Configuration

Environment variables, workspace settings, and operational configuration.

Weavestream is configured entirely through environment variables in .env. There are no config files to edit in the source tree.

Configuration Areas

The most important variables to set before going to production:

Variable	Why it matters
`WEAVESTREAM_VERSION`	Pin to a specific release — never use `latest` in production
`APP_URL`	Public URL — must be correct for cookies and presigned URLs
`API_URL`	Public API URL — must be reachable from browsers
`JWT_SIGNING_KEY`	Session signing — generated by `keygen.sh`
`MFA_ENCRYPTION_KEY`	TOTP secret encryption — generated by `keygen.sh`
`PASSWORD_ENCRYPTION_KEY`	Credential encryption — generated by `keygen.sh`
`POSTGRES_PASSWORD`	Must match the password in `DATABASE_URL`
`REDIS_PASSWORD`	Must match the password in `REDIS_URL`

Generate all secrets in one step:

./scripts/keygen.sh >> .env

Then update DATABASE_URL and REDIS_URL to include the newly generated passwords.