diff --git a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md
index 5bae60b3f4..aeafdd89b2 100644
--- a/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md
+++ b/packages/noco-docs/docs/020.getting-started/050.self-hosted/020.environment-variables.md
@@ -1,140 +1,154 @@
---
-title: 'Environment variables'
+title: 'Environment variables'
description: 'Environment Variables for NocoDB!'
-tags: ['Open Source']
-keywords : ['NocoDB Environment Variables', 'NocoDB env variables', 'NocoDB envs', 'NocoDB .env']
+tags: [ 'Open Source' ]
+keywords: [ 'NocoDB Environment Variables', 'NocoDB env variables', 'NocoDB envs', 'NocoDB .env' ]
---
-For production use cases, it is crucial to set all environment variables marked as **"Mandatory"** to ensure optimal performance, security, and functionality of NocoDB.
+For production use cases, it is crucial to set all environment variables marked as **"Mandatory"** to ensure optimal
+performance, security, and functionality of NocoDB.
## Database
-| Variable | Mandatory | Description | If Not Set |
-| -------- |-----------| ----------- | ---------- |
-| `NC_DB` | Yes | The primary database where all NocoDB metadata and data are stored. Example format: `pg://host.docker.internal:5432?u=username&p=password&d=database_name`. | A local SQLite database will be created in the root folder if `NC_DB` is not specified. |
-| `NC_DB_JSON` | No | Allows setting the database connection using a valid [knex connection JSON string](https://knexjs.org/guide/#configuration-options) instead of `NC_DB`. | |
-| `NC_DB_JSON_FILE` | No | A path to a knex connection JSON file can be used to specify the database connection, as an alternative to `NC_DB`. | |
-| `DATABASE_URL` | No | A [JDBC URL string](https://jdbc.postgresql.org/documentation/use/#connecting-to-the-database) can be used for the database connection instead of `NC_DB`. | |
-| `DATABASE_URL_FILE` | No | A path to a file containing a JDBC URL can be specified for the database connection as an alternative to `NC_DB`. | |
-| `NC_CONNECTION_ENCRYPT_KEY` | No | The key used to encrypt the credentials of external databases.
**Warning:** Changing this variable may break the application. If you must change it, use the CLI as described in the [NocoDB Secret CLI documentation](/data-sources/updating-secret). | Keep connection credentials as plain text in the database if not set. |
+
+| Variable | Mandatory | Description | If Not Set |
+|-----------------------------|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------|
+| `NC_DB` | Yes | The primary database where all NocoDB metadata and data are stored. Example format: `pg://host.docker.internal:5432?u=username&p=password&d=database_name`. | A local SQLite database will be created in the root folder if `NC_DB` is not specified. |
+| `NC_DB_JSON` | No | Allows setting the database connection using a valid [knex connection JSON string](https://knexjs.org/guide/#configuration-options) instead of `NC_DB`. | |
+| `NC_DB_JSON_FILE` | No | A path to a knex connection JSON file can be used to specify the database connection, as an alternative to `NC_DB`. | |
+| `DATABASE_URL` | No | A [JDBC URL string](https://jdbc.postgresql.org/documentation/use/#connecting-to-the-database) can be used for the database connection instead of `NC_DB`. | |
+| `DATABASE_URL_FILE` | No | A path to a file containing a JDBC URL can be specified for the database connection as an alternative to `NC_DB`. | |
+| `NC_CONNECTION_ENCRYPT_KEY` | No | The key used to encrypt the credentials of external databases.
