> ## Documentation Index
> Fetch the complete documentation index at: https://docs.postsider.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Environment Variables for Your Self-Hosted Volta Instance
> Configure your self-hosted Volta instance with environment variables for the database, Redis, storage, email invitations, and social platform credentials.
All configuration for a self-hosted Volta instance is managed through environment variables. When you first set up Volta, you copy `.env.example` to `.env` and fill in the values relevant to your deployment. You only need to configure the variables for features you're actually using — Volta will work with just the required core variables, and you can add optional ones as you enable more features.
This page is for people **running their own Volta instance**. If you're using a hosted version of Volta, your instance is already configured — you don't need to manage environment variables yourself.
## Required Variables
These variables must be set for Volta to start. The backend will refuse to launch if `JWT_SECRET` is missing.
| Variable | Description |
| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
| `DATABASE_URL` | PostgreSQL connection string (e.g. `postgresql://user:password@localhost:5432/voltadb`) |
| `REDIS_URL` | Redis connection string (e.g. `redis://localhost:6379`) |
| `JWT_SECRET` | A long, random string used to sign session tokens. Generate with `openssl rand -base64 32` |
| `BACKEND_URL` | The public URL of the Volta backend API (e.g. `https://api.yourdomain.com`). Used as the base URL for OAuth redirect URIs and media serving. |
| `FRONTEND_URL` | The public URL where your Volta dashboard is accessible (e.g. `https://app.yourdomain.com`) |
| `NEXT_PUBLIC_BACKEND_URL` | The backend API URL exposed to the browser (typically the same value as `BACKEND_URL`) |
```env theme={null}
DATABASE_URL="postgresql://volta-user:yourpassword@localhost:5432/volta-db"
REDIS_URL="redis://localhost:6379"
JWT_SECRET="your-long-random-string-here"
BACKEND_URL="https://api.yourdomain.com"
FRONTEND_URL="https://app.yourdomain.com"
NEXT_PUBLIC_BACKEND_URL="https://api.yourdomain.com"
```
## Optional but Recommended
### Encryption Key
Setting `ENCRYPTION_KEY` is strongly recommended for production. It encrypts stored provider credentials and OAuth tokens using AES-256-GCM, which is more secure than the fallback encryption method. Generate one with `openssl rand -base64 32` and keep it backed up — losing this key means losing access to stored credentials.
```env theme={null}
# Generate with: openssl rand -base64 32
ENCRYPTION_KEY="your-generated-key-here"
```
When `ENCRYPTION_KEY` is not set, Volta falls back to a legacy AES-256-CBC encryption scheme derived from `JWT_SECRET`. Existing encrypted data continues to work if you set `ENCRYPTION_KEY` later.
### Email (Invitations)
Volta is invite-only by default. To send invitation emails to new users, configure a [Resend](https://resend.com/) account:
```env theme={null}
RESEND_API_KEY="re_your_api_key"
EMAIL_FROM_ADDRESS="noreply@yourdomain.com"
EMAIL_FROM_NAME="Volta"
```
If `RESEND_API_KEY` is not set, users can still be invited — they'll need to receive the invite link manually.
## Social Platform Credentials
Volta supports entering OAuth credentials directly from the **Add Channel** popup in the dashboard — you don't need to add them to your `.env` file manually for most platforms. Credentials entered through the UI are stored encrypted in the database and used automatically.
You may still choose to set credentials in `.env` if you prefer to manage them centrally or pre-configure them for your team. The full list of social platform variables is in your `.env.example` file. See the [Social Media](/channels/social-media) and [Messaging](/channels/messaging) channel guides for per-platform details.
## Security Settings
### Registration Control
```env theme={null}
# Disable public registration (invite-only). This is the default.
DISABLE_REGISTRATION=true
```
With `DISABLE_REGISTRATION=true`, no one can create an account without an invitation. Run `pnpm bootstrap` once after installation to create the first admin account, then use **Settings → Users → Invite** to add additional members.
### NOT\_SECURED Mode
**Never set `NOT_SECURED=true` in a production environment.** This mode disables secure cookie flags and exposes session tokens in response headers — it is intended only for local development where HTTPS is not available.
```env theme={null}
# For local development only. Comment out or remove for production.
# NOT_SECURED=true
```
When `NOT_SECURED` is off (the default), Volta uses httpOnly, secure, and SameSite cookies for session management, and enforces CSRF protection on all state-changing requests.
## Public API Rate Limiting
```env theme={null}
# Requests per hour per organization on the public API (default: 30)
API_LIMIT=30
```
## Full Example
Here's a minimal production-ready `.env` configuration:
```env theme={null}
# Core
DATABASE_URL="postgresql://volta-user:strongpassword@localhost:5432/voltadb"
REDIS_URL="redis://localhost:6379"
JWT_SECRET="generated-with-openssl-rand-base64-32"
ENCRYPTION_KEY="another-generated-key"
# URLs
FRONTEND_URL="https://app.yourdomain.com"
NEXT_PUBLIC_BACKEND_URL="https://api.yourdomain.com"
BACKEND_URL="https://api.yourdomain.com"
# Email invitations
RESEND_API_KEY="re_your_key"
EMAIL_FROM_ADDRESS="noreply@yourdomain.com"
EMAIL_FROM_NAME="Volta"
# Security
DISABLE_REGISTRATION=true
# Storage (see Storage configuration page)
STORAGE_PROVIDER="cloudflare"
CLOUDFLARE_ACCOUNT_ID="..."
CLOUDFLARE_ACCESS_KEY="..."
CLOUDFLARE_SECRET_ACCESS_KEY="..."
CLOUDFLARE_BUCKETNAME="volta-media"
CLOUDFLARE_BUCKET_URL="https://your-bucket.r2.cloudflarestorage.com/"
CLOUDFLARE_REGION="auto"
```