Environment Variables

MCPHub uses environment variables for configuration. This guide covers all available variables and their usage.

Core Application Settings

Server Configuration

VariableDefaultDescription
PORT3000Port number for the HTTP server
INIT_TIMEOUT300000Initial timeout for the application
BASE_PATH''The base path of the application
READONLYfalseSet to true to enable readonly mode
MCPHUB_SETTING_PATHPath to the MCPHub settings
NODE_ENVdevelopmentApplication environment (development, production, test)
PORT=3000
INIT_TIMEOUT=300000
BASE_PATH=/api
READONLY=true
MCPHUB_SETTING_PATH=/path/to/settings
NODE_ENV=production

Authentication & Security

JWT Configuration

VariableDefaultDescription
JWT_SECRET-Secret key for JWT token signing (required)
JWT_SECRET=your-super-secret-key-change-this-in-production

Configuration Examples

Development Environment

# .env.development
NODE_ENV=development
PORT=3000

# Auth
JWT_SECRET=dev-secret-key

Production Environment

# .env.production
NODE_ENV=production
PORT=3000

# Security
JWT_SECRET=your-super-secure-production-secret

Docker Environment

# .env.docker
NODE_ENV=production
PORT=3000

# Security
JWT_SECRET_FILE=/run/secrets/jwt_secret

Environment Variable Loading

MCPHub loads environment variables in the following order:
  1. System environment variables
  2. .env.local (ignored by git)
  3. .env.{NODE_ENV} (e.g., .env.production)
  4. .env

Using dotenv-expand

MCPHub supports variable expansion: 
BASE_URL=https://api.example.com
API_ENDPOINT=${BASE_URL}/v1

Security Best Practices

  1. Never commit secrets to version control
  2. Use strong, unique secrets for production
  3. Rotate secrets regularly
  4. Use environment-specific files
  5. Validate all environment variables at startup
  6. Use Docker secrets for container deployments