**Warning:** Changing this variable may break the application. If you must change it, use the CLI as described in the [NocoDB Secret CLI documentation](/data-sources/updating-secret). | Keep connection credentials as plain text in the database if not set. |
## Authentication
-| Variable | Mandatory | Description | If Not Set |
-| -------- |-----------| ----------- | ---------- |
-| `NC_AUTH_JWT_SECRET` | Yes | This JWT secret is utilized for generating authentication tokens. | A random secret will be generated automatically. |
-| `NC_JWT_EXPIRES_IN` | No | Specifies the expiration time for JWT tokens. | Defaults to `10h`. |
-| `NC_GOOGLE_CLIENT_ID` | No | Google client ID required to activate Google authentication. | |
-| `NC_GOOGLE_CLIENT_SECRET` | No | Google client secret required to activate Google authentication. | |
-| `NC_ADMIN_EMAIL` | No | Super admin email address. This is useful in case you need to recover your username and password. | An initial prompt for email and password is required when accessing the UI for the first time. |
-| `NC_ADMIN_PASSWORD` | No | Super admin password. Must be at least 8 characters long, including one uppercase letter, one number, and one special character from `$&+,:;=?@#'.^*()%!_-\"`. This is useful for username and password recovery. | |
-| `NC_DISABLE_EMAIL_AUTH` | No | Disables email and password-based authentication, intended for use when Google authentication variables are configured. | |
+
+| Variable | Mandatory | Description | If Not Set |
+|---------------------------|-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------|
+| `NC_AUTH_JWT_SECRET` | Yes | This JWT secret is utilized for generating authentication tokens. | A random secret will be generated automatically. |
+| `NC_JWT_EXPIRES_IN` | No | Specifies the expiration time for JWT tokens. | Defaults to `10h`. |
+| `NC_GOOGLE_CLIENT_ID` | No | Google client ID required to activate Google authentication. | |
+| `NC_GOOGLE_CLIENT_SECRET` | No | Google client secret required to activate Google authentication. | |
+| `NC_ADMIN_EMAIL` | No | Super admin email address. This is useful in case you need to recover your username and password. | An initial prompt for email and password is required when accessing the UI for the first time. |
+| `NC_ADMIN_PASSWORD` | No | Super admin password. Must be at least 8 characters long, including one uppercase letter, one number, and one special character from `$&+,:;=?@#'.^*()%!_-\"`. This is useful for username and password recovery. | |
+| `NC_DISABLE_EMAIL_AUTH` | No | Disables email and password-based authentication, intended for use when Google authentication variables are configured. | |
## Storage
-| Variable | Mandatory | Description | If Not Set |
-| -------- | --------- |----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------|
-| `NC_S3_BUCKET_NAME` | No | The name of the AWS S3 bucket used for the S3 storage plugin. | |
-| `NC_S3_REGION` | No | The AWS S3 region where the S3 storage plugin bucket is located. | |
-| `NC_S3_ENDPOINT` | No | S3 endpoint for S3 storage plugin. | Defaults to `s3..amazonaws.com` |
-| `NC_S3_ACCESS_KEY` | No | The AWS access key ID required for the S3 storage plugin. | |
-| `NC_S3_ACCESS_SECRET` | No | The AWS access secret associated with the S3 storage plugin. | |
-| `NC_S3_FORCE_PATH_STYLE` | No | Whether to force [path-style requests](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#path-style-access) for the S3 storage plugin. | |
-| `NC_S3_ACL` | No | The [ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html) for the objects in S3 | | |
-| `NC_ATTACHMENT_FIELD_SIZE` | No | Maximum file size allowed for [attachments](/fields/field-types/custom-types/attachment/) in bytes. | Defaults to `20971520` (20 MiB). |
-| `NC_MAX_ATTACHMENTS_ALLOWED` | No | Maximum number of attachments allowed per cell. | Defaults to `10`. |
-| `NC_ATTACHMENT_RETENTION_DAYS` | No | Number of days to retain attachment on storage after all references deleted. (Set 0 to keep forever) | Defaults to `10`. |
-| `NC_SECURE_ATTACHMENTS` | No | Enables access to attachments only through pre-signed URLs. Set to `true` to activate; all other values are treated as `false`. ⚠ Note: Enabling this will make existing links inaccessible. | Defaults to `false`. |
-| `NC_ATTACHMENT_EXPIRE_SECONDS` | No | Time in seconds after which pre-signed URLs for attachments start to expire. The actual expiration will occur after this time plus an additional 10 minutes. Only applicable if `NC_SECURE_ATTACHMENTS` is enabled. | Defaults to `7200` (2 hours). |
+
+| Variable | Mandatory | Description | If Not Set |
+|--------------------------------|-----------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------|
+| `NC_S3_BUCKET_NAME` | No | The name of the AWS S3 bucket used for the S3 storage plugin. | |
+| `NC_S3_REGION` | No | The AWS S3 region where the S3 storage plugin bucket is located. | |
+| `NC_S3_ENDPOINT` | No | S3 endpoint for S3 storage plugin. | Defaults to `s3..amazonaws.com` |
+| `NC_S3_ACCESS_KEY` | No | The AWS access key ID for the S3 storage plugin. Required if no role access in use. | |
+| `NC_S3_ACCESS_SECRET` | No | The AWS access secret associated with the S3 storage plugin. Required if no role access in use. | |
+| `NC_S3_FORCE_PATH_STYLE` | No | Whether to force [path-style requests](https://docs.aws.amazon.com/AmazonS3/latest/userguide/VirtualHosting.html#path-style-access) for the S3 storage plugin. | |
+| `NC_S3_ACL` | No | The [ACL](https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html) for the objects in S3 | |
+| `NC_ATTACHMENT_FIELD_SIZE` | No | Maximum file size allowed for [attachments](/fields/field-types/custom-types/attachment/) in bytes. | Defaults to `20971520` (20 MiB). |
+| `NC_MAX_ATTACHMENTS_ALLOWED` | No | Maximum number of attachments allowed per cell. | Defaults to `10`. |
+| `NC_ATTACHMENT_RETENTION_DAYS` | No | Number of days to retain attachment on storage after all references deleted. (Set 0 to keep forever) | Defaults to `10`. |
+| `NC_SECURE_ATTACHMENTS` | No | Enables access to attachments only through pre-signed URLs. Set to `true` to activate; all other values are treated as `false`. ⚠ Note: Enabling this will make existing links inaccessible. | Defaults to `false`. |
+| `NC_ATTACHMENT_EXPIRE_SECONDS` | No | Time in seconds after which pre-signed URLs for attachments start to expire. The actual expiration will occur after this time plus an additional 10 minutes. Only applicable if `NC_SECURE_ATTACHMENTS` is enabled. | Defaults to `7200` (2 hours). |
## Email Notifications
+
- The following SMTP variables are used to send email notifications to users, e.g., invites.
