE_USERNAME
string
Username for basic HTTP authentication (legacy)
FLOWISE_PASSWORD
string
Password for basic HTTP authentication (legacy)

JWT Configuration

JWT_AUTH_TOKEN_SECRET
string
Secret key for signing JWT access tokens. Generate with: openssl rand -hex 32If not set, uses file-based or AWS Secrets Manager storage
JWT_REFRESH_TOKEN_SECRET
string
Secret key for signing JWT refresh tokens. Generate with: openssl rand -hex 32If not set, uses file-based or AWS Secrets Manager storage
JWT_ISSUER
string
default:"Flowise"
JWT issuer claim value
JWT_AUDIENCE
string
default:"Flowise"
JWT audience claim value
JWT_TOKEN_EXPIRY_IN_MINUTES
number
default:"360"
Access token expiration time in minutes (default: 6 hours)
JWT_REFRESH_TOKEN_EXPIRY_IN_MINUTES
number
default:"43200"
Refresh token expiration time in minutes (default: 30 days)
EXPIRE_AUTH_TOKENS_ON_RESTART
boolean
default:"false"
Expire all authentication tokens when the application restarts

Session & Token Security

EXPRESS_SESSION_SECRET
string
Secret for Express session signing. Generate with: openssl rand -hex 32If not set, uses file-based or AWS Secrets Manager storage
TOKEN_HASH_SECRET
string
Secret for hashing tokens. Generate with: openssl rand -hex 32If not set, uses file-based or AWS Secrets Manager storage
SECURE_COOKIES
boolean
Enable secure flag on cookies (recommended for HTTPS deployments)
INVITE_TOKEN_EXPIRY_IN_HOURS
number
default:"24"
Workspace invitation token expiration time in hours
PASSWORD_RESET_TOKEN_EXPIRY_IN_MINS
number
default:"15"
Password reset token expiration time in minutes
PASSWORD_SALT_HASH_ROUNDS
number
default:"10"
Number of bcrypt salt rounds for password hashing

Secret Key Storage

SECRETKEY_STORAGE_TYPE
string
default:"local"
Storage type for encryption keys and auth secrets. Options: local, aws
SECRETKEY_PATH
string
default:"~/.flowise"
Local filesystem path for storing encryption keys and auth secrets when using local storage
FLOWISE_SECRETKEY_OVERWRITE
string
Override the encryption key with a specific value (not recommended for production)

AWS Secrets Manager Configuration

Required when SECRETKEY_STORAGE_TYPE=aws:
SECRETKEY_AWS_ACCESS_KEY
string
AWS access key ID for Secrets Manager
SECRETKEY_AWS_SECRET_KEY
string
AWS secret access key for Secrets Manager
SECRETKEY_AWS_REGION
string
default:"us-west-2"
AWS region for Secrets Manager
SECRETKEY_AWS_NAME
string
default:"FlowiseEncryptionKey"
Name of the secret in AWS Secrets Manager for the main encryption key
SECRETKEY_AWS_AUTH_PREFIX
string
default:"Flowise"
Prefix for auth secret names in AWS Secrets Manager (e.g., FlowiseTokenHashSecret)

Email Configuration (SMTP)

SMTP_HOST
string
SMTP server hostname (e.g., smtp.gmail.com)
SMTP_PORT
number
default:"465"
SMTP server port
SMTP_USER
string
SMTP authentication username
SMTP_PASSWORD
string
SMTP authentication password
SMTP_SECURE
boolean
default:"true"
Use TLS for SMTP connection
ALLOW_UNAUTHORIZED_CERTS
boolean
default:"false"
Allow self-signed certificates for SMTP
SENDER_EMAIL
string
From email address for sent emails (e.g., team@example.com)
WORKSPACE_INVITE_TEMPLATE_PATH
string
Path to custom workspace invitation email template (Handlebars format)

Logging Configuration

DEBUG
boolean
default:"false"
Enable debug mode with verbose logging
LOG_PATH
string
default:"~/.flowise/logs"
Directory path for storing log files
LOG_LEVEL
string
default:"info"
Logging level. Options: error, warn, info, verbose, debug
LOG_SANITIZE_BODY_FIELDS
string
Comma-separated list of request body field names to sanitize in logsDefault: password,pwd,pass,secret,token,apikey,api_key,accesstoken,access_token,refreshtoken,refresh_token,clientsecret,client_secret,privatekey,private_key,secretkey,secret_key,auth,authorization,credential,credentials
LOG_SANITIZE_HEADER_FIELDS
string
default:"authorization,x-api-key,x-auth-token,cookie"
Comma-separated list of HTTP header names to sanitize in logs

Storage Configuration

See Storage Configuration for detailed storage setup.
STORAGE_TYPE
string
default:"local"
File storage type. Options: local, s3, gcs
BLOB_STORAGE_PATH
string
default:"~/.flowise/storage"
Local filesystem path for file storage when using local storage type

Application Features

SHOW_COMMUNITY_NODES
boolean
default:"true"
Show community-contributed nodes in the UI
DISABLE_FLOWISE_TELEMETRY
boolean
default:"false"
Disable anonymous usage telemetry
DISABLED_NODES
string
Comma-separated list of node names to disable (e.g., bufferMemory,chatOpenAI)
MODEL_LIST_CONFIG_JSON
string
Path to custom model list configuration JSON fileSee models.json format
TOOL_FUNCTION_BUILTIN_DEP
string
default:"crypto,fs"
Comma-separated list of built-in Node.js modules allowed in tool functions
TOOL_FUNCTION_EXTERNAL_DEP
string
Comma-separated list of external npm packages allowed in tool functions (e.g., moment,lodash)
ALLOW_BUILTIN_DEP
boolean
default:"false"
Allow all built-in Node.js modules in tool functions

