Skip to main content

Environment Variables

MCPHub uses environment variables for configuration. This guide covers all available variables and their usage.

Core Application Settings

Server Configuration

VariableDefaultDescription
PORT3000Port number for the HTTP server
INIT_TIMEOUT300000Initial timeout for the application
BASE_PATH''The base path of the application
READONLYfalseSet to true to enable readonly mode
MCPHUB_SETTING_PATHPath to the MCPHub settings
NODE_ENVdevelopmentApplication environment (development, production, test)
PORT=3000
INIT_TIMEOUT=300000
BASE_PATH=/api
READONLY=true
MCPHUB_SETTING_PATH=/path/to/settings
NODE_ENV=production

Authentication & Security

JWT Configuration

VariableDefaultDescription
JWT_SECRET-Secret key for JWT token signing (required)
JWT_SECRET=your-super-secret-key-change-this-in-production

Configuration Examples

Development Environment

# .env.development
NODE_ENV=development
PORT=3000

# Auth
JWT_SECRET=dev-secret-key

Production Environment

# .env.production
NODE_ENV=production
PORT=3000

# Security
JWT_SECRET=your-super-secure-production-secret

Docker Environment

# .env.docker
NODE_ENV=production
PORT=3000

# Security
JWT_SECRET_FILE=/run/secrets/jwt_secret

Environment Variable Loading

MCPHub loads environment variables in the following order:
  1. System environment variables
  2. .env.local (ignored by git)
  3. .env.{NODE_ENV} (e.g., .env.production)
  4. .env

Using dotenv-expand

MCPHub supports variable expansion: 
BASE_URL=https://api.example.com
API_ENDPOINT=${BASE_URL}/v1

Security Best Practices

  1. Never commit secrets to version control
  2. Use strong, unique secrets for production
  3. Rotate secrets regularly
  4. Use environment-specific files
  5. Validate all environment variables at startup
  6. Use Docker secrets for container deployments
I