-| Variable | Mandatory | Description | If Not Set |
-| -------- |-----------| ----------- | ---------- |
-| `NC_SMTP_FROM` | Yes | The email address used as the sender for the SMTP plugin. | |
-| `NC_SMTP_HOST` | Yes | The hostname of the email server for the SMTP plugin. | |
-| `NC_SMTP_PORT` | Yes | The network port of the email server for the SMTP plugin. | |
-| `NC_SMTP_USERNAME` | Yes | The username for authentication with the SMTP plugin. | |
-| `NC_SMTP_PASSWORD` | Yes | The password for authentication with the SMTP plugin. | |
-| `NC_SMTP_SECURE` | Yes | Enables secure authentication for the SMTP plugin. Set to `true` to enable; all other values are considered `false`. | |
-| `NC_SMTP_IGNORE_TLS` | Yes | Ignores TLS for the SMTP plugin. Set to `true` to ignore TLS; all other values are considered `false`. For more details, see [Nodemailer's SMTP documentation](https://nodemailer.com/smtp/). | |
+| Variable | Mandatory | Description | If Not Set |
+|----------------------|-----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------|
+| `NC_SMTP_FROM` | Yes | The email address used as the sender for the SMTP plugin. | |
+| `NC_SMTP_HOST` | Yes | The hostname of the email server for the SMTP plugin. | |
+| `NC_SMTP_PORT` | Yes | The network port of the email server for the SMTP plugin. | |
+| `NC_SMTP_USERNAME` | Yes | The username for authentication with the SMTP plugin. | |
+| `NC_SMTP_PASSWORD` | Yes | The password for authentication with the SMTP plugin. | |
+| `NC_SMTP_SECURE` | Yes | Enables secure authentication for the SMTP plugin. Set to `true` to enable; all other values are considered `false`. | |
+| `NC_SMTP_IGNORE_TLS` | Yes | Ignores TLS for the SMTP plugin. Set to `true` to ignore TLS; all other values are considered `false`. For more details, see [Nodemailer's SMTP documentation](https://nodemailer.com/smtp/). | |
## Backend
-| Variable | Mandatory | Description | If Not Set |
-| -------- | --------- | ----------- | ---------- |
-| `PORT` | No | Specifies the network port on which NocoDB will run. | Defaults to `8080`. |
-| `NODE_OPTIONS` | No | Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to pass to the instance. | |
+
+| Variable | Mandatory | Description | If Not Set |
+|----------------|-----------|-------------------------------------------------------------------------------------------------|---------------------|
+| `PORT` | No | Specifies the network port on which NocoDB will run. | Defaults to `8080`. |
+| `NODE_OPTIONS` | No | Node.js [options](https://nodejs.org/api/cli.html#node_optionsoptions) to pass to the instance. | |
## Frontend
-| Variable | Mandatory | Description | If Not Set |
-| -------- | --------- | ----------- | ---------- |
-| `NC_PUBLIC_URL` | No | This is the base URL used for constructing URLs in email templates, generating the Swagger documentation URL, and handling backend URL requirements. It should be set to your public-facing NocoDB URL to ensure consistency across the application. | By default, it infers the URL from the incoming request on the backend. If the server is behind a proxy, this may result in incorrect URLs. |
-| `NC_DASHBOARD_URL` | No | Defines a custom dashboard URL path. | Defaults to `/dashboard`. |
-| `NUXT_PUBLIC_NC_BACKEND_URL` | No | Specifies a custom backend URL. | Defaults to `http://localhost:8080`. |
+
+| Variable | Mandatory | Description | If Not Set |
+|------------------------------|-----------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
+| `NC_PUBLIC_URL` | No | This is the base URL used for constructing URLs in email templates, generating the Swagger documentation URL, and handling backend URL requirements. It should be set to your public-facing NocoDB URL to ensure consistency across the application. | By default, it infers the URL from the incoming request on the backend. If the server is behind a proxy, this may result in incorrect URLs. |
+| `NC_DASHBOARD_URL` | No | Defines a custom dashboard URL path. | Defaults to `/dashboard`. |
+| `NUXT_PUBLIC_NC_BACKEND_URL` | No | Specifies a custom backend URL. | Defaults to `http://localhost:8080`. |
## Cache
-| Variable | Mandatory | Description | If Not Set |
-| -------- |-----------|--------------------------------------------------------------------------------------------------|--------------------------|
+
+| Variable | Mandatory | Description | If Not Set |
+|----------------|-----------|--------------------------------------------------------------------------------------------------|--------------------------|
| `NC_REDIS_URL` | Yes | Specifies the Redis URL used for caching.
