> ## Documentation Index > Fetch the complete documentation index at: https://docs.manthan.systems/llms.txt > Use this file to discover all available pages before exploring further. # Docker Variables > Environment variables used in docker-compose.yml and the Docker images ## Overview The Parmana Docker stack uses two types of variables: 1. **Compose variables** — consumed by `docker-compose.yml` itself to configure service behavior 2. **Server variables** — passed to the `server` container and read by the governance server *** ## docker-compose.yml variables These variables are read by Docker Compose directly and are not passed to the containers as environment variables (unless also listed in the `environment` section of a service). | Variable | Required | Description | | ------------------- | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | | `POSTGRES_PASSWORD` | **Yes** | Password for the `Parmana` Postgres user. Used in both the `postgres` service (`POSTGRES_PASSWORD`) and the `AUDIT_DATABASE_URL` in the `server` service. | | `PARMANA_API_KEY` | Recommended | API key for the governance server. Passed to the `server` service as `PARMANA_API_KEY`. | | `REDIS_PASSWORD` | No | Redis password. Used in production compose files to set `--requirepass` on Redis and in `REDIS_URL`. | | `RELEASE_TAG` | No | Image tag for the server image in production deploys: `ghcr.io/pavancharak/parmanasystems/server:${RELEASE_TAG}`. | *** ## Postgres container variables Set on the `postgres` service in `docker-compose.yml`: | Variable | Default in compose | Description | | ------------------------ | ---------------------- | -------------------------------------------------------------------------------------------------------- | | `POSTGRES_DB` | `Parmana_audit` | Database name. Must match the database in `AUDIT_DATABASE_URL`. | | `POSTGRES_USER` | `Parmana` | Database user. Must match the user in `AUDIT_DATABASE_URL`. | | `POSTGRES_PASSWORD` | `${POSTGRES_PASSWORD}` | Database password. From `.env`. Must match the password in `AUDIT_DATABASE_URL`. | | `POSTGRES_PASSWORD_FILE` | — | Alternative to `POSTGRES_PASSWORD`. Path to a Docker secret file. Use in production with Docker secrets. | *** ## Redis container variables Set on the `redis` service via the `command` override: | Setting | Default | Description | | -------------------------- | --------------- | ---------------------------------------------------------------------------------------------------- | | `--appendonly yes` | Required | Enable AOF persistence. Always set in production. | | `--requirepass ` | Unset (no auth) | Redis password. Set in production and update `REDIS_URL` accordingly: `redis://:password@redis:6379` | *** ## Server container variables All variables passed to the `server` container. See [Environment Variables](/reference/env-vars) for the complete server variable reference. | Variable | Source | Description | | ----------------------------- | -------------------------- | ----------------------------------------------------------------------- | | `PORT` | Hardcoded in compose | `3000` | | `HOST` | Hardcoded in compose | `0.0.0.0` (local) or `127.0.0.1` (production) | | `CORS_ORIGIN` | Hardcoded in compose | Dashboard URL | | `REDIS_URL` | Hardcoded in compose | `redis://redis:6379` (using compose service name) | | `AUDIT_DATABASE_URL` | Compose variable expansion | `postgresql://Parmana:${POSTGRES_PASSWORD}@postgres:5432/Parmana_audit` | | `PARMANA_API_KEY` | From `.env` | Bearer token | | `PARMANA_SIGNING_PROVIDER` | From `.env` | `env` or `disk` | | `PARMANA_SIGNING_PRIVATE_KEY` | From `.env` or secret | PEM private key | | `PARMANA_SIGNING_PUBLIC_KEY` | From `.env` or secret | PEM public key | | `PARMANA_POLICIES_ROOT` | Hardcoded | `/app/policies` | | `PARMANA_TRUST_ROOT` | Hardcoded | `/app/trust/trust-root.json` | | `PARMANA_TRUST_PUBLIC_KEY` | Hardcoded | `/app/trust/root.pub` | | `PARMANA_RELEASE_MANIFEST` | Hardcoded | `/app/artifacts/release-manifest.json` | | `PARMANA_RELEASE_SIGNATURE` | Hardcoded | `/app/artifacts/release-manifest.sig` | *** ## Dashboard container variables The dashboard container (`ghcr.io/pavancharak/parmanasystems/dashboard`) does not read environment variables at runtime. It is a static React application. The server URL it calls is configured at build time. The server must be accessible at the URL the dashboard was built to use (typically `http://localhost:3000` for local and `https://governance.yourdomain.com` for production). *** ## Port mapping reference | Service | Container port | Host port (local) | Notes | | ----------- | -------------- | ----------------- | ------------------------------------------------------------ | | `server` | 3000 | 3000 | In production, bind to `127.0.0.1:3000:3000` (Nginx proxies) | | `dashboard` | 80 | 8081 | Static files only | | `postgres` | 5432 | 5433 | Do not expose in production | | `redis` | 6379 | 6380 | Do not expose in production | *** ## .env file template ```bash theme={null} # Required POSTGRES_PASSWORD=choose-a-strong-password PARMANA_API_KEY=choose-a-secret-api-key # Signing — choose provider and set corresponding variables PARMANA_SIGNING_PROVIDER=env PARMANA_SIGNING_PRIVATE_KEY= PARMANA_SIGNING_PUBLIC_KEY= # Production only REDIS_PASSWORD= RELEASE_TAG=1.0.0 ```