Enterprise Features

LICENSE_URL
string
URL for enterprise license server
FLOWISE_EE_LICENSE_KEY
string
Enterprise edition license key
OFFLINE
boolean
Run in offline mode (no external license validation)

Metrics & Monitoring

POSTHOG_PUBLIC_API_KEY
string
PostHog API key for product analytics
ENABLE_METRICS
boolean
default:"false"
Enable metrics collection
METRICS_PROVIDER
string
default:"prometheus"
Metrics provider. Options: prometheus, open_telemetry
METRICS_INCLUDE_NODE_METRICS
boolean
default:"true"
Include Node.js runtime metrics
METRICS_SERVICE_NAME
string
default:"FlowiseAI"
Service name for metrics reporting

OpenTelemetry Configuration

Required when METRICS_PROVIDER=open_telemetry:
METRICS_OPEN_TELEMETRY_METRIC_ENDPOINT
string
default:"http://localhost:4318/v1/metrics"
OpenTelemetry metrics endpoint URL
METRICS_OPEN_TELEMETRY_PROTOCOL
string
default:"http"
OpenTelemetry protocol. Options: http, grpc, proto
METRICS_OPEN_TELEMETRY_DEBUG
boolean
default:"false"
Enable debug logging for OpenTelemetry

Proxy Configuration

GLOBAL_AGENT_HTTP_PROXY
string
HTTP proxy URL for outbound requests (e.g., http://proxy.company.com:8080)
GLOBAL_AGENT_HTTPS_PROXY
string
HTTPS proxy URL for outbound requests
GLOBAL_AGENT_NO_PROXY
string
Comma-separated list of hosts to bypass proxy

Queue Configuration

For distributed deployments with Redis-backed job queues:
MODE
string
default:"main"
Application mode. Options: queue, main
  • main: Standard server mode
  • queue: Worker mode for processing jobs from Redis queue
QUEUE_NAME
string
default:"flowise-queue"
Redis queue name
QUEUE_REDIS_EVENT_STREAM_MAX_LEN
number
default:"100000"
Maximum length of Redis event stream
WORKER_CONCURRENCY
number
default:"100000"
Maximum concurrent jobs per worker
REMOVE_ON_AGE
number
default:"86400"
Remove completed jobs after this many seconds (default: 24 hours)
REMOVE_ON_COUNT
number
default:"10000"
Remove jobs after this count is reached

Redis Configuration

REDIS_URL
string
Complete Redis connection URL (e.g., redis://localhost:6379)If set, takes precedence over individual REDIS_* settings
REDIS_HOST
string
default:"localhost"
Redis server hostname
REDIS_PORT
number
default:"6379"
Redis server port
REDIS_USERNAME
string
Redis username (Redis 6+)
REDIS_PASSWORD
string
Redis password
REDIS_TLS
boolean
Enable TLS for Redis connection
REDIS_CERT
string
Path to TLS certificate file
REDIS_KEY
string
Path to TLS private key file
REDIS_CA
string
Path to TLS CA certificate file
REDIS_KEEP_ALIVE
number
TCP keep-alive interval in milliseconds
ENABLE_BULLMQ_DASHBOARD
boolean
Enable BullMQ dashboard UI for queue monitoring

Security

HTTP_DENY_LIST
string
Comma-separated list of URLs or patterns to block in HTTP requests
HTTP_SECURITY_CHECK
boolean
default:"true"
Enable HTTP security checks for outbound requests
CUSTOM_MCP_SECURITY_CHECK
boolean
default:"true"
Enable security checks for MCP (Model Context Protocol) servers
CUSTOM_MCP_PROTOCOL
string
default:"sse"
MCP protocol type. Options: stdio, sse

Document Loaders

PUPPETEER_EXECUTABLE_FILE_PATH
string
Path to Chrome/Chromium executable for Puppeteer document loaderExample (Windows): C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe
PLAYWRIGHT_EXECUTABLE_FILE_PATH
string
Path to Chrome/Chromium executable for Playwright document loaderExample (Windows): C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe

Example Configuration

# Server
PORT=3000
APP_URL=https://flowise.yourdomain.com

# Database (PostgreSQL)
DATABASE_TYPE=postgres
DATABASE_HOST=localhost
DATABASE_PORT=5432
DATABASE_NAME=flowise
DATABASE_USER=flowise_user
DATABASE_PASSWORD=secure_password
DATABASE_SSL=true

# JWT Authentication
JWT_AUTH_TOKEN_SECRET=$(openssl rand -hex 32)
JWT_REFRESH_TOKEN_SECRET=$(openssl rand -hex 32)
JWT_TOKEN_EXPIRY_IN_MINUTES=360

# Storage (S3)
STORAGE_TYPE=s3
S3_STORAGE_BUCKET_NAME=my-flowise-bucket
S3_STORAGE_REGION=us-east-1

# Email
SMTP_HOST=smtp.gmail.com
SMTP_PORT=465
SMTP_USER=noreply@yourdomain.com
SMTP_PASSWORD=app_specific_password
SENDER_EMAIL=team@yourdomain.com

# Logging
LOG_LEVEL=info
DEBUG=false
For production deployments, always generate secure random values for secret keys using openssl rand -hex 32
Never commit .env files containing secrets to version control. Use environment-specific configuration and secret management tools.