Eg: `redis://:authpassword@127.0.0.1:6380/4` | Caching layer of backend |
## Product Configuration
-| Variable | Mandatory | Description | If Not Set |
-| -------- | --------- |-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|
-| `DB_QUERY_LIMIT_DEFAULT` | No | Default pagination limit for data tables. | Defaults to `25`. Maximum is `100` |
-| `DB_QUERY_LIMIT_GROUP_BY_GROUP` | No | Number of groups per page. | Defaults to `10`. |
-| `DB_QUERY_LIMIT_GROUP_BY_RECORD` | No | Number of records per group. | Defaults to `10`. |
-| `DB_QUERY_LIMIT_MAX` | No | Maximum allowable pagination limit. | Defaults to `1000`. |
-| `DB_QUERY_LIMIT_MIN` | No | Minimum allowable pagination limit. | Defaults to `10` |
-| `NC_CONNECT_TO_EXTERNAL_DB_DISABLED` | No | Disables the ability to create bases on external databases. | |
-| `NC_INVITE_ONLY_SIGNUP` | No | Disables public signup; signup is possible only via invitations. Integrated into the [super admin settings menu](/account-settings/oss-specific-details#enable--disable-signup) as of version 0.99.0. | |
-| `NC_REQUEST_BODY_SIZE` | No | Maximum bytes allowed in the request body, based on [ExpressJS limits](https://expressjs.com/en/resources/middleware/body-parser.html#limit). | Defaults to `1048576` (1 MB). |
-| `NC_EXPORT_MAX_TIMEOUT` | No | Sets a timeout in milliseconds for downloading CSVs in batches if not completed within this period. | Defaults to `5000` (5 seconds). |
-| `NC_ALLOW_LOCAL_HOOKS` | No | Allows webhooks to call local network links, posing potential security risks. Set to `true` to enable; all other values are considered `false`. | Defaults to `false`. |
-| `NC_SANITIZE_COLUMN_NAME` | No | Enables sanitization of column names during their creation to prevent SQL injection and other security issues. | Defaults to `true`. |
-| `NC_TOOL_DIR` | No | Specifies the directory to store metadata and app-related files. In Docker setups, this maps to `/usr/app/data/` for mounting volumes. | Defaults to the current working directory. |
-| `NC_DISABLE_PG_DATA_REFLECTION` | No | Disables the creation of a schema for each base in PostgreSQL. [Click here for more detail](#postgres-data-reflection) | |
-| `NC_MIGRATIONS_DISABLED` | No | Disables NocoDB migrations. | |
-| `NC_DISABLE_AUDIT` | No | Disables the audit log feature. | Defaults to `false`. |
-| `NC_AUTOMATION_LOG_LEVEL` | No | Configures logging levels for automation features. Possible values: `OFF`, `ERROR`, `ALL`. More details can be found under [Webhooks](/automation/webhook/create-webhook). | Defaults to `OFF`. |
-### Postgres Data Reflection
+| Variable | Mandatory | Description | If Not Set |
+|--------------------------------------|-----------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------|
+| `DB_QUERY_LIMIT_DEFAULT` | No | Default pagination limit for data tables. | Defaults to `25`. Maximum is `100` |
+| `DB_QUERY_LIMIT_GROUP_BY_GROUP` | No | Number of groups per page. | Defaults to `10`. |
+| `DB_QUERY_LIMIT_GROUP_BY_RECORD` | No | Number of records per group. | Defaults to `10`. |
+| `DB_QUERY_LIMIT_MAX` | No | Maximum allowable pagination limit. | Defaults to `1000`. |
+| `DB_QUERY_LIMIT_MIN` | No | Minimum allowable pagination limit. | Defaults to `10` |
+| `NC_CONNECT_TO_EXTERNAL_DB_DISABLED` | No | Disables the ability to create bases on external databases. | |
+| `NC_INVITE_ONLY_SIGNUP` | No | Disables public signup; signup is possible only via invitations. Integrated into the [super admin settings menu](/account-settings/oss-specific-details#enable--disable-signup) as of version 0.99.0. | |
+| `NC_REQUEST_BODY_SIZE` | No | Maximum bytes allowed in the request body, based on [ExpressJS limits](https://expressjs.com/en/resources/middleware/body-parser.html#limit). | Defaults to `1048576` (1 MB). |
+| `NC_EXPORT_MAX_TIMEOUT` | No | Sets a timeout in milliseconds for downloading CSVs in batches if not completed within this period. | Defaults to `5000` (5 seconds). |
+| `NC_ALLOW_LOCAL_HOOKS` | No | Allows webhooks to call local network links, posing potential security risks. Set to `true` to enable; all other values are considered `false`. | Defaults to `false`. |
