> ## Documentation Index > Fetch the complete documentation index at: https://docs.openlit.io/llms.txt > Use this file to discover all available pages before exploring further. # Configuration > Configuring Options for OpenLIT This guide covers all the available environment variables to fine-tune OpenLIT according to your needs. ## Environment variables Sets the host address of the ClickHouse server for OpenLIT to connect **Example**: ```yaml theme={null} export INIT_DB_HOST=127.0.0.1 ``` Sets the port on which ClickHouse listens **Example**: ```yaml theme={null} export INIT_DB_PORT=8123 ``` Sets the name of the database in Clickhouse to be used by OpenLIT **Example**: ```yaml theme={null} export INIT_DB_DATABASE=default ``` Sets the username for authenticating with ClickHouse **Example**: ```yaml theme={null} export INIT_DB_USERNAME=default ``` Sets the password for authenticating with ClickHouse **Example**: ```yaml theme={null} export INIT_DB_PASSWORD=default ``` Sets the location where SQLITE data is stored. **Example**: ```yaml theme={null} export SQLITE_DATABASE_URL=file:/app/client/data/data.db ``` ## OAuth authentication variables For detailed OAuth setup instructions, see the [OAuth Authentication Setup](/latest/openlit/oauth) guide. Sets the canonical URL of your site for NextAuth.js authentication **Example**: ```yaml theme={null} export NEXTAUTH_URL=http://localhost:3000 ``` Used to encrypt the NextAuth.js JWT tokens and email verification hashes **Example**: ```yaml theme={null} export NEXTAUTH_SECRET=your-secret-here ``` **Generate with**: `openssl rand -base64 32` Google OAuth client ID for Google sign-in integration **Example**: ```yaml theme={null} export GOOGLE_CLIENT_ID=your-google-client-id ``` Google OAuth client secret for Google sign-in integration **Example**: ```yaml theme={null} export GOOGLE_CLIENT_SECRET=your-google-client-secret ``` GitHub OAuth client ID for GitHub sign-in integration **Example**: ```yaml theme={null} export GITHUB_CLIENT_ID=your-github-client-id ``` GitHub OAuth client secret for GitHub sign-in integration **Example**: ```yaml theme={null} export GITHUB_CLIENT_SECRET=your-github-client-secret ``` ## Security variables OpenLIT enables stricter API protections by default, including security response headers, CSRF checks for browser session API requests, vault secret encryption, and restricted CORS for the vault secrets API. Secret used to encrypt Vault values at rest with AES-256-GCM. If this is not set, OpenLIT falls back to `NEXTAUTH_SECRET`. Use a stable, high-entropy value and keep it unchanged across restarts. Changing this value after secrets are encrypted prevents existing Vault values from being decrypted. **Generate with**: ```bash theme={null} openssl rand -base64 32 ``` **Example**: ```yaml theme={null} export OPENLIT_VAULT_ENCRYPTION_KEY=your-vault-encryption-key ``` Comma-separated list of browser origins that are allowed to call API-key authenticated Vault secret retrieval from another domain. Configure this when a browser application hosted on a different origin needs to call `POST /api/vault/get-secrets`. Server-to-server SDK or REST calls usually do not need this because they do not send a browser `Origin` header. Specify complete origins, including scheme and host. Do not use `*`. **Example**: ```yaml theme={null} export OPENLIT_ALLOWED_CORS_ORIGINS=https://app.example.com,https://admin.example.com ``` Backward-compatible alias for `OPENLIT_ALLOWED_CORS_ORIGINS`. **Example**: ```yaml theme={null} export OPENLIT_ALLOWED_ORIGINS=https://app.example.com ``` `NEXTAUTH_URL` is also treated as an allowed same-site origin for Vault CORS checks. Browser requests from other domains must be listed in `OPENLIT_ALLOWED_CORS_ORIGINS` or `OPENLIT_ALLOWED_ORIGINS`. ## Environment file placement Environment variables can be configured in multiple ways depending on your deployment method: ### Development setup Create a `.env` file in the `src/client/` directory for development: ```bash theme={null} src/client/.env ``` This file is automatically loaded by Next.js during development. Create a `.env` file in the same directory as your `docker-compose.yml` file: ```bash theme={null} # In the root directory with docker-compose.yml .env ``` This file is automatically loaded by Docker Compose. For development Docker setup, create a `.env` file alongside `src/dev-docker-compose.yml`: ```bash theme={null} # In the src/ directory with dev-docker-compose.yml src/.env ``` ### Production setup For production deployments, set environment variables directly in your hosting platform or container orchestration system (Kubernetes, Docker Swarm, etc.). ## Sample environment file (.env) ```.env.example .env theme={null} # Database Configuration INIT_DB_HOST="127.0.0.1" INIT_DB_PORT="8123" INIT_DB_DATABASE="default" INIT_DB_USERNAME="default" INIT_DB_PASSWORD="OPENLIT" SQLITE_DATABASE_URL="file:/app/client/data/data.db" # NextAuth Configuration (Optional) NEXTAUTH_URL="http://localhost:3000" NEXTAUTH_SECRET="your-secret-here" # OAuth Providers (Optional) GOOGLE_CLIENT_ID="your-google-client-id" GOOGLE_CLIENT_SECRET="your-google-client-secret" GITHUB_CLIENT_ID="your-github-client-id" GITHUB_CLIENT_SECRET="your-github-client-secret" # Security Configuration (Optional) OPENLIT_VAULT_ENCRYPTION_KEY="your-vault-encryption-key" OPENLIT_ALLOWED_CORS_ORIGINS="https://app.example.com,https://admin.example.com" ``` *** Create custom visualizations with flexible widgets, queries, and real-time AI monitoring Version, deploy, and collaborate on prompts with centralized management and tracking Compare cost, duration, and response tokens across different LLMs to find the most efficient model Discover and instrument LLM traffic across Kubernetes, Docker, and Linux using eBPF — no code changes required.