Skip to main content
This is the configuration reference for your Production License. Use these environment variables to control launcher behavior, public access, branding, authentication, email delivery, etc. Set these values in your runtime .env or enterprise.env file before starting the deployment.

Enterprise launcher

The enterprise launcher starts and coordinates the services in your production stack. Use these variables to connect the launcher to shared infrastructure and provide the license used at startup.
.env
ENTERPRISE_POSTGRES_URL=postgres://user:password@host:5432/postgres?sslmode=require
ENTERPRISE_REDIS_URL=redis://host:6379/0
ENTERPRISE_LICENSE_B64=your_base64_license_string

# Core and Cloud use separate databases on the Postgres instance above
# Defaults: blnk (Core ledger) and blnk-cloud (Cloud Dashboard)
ENTERPRISE_CORE_DB_NAME=blnk
ENTERPRISE_PLANE_DB_NAME=blnk-cloud
Environment variableDescription
ENTERPRISE_POSTGRES_URLPostgres connection string used by the launcher to derive the Core and Plane database connections. Point this at the Postgres server that hosts both databases.
ENTERPRISE_REDIS_URLRedis connection string passed to Core for queueing, caching, and other Redis-backed runtime work.
ENTERPRISE_LICENSE_B64Base64-encoded license string from your onboarding email. To use a mounted license file instead, set ENTERPRISE_LICENSE_FILE to the path of your .lic file.
ENTERPRISE_CORE_DB_NAMEName of the Postgres database the launcher assigns to Blnk Core ledger data.
ENTERPRISE_PLANE_DB_NAMEName of the Postgres database the launcher assigns to Plane, which powers the Cloud Dashboard.

Public app configuration

These variables control how users reach the deployment and how the launcher connects the internal services. Use the public values for browser access and the internal port values only when you need to change service bindings.
.env
ENTERPRISE_PUBLIC_PORT=8080
ENTERPRISE_PUBLIC_URL=https://ledger.yourdomain.com
ENTERPRISE_CORE_PORT=5001
ENTERPRISE_WORKERS_PORT=5004
ENTERPRISE_UI_PORT=3001
Environment variableDescription
ENTERPRISE_PUBLIC_PORTPort the launcher exposes for the public Plane gateway. Map your host or load balancer to this port when running the deployment.
ENTERPRISE_PUBLIC_URLPublic URL where users open the Cloud Dashboard, including the scheme such as https://. Use the same origin in CORS_ORIGINS.
ENTERPRISE_CORE_PORTInternal port used by the Blnk Core API process.
ENTERPRISE_WORKERS_PORTInternal port used by the Core workers monitoring endpoint.
ENTERPRISE_UI_PORTInternal port used by the Cloud Dashboard UI process.

Branding

Customize the Cloud Dashboard theme to match your brand colours. Set your organization name and primary colour so the dashboard feels like your product, not a generic install.
.env
ENTERPRISE_BRAND_NAME=Acme Ledger
ENTERPRISE_BRAND_PRIMARY_COLOR="#A34EF4"
Environment variableDescription
ENTERPRISE_BRAND_NAMEDisplay name used for your deployment in the Cloud Dashboard.
ENTERPRISE_BRAND_PRIMARY_COLORPrimary accent color used by the Cloud Dashboard UI. Use a six-digit hex color value, such as "#A34EF4".

Security & authentication

These variables configure browser access, local authentication, and encryption for Plane.
.env
CORS_ORIGINS=http://localhost:8080,http://localhost:3001
JWT_SECRET=thisisasecret
BLNK_ENCRYPTION_KEY=0123456789abcdef0123456789abcdef
Environment variableDescription
CORS_ORIGINSComma-separated list of browser origins allowed to call the Plane API. Do not include spaces. Include ENTERPRISE_PUBLIC_URL so the Cloud Dashboard can reach the API.
JWT_SECRETStrong random secret used to sign and verify local authentication tokens. Store this as a secret and keep it stable across restarts.
BLNK_ENCRYPTION_KEYUnique 32-character key used to encrypt sensitive data, including instance connection keys. Do not change it after deployment because existing encrypted data may become unreadable.

Email settings

Configure SMTP so Plane can send login alerts, password resets, and other Cloud notifications from your deployment. If you do not already have an SMTP provider, services such as Resend, SendGrid, or Amazon SES can be used.
SMTP is optional. You can skip these variables if you do not need email notifications yet.
.env
EMAIL_PROVIDER=smtp
SMTP_HOST=
SMTP_PORT=587
SMTP_AUTH_USERNAME=
SMTP_AUTH_PASSWORD=
SMTP_TLS_MODE=auto
SMTP_SKIP_TLS_VERIFY=false
Environment variableDescription
EMAIL_PROVIDEREmail transport Plane should use. Set this to smtp, or leave it unset so Plane uses SMTP when SMTP_HOST is configured.
SMTP_HOSTHostname of the SMTP server that sends mail for your deployment.
SMTP_PORTPort your SMTP server listens on. Use the value required by your provider.
SMTP_AUTH_USERNAMEUsername used for SMTP authentication. Some providers require a fixed username such as resend.
SMTP_AUTH_PASSWORDPassword or API key used for SMTP authentication. Store this as a secret.
SMTP_TLS_MODETLS mode Plane uses for the SMTP connection. Use auto for STARTTLS-capable servers unless your provider requires another supported mode.
SMTP_SKIP_TLS_VERIFYWhether to skip TLS certificate verification. Use false in production.

Watch settings

Configure Git-based rule loading for your Watch service. When WATCH_SCRIPT_GIT_REPO is set, Watch clones the repository, loads .ws rule files from it, and keeps the local copy in sync. For additional Watch settings, see Watch configuration.
.env
WATCH_SCRIPT_GIT_REPO=
WATCH_SCRIPT_GIT_BRANCH=main
WATCH_SCRIPT_GIT_USERNAME=git
WATCH_SCRIPT_GIT_TOKEN=
Environment variableDescription
WATCH_SCRIPT_GIT_REPOGit repository URL containing Watch rule files. When set, Watch loads rules from this repository instead of relying only on local files.
WATCH_SCRIPT_GIT_BRANCHGit branch Watch tracks when WATCH_SCRIPT_GIT_REPO is set. Use the branch that contains the rules for this deployment.
WATCH_SCRIPT_GIT_USERNAMEUsername used to authenticate when cloning a private rules repository over HTTPS.
WATCH_SCRIPT_GIT_TOKENPersonal access token or password used with WATCH_SCRIPT_GIT_USERNAME for private repository access. Store this as a secret.