+| `NC_SANITIZE_COLUMN_NAME` | No | Enables sanitization of column names during their creation to prevent SQL injection and other security issues. | Defaults to `true`. |
+| `NC_TOOL_DIR` | No | Specifies the directory to store metadata and app-related files. In Docker setups, this maps to `/usr/app/data/` for mounting volumes. | Defaults to the current working directory. |
+| `NC_DISABLE_PG_DATA_REFLECTION` | No | Disables the creation of a schema for each base in PostgreSQL. [Click here for more detail](#postgres-data-reflection) | |
+| `NC_MIGRATIONS_DISABLED` | No | Disables NocoDB migrations. | |
+| `NC_DISABLE_AUDIT` | No | Disables the audit log feature. | Defaults to `false`. |
+| `NC_AUTOMATION_LOG_LEVEL` | No | Configures logging levels for automation features. Possible values: `OFF`, `ERROR`, `ALL`. More details can be found under [Webhooks](/automation/webhook/create-webhook). | Defaults to `OFF`. |
-NocoDB UI is exactly what's in your Postgres database schema. Same tables, same columns—everything is perfectly mirrored. This is done by creating a schema for each base in PostgreSQL. This feature is enabled by default if the user has the required permissions. To disable it, set the `NC_DISABLE_PG_DATA_REFLECTION` environment variable to `false`.
+### Postgres Data Reflection
+NocoDB UI is exactly what's in your Postgres database schema. Same tables, same columns—everything is perfectly
+mirrored. This is done by creating a schema for each base in PostgreSQL. This feature is enabled by default if the user
+has the required permissions. To disable it, set the `NC_DISABLE_PG_DATA_REFLECTION` environment variable to `false`.
## Logging & Monitoring
-| Variable | Mandatory | Description | If Not Set |
-| -------- | --------- |---------------------------------------------------------------------------------------|------------|
-| `NC_SENTRY_DSN` | No | Data Source Name (DSN) for integrating with Sentry for monitoring and error tracking. | |
-| `NC_DISABLE_ERR_REPORTS` | No | Disable default Sentry error reporting. | TRUE |
+
+| Variable | Mandatory | Description | If Not Set |
+|--------------------------|-----------|---------------------------------------------------------------------------------------|------------|
+| `NC_SENTRY_DSN` | No | Data Source Name (DSN) for integrating with Sentry for monitoring and error tracking. | |
+| `NC_DISABLE_ERR_REPORTS` | No | Disable default Sentry error reporting. | TRUE |
## Debugging Only
-| Variable | Mandatory | Description | If Not Set |
-| -------- | --------- | ----------- | ---------- |
-| `NC_DISABLE_CACHE` | No | Disables caching to force metadata fetching directly from the database instead of Redis/cache. Recommended only during debugging. | Defaults to `false`. |
+
+| Variable | Mandatory | Description | If Not Set |
+|--------------------|-----------|-----------------------------------------------------------------------------------------------------------------------------------|----------------------|
+| `NC_DISABLE_CACHE` | No | Disables caching to force metadata fetching directly from the database instead of Redis/cache. Recommended only during debugging. | Defaults to `false`. |
## Telemetry
-| Variable | Mandatory | Description | If Not Set |
-| -------- | --------- | ----------- | ---------- |
-| `NC_DISABLE_TELE` | No | Disables the telemetry to prevent sending anonymous usage data. Please keep it enabled to help us understand the usage of the product and the impact that any new breaking change can cause. | |
+
+| Variable | Mandatory | Description | If Not Set |
+|-------------------|-----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------|
+| `NC_DISABLE_TELE` | No | Disables the telemetry to prevent sending anonymous usage data. Please keep it enabled to help us understand the usage of the product and the impact that any new breaking change can cause. | |
## Litestream
+
> Litestream is used **only** when `NC_DB` is set to SQLite. It backs up the SQLite database and stores it in S3.
