Skip to content

Configuration

Plume is configured entirely through environment variables. There is no .env.example, no config file, and no .env loading — set the variables in your process environment (or your docker-compose.yml). Everything has a sensible default except your database URL and the two signing/encryption secrets.

Variable Notes
PLUME_DATABASE_URL Postgres connection string (DSN). The app exits at startup if it is unset.
PLUME_COOKIE_SECRET Key used to sign session cookies. Must be at least 32 bytes.
PLUME_SECRET_KEY AES key that encrypts stored secrets at rest. Must be exactly 32 bytes.
Variable Notes
PLUME_ADMIN_EMAIL Bootstraps the first admin user on the initial boot. No-op if an admin already exists.
PLUME_ADMIN_PASSWORD Password for the bootstrap admin user.
PLUME_BASE_URL Public URL used in email links. Default http://localhost:8080.
PLUME_ADDR Listen address. Default :8080.
PLUME_SECURE_COOKIES Set to true to mark cookies Secure (use when serving behind HTTPS).

Provider credentials are not environment variables. Your email provider credentials — Amazon SES (region, access key id, secret) or SMTP (host, port, username, password) — and your Anthropic API key for the AI assistant are entered in the app under Settings. Plume encrypts them at rest with AES using PLUME_SECRET_KEY, so they are never stored in plaintext and never live in your shell history or compose file.

This means there are no SES_*, SMTP_*, AWS_*, or Anthropic-key environment variables — connect those providers from the running app instead. See Connecting Amazon SES or Email providers for SMTP.