Configuration
All configuration is done via environment variables in .env. Copy .env.example to get started.
Required variables
| Variable | Description |
|---|---|
SESSION_SECRET | Any long random string. Used to sign session cookies. Rotate this to invalidate all active sessions. |
ENCRYPTION_KEY | Exactly 64 hex characters. Used to encrypt Stripe keys and Square OAuth tokens at rest. Do not change after initial setup — changing it makes existing encrypted credentials unreadable. |
Generate both with:
node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"Optional — AI features
| Variable | Description |
|---|---|
ANTHROPIC_API_KEY | Your Anthropic API key. Without this, the AI Assistant and Dashboard insights are unavailable. Get one at console.anthropic.com. |
Optional — Square OAuth
Required to enable Square Sync. Register an app at developer.squareup.com.
| Variable | Description |
|---|---|
SQUARE_APP_ID | Your Square application ID |
SQUARE_APP_SECRET | Your Square application secret |
SQUARE_ENVIRONMENT | sandbox for testing, production for live |
Also configure your Square app's OAuth redirect URL: https://your-domain.com/api/square/oauth/callback
Optional — Plaid bank sync
Required to enable automatic bank transaction import. Register at dashboard.plaid.com.
| Variable | Description |
|---|---|
PLAID_CLIENT_ID | Your Plaid client ID |
PLAID_SECRET | Your Plaid secret |
PLAID_ENV | sandbox for testing, production for live |
Without Plaid credentials, manual entry and Square/Stripe sync still work fully — Plaid bank linking is simply unavailable.
Stripe (not in .env)
Stripe is configured per-company in the app UI, not in .env. Go to Settings → Stripe Configuration after setup. The key is stored AES-256-GCM encrypted in the database.
Production settings
When NODE_ENV=production, the app enables:
secureflag on session cookies (requires HTTPS)- Same-origin-only API requests (CORS disabled)
- Static file serving from
./public(the Vite build)
The Docker container sets NODE_ENV=production automatically via the Dockerfile.
Example .env
# Required
SESSION_SECRET=your-long-random-session-secret-here
ENCRYPTION_KEY=64-hex-chars-here
# AI features
ANTHROPIC_API_KEY=sk-ant-...
# Square OAuth
SQUARE_APP_ID=sq0idp-...
SQUARE_APP_SECRET=sq0csp-...
SQUARE_ENVIRONMENT=production
# Plaid
PLAID_CLIENT_ID=your-client-id
PLAID_SECRET=your-secret
PLAID_ENV=production