-| Variable | Mandatory | Description | If Not Set |
-| -------- | --------- | ----------- | ---------- |
-| `LITESTREAM_S3_ENDPOINT` | No | URL of an S3-compatible object storage service endpoint for [Litestream](https://litestream.io/) replication of NocoDB's default SQLite database. Example: `s3.eu-central-1.amazonaws.com`. | Defaults to [AWS S3](https://aws.amazon.com/s3/). |
-| `LITESTREAM_S3_REGION` | No | AWS region of the Litestream replication object storage bucket. Note that `LITESTREAM_S3_ENDPOINT` takes precedence if configured (the endpoint URL includes the region). | Defaults to the [default region configured in AWS](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-region.html). |
-| `LITESTREAM_S3_BUCKET` | No | Name of the object storage bucket to store the Litestream replication in. | *Litestream replication is disabled if this variable is not set.* |
-| `LITESTREAM_S3_PATH` | No | Directory path to use within the Litestream replication object storage bucket. | Defaults to `nocodb`. |
-| `LITESTREAM_S3_ACCESS_KEY_ID` | No | Authentication key ID for the Litestream replication object storage bucket. | *Litestream replication is disabled if this variable is not set.* |
-| `LITESTREAM_S3_SECRET_ACCESS_KEY` | No | Authentication secret for the Litestream replication object storage bucket. | *Litestream replication is disabled if this variable is not set.* |
-| `LITESTREAM_S3_SKIP_VERIFY` | No | Whether to disable TLS verification for the Litestream replication object storage service. Useful when testing against a local node such as MinIO and you are using self-signed certificates. | Defaults to `false`. |
-| `LITESTREAM_RETENTION` | No | Amount of time Litestream snapshot and WAL files are kept. After the retention period, a new snapshot is created and the old one is removed. WAL files that exist before the oldest snapshot will also be removed. | Defaults to `1440h` (60 days). |
-| `LITESTREAM_RETENTION_CHECK_INTERVAL` | No | Frequency in which Litestream will check if retention needs to be enforced. | Defaults to `72h` (3 days). |
-| `LITESTREAM_SNAPSHOT_INTERVAL` | No | Frequency in which new Litestream snapshots are created. A higher frequency reduces the time to restore since newer snapshots will have fewer WAL frames to apply. Retention still applies to these snapshots. | Defaults to `24h` (1 day). |
-| `LITESTREAM_SYNC_INTERVAL` | No | Frequency in which frames are pushed to the Litestream replica. Increasing this frequency can increase object storage costs significantly. | Defaults to `60s` (1 minute). |
-| `LITESTREAM_AGE_PUBLIC_KEY` | No | [age](https://age-encryption.org/) public key generated by `age-keygen` (`age1...`) or SSH public key (`ssh-ed25519 AAAA...`, `ssh-rsa AAAA...`) used to encrypt the Litestream replication for. Refer to the relevant [Litestream documentation](https://litestream.io/reference/config/#encryption) for details. | *Litestream replication is unencrypted if this variable is not set.* |
-| `LITESTREAM_AGE_SECRET_KEY` | No | [age](https://age-encryption.org/) secret key (`AGE-SECRET-KEY-1...`) used to encrypt the Litestream replication with. Refer to the relevant [Litestream documentation](https://litestream.io/reference/config/#encryption) for details. | *Litestream replication is unencrypted if this variable is not set.* |
-| `AWS_ACCESS_KEY_ID` | No | ***Deprecated***. Please use `LITESTREAM_S3_ACCESS_KEY_ID` instead. | |
-| `AWS_SECRET_ACCESS_KEY` | No | ***Deprecated***. Please use `LITESTREAM_S3_SECRET_ACCESS_KEY` instead. | |
-| `AWS_BUCKET` | No | ***Deprecated***. Please use `LITESTREAM_S3_BUCKET` instead. | |
-| `AWS_BUCKET_PATH` | No | ***Deprecated***. Please use `LITESTREAM_S3_PATH` instead. | |
+| Variable | Mandatory | Description | If Not Set |
+|---------------------------------------|-----------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------|
+| `LITESTREAM_S3_ENDPOINT` | No | URL of an S3-compatible object storage service endpoint for [Litestream](https://litestream.io/) replication of NocoDB's default SQLite database. Example: `s3.eu-central-1.amazonaws.com`. | Defaults to [AWS S3](https://aws.amazon.com/s3/). |
+| `LITESTREAM_S3_REGION` | No | AWS region of the Litestream replication object storage bucket. Note that `LITESTREAM_S3_ENDPOINT` takes precedence if configured (the endpoint URL includes the region). | Defaults to the [default region configured in AWS](https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-plan-region.html). |
+| `LITESTREAM_S3_BUCKET` | No | Name of the object storage bucket to store the Litestream replication in. | *Litestream replication is disabled if this variable is not set.* |
+| `LITESTREAM_S3_PATH` | No | Directory path to use within the Litestream replication object storage bucket. | Defaults to `nocodb`. |
+| `LITESTREAM_S3_ACCESS_KEY_ID` | No | Authentication key ID for the Litestream replication object storage bucket. | *Litestream replication is disabled if this variable is not set.* |
+| `LITESTREAM_S3_SECRET_ACCESS_KEY` | No | Authentication secret for the Litestream replication object storage bucket. | *Litestream replication is disabled if this variable is not set.* |
+| `LITESTREAM_S3_SKIP_VERIFY` | No | Whether to disable TLS verification for the Litestream replication object storage service. Useful when testing against a local node such as MinIO and you are using self-signed certificates. | Defaults to `false`. |
+| `LITESTREAM_RETENTION` | No | Amount of time Litestream snapshot and WAL files are kept. After the retention period, a new snapshot is created and the old one is removed. WAL files that exist before the oldest snapshot will also be removed. | Defaults to `1440h` (60 days). |
+| `LITESTREAM_RETENTION_CHECK_INTERVAL` | No | Frequency in which Litestream will check if retention needs to be enforced. | Defaults to `72h` (3 days). |
+| `LITESTREAM_SNAPSHOT_INTERVAL` | No | Frequency in which new Litestream snapshots are created. A higher frequency reduces the time to restore since newer snapshots will have fewer WAL frames to apply. Retention still applies to these snapshots. | Defaults to `24h` (1 day). |
+| `LITESTREAM_SYNC_INTERVAL` | No | Frequency in which frames are pushed to the Litestream replica. Increasing this frequency can increase object storage costs significantly. | Defaults to `60s` (1 minute). |
+| `LITESTREAM_AGE_PUBLIC_KEY` | No | [age](https://age-encryption.org/) public key generated by `age-keygen` (`age1...`) or SSH public key (`ssh-ed25519 AAAA...`, `ssh-rsa AAAA...`) used to encrypt the Litestream replication for. Refer to the relevant [Litestream documentation](https://litestream.io/reference/config/#encryption) for details. | *Litestream replication is unencrypted if this variable is not set.* |
+| `LITESTREAM_AGE_SECRET_KEY` | No | [age](https://age-encryption.org/) secret key (`AGE-SECRET-KEY-1...`) used to encrypt the Litestream replication with. Refer to the relevant [Litestream documentation](https://litestream.io/reference/config/#encryption) for details. | *Litestream replication is unencrypted if this variable is not set.* |
+| `AWS_ACCESS_KEY_ID` | No | ***Deprecated***. Please use `LITESTREAM_S3_ACCESS_KEY_ID` instead. | |
+| `AWS_SECRET_ACCESS_KEY` | No | ***Deprecated***. Please use `LITESTREAM_S3_SECRET_ACCESS_KEY` instead. | |
+| `AWS_BUCKET` | No | ***Deprecated***. Please use `LITESTREAM_S3_BUCKET` instead. | |
+| `AWS_BUCKET_PATH` | No | ***Deprecated***. Please use `LITESTREAM_S3_PATH` instead. | |
diff --git a/packages/nocodb/src/helpers/NcPluginMgrv2.ts b/packages/nocodb/src/helpers/NcPluginMgrv2.ts
index 825547fc22..c9bf57212c 100644
--- a/packages/nocodb/src/helpers/NcPluginMgrv2.ts
+++ b/packages/nocodb/src/helpers/NcPluginMgrv2.ts
@@ -118,28 +118,27 @@ class NcPluginMgrv2 {
/*
* NC_S3_BUCKET_NAME
* NC_S3_REGION
- * NC_S3_ACCESS_KEY
- * NC_S3_ACCESS_SECRET
* */
if (
process.env.NC_S3_BUCKET_NAME &&
- process.env.NC_S3_REGION &&
- process.env.NC_S3_ACCESS_KEY &&
- process.env.NC_S3_ACCESS_SECRET
+ process.env.NC_S3_REGION
) {
const s3Plugin = await Plugin.getPluginByTitle(S3PluginConfig.title);
+ const s3CfgData: Record = {
+ bucket: process.env.NC_S3_BUCKET_NAME,
+ region: process.env.NC_S3_REGION,
+ endpoint: process.env.NC_S3_ENDPOINT,
+ force_path_style: process.env.NC_S3_FORCE_PATH_STYLE === 'true',
+ acl: process.env.NC_S3_ACL,
+ }
+ if (process.env.NC_S3_ACCESS_KEY && process.env.NC_S3_ACCESS_SECRET) {
+ s3CfgData.access_key = process.env.NC_S3_ACCESS_KEY
+ s3CfgData.access_secret = process.env.NC_S3_ACCESS_SECRET
+ }
await Plugin.update(s3Plugin.id, {
active: true,
- input: JSON.stringify({
- bucket: process.env.NC_S3_BUCKET_NAME,
- region: process.env.NC_S3_REGION,
- endpoint: process.env.NC_S3_ENDPOINT,
- access_key: process.env.NC_S3_ACCESS_KEY,
- access_secret: process.env.NC_S3_ACCESS_SECRET,
- force_path_style: process.env.NC_S3_FORCE_PATH_STYLE === 'true',
- acl: process.env.NC_S3_ACL,
- }),
+ input: JSON.stringify(s3CfgData),
});
}
diff --git a/packages/nocodb/src/plugins/GenericS3/GenericS3.ts b/packages/nocodb/src/plugins/GenericS3/GenericS3.ts
index bfc46610c2..104f2d012f 100644
--- a/packages/nocodb/src/plugins/GenericS3/GenericS3.ts
+++ b/packages/nocodb/src/plugins/GenericS3/GenericS3.ts
@@ -14,21 +14,21 @@ import type { PutObjectRequest, S3 as S3Client } from '@aws-sdk/client-s3';
import type { IStorageAdapterV2, XcFile } from '~/types/nc-plugin';
import { generateTempFilePath, waitForStreamClose } from '~/utils/pluginUtils';
-interface GenerocObjectStorageInput {
+interface GenericObjectStorageInput {
bucket: string;
region?: string;
- access_key: string;
- access_secret: string;
+ access_key?: string;
+ access_secret?: string;
}
export default class GenericS3 implements IStorageAdapterV2 {
public name;
protected s3Client: S3Client;
- protected input: GenerocObjectStorageInput;
+ protected input: GenericObjectStorageInput;
- constructor(input: unknown) {
- this.input = input as GenerocObjectStorageInput;
+ constructor(input: GenericObjectStorageInput) {
+ this.input = input;
}
protected get defaultParams() {
diff --git a/packages/nocodb/src/plugins/s3/S3.ts b/packages/nocodb/src/plugins/s3/S3.ts
index 28c82b293a..d9543a5230 100644
--- a/packages/nocodb/src/plugins/s3/S3.ts
+++ b/packages/nocodb/src/plugins/s3/S3.ts
@@ -7,8 +7,8 @@ import GenericS3 from '~/plugins/GenericS3/GenericS3';
interface S3Input {
bucket: string;
region: string;
- access_key: string;
- access_secret: string;
+ access_key?: string;
+ access_secret?: string;
endpoint?: string;
acl?: string;
force_path_style?: boolean;
@@ -48,13 +48,16 @@ export default class S3 extends GenericS3 implements IStorageAdapterV2 {
public async init(): Promise {
const s3Options: S3ClientConfig = {
region: this.input.region,
- credentials: {
- accessKeyId: this.input.access_key,
- secretAccessKey: this.input.access_secret,
- },
forcePathStyle: this.input.force_path_style ?? false,
};
+ if (this.input.access_key && this.input.access_secret) {
+ s3Options.credentials = {
+ accessKeyId: this.input.access_key,
+ secretAccessKey: this.input.access_secret,
+ }
+ }
+
if (this.input.endpoint) {
s3Options.endpoint = this.input.endpoint;
}
diff --git a/packages/nocodb/src/plugins/s3/index.ts b/packages/nocodb/src/plugins/s3/index.ts
index 4bb4df7a05..1bceb96aef 100644
--- a/packages/nocodb/src/plugins/s3/index.ts
+++ b/packages/nocodb/src/plugins/s3/index.ts
@@ -38,14 +38,14 @@ const config: XcPluginConfig = {
label: 'Access Key',
placeholder: 'Access Key',
type: XcType.SingleLineText,
- required: true,
+ required: false,
},
{
key: 'access_secret',
label: 'Access Secret',
placeholder: 'Access Secret',
type: XcType.Password,
- required: true,
+ required: false,
},
{
key: 'acl',