LoopLoop
Self-Hosting

Environment Variables

Complete reference for all environment variables required to configure the Loop API server and dashboard.

Environment Variables

Loop uses environment variables for all configuration. Each app validates its environment variables at startup using Zod โ€” missing or invalid variables produce clear, formatted error messages instead of cryptic runtime errors.

For local development, pre-filled .env.example files with working defaults are provided. Run cp apps/api/.env.example apps/api/.env (or use pnpm run setup which does this automatically).

API Server (@loop/api)

These variables configure the Hono API server.

VariableRequiredDescription
DATABASE_URLYesPostgreSQL connection string. Format: postgresql://user:password@host:port/dbname. For Neon, use the pooled connection string from your dashboard.
LOOP_API_KEYYesBearer token used to authenticate all /api/* requests. Clients send this as Authorization: Bearer <token>.
GITHUB_WEBHOOK_SECRETNoHMAC-SHA256 secret for verifying GitHub webhook payloads. Required only if you use the GitHub integration.
SENTRY_CLIENT_SECRETNoHMAC-SHA256 secret for verifying Sentry webhook payloads. Required only if you use the Sentry integration.
POSTHOG_WEBHOOK_SECRETNoShared secret for verifying PostHog webhook payloads. Required only if you use the PostHog integration.

Never commit secrets to version control. Use your platform's secret management (Vercel Environment Variables, AWS Secrets Manager, etc.) or a .env file that is listed in .gitignore.

DATABASE_URL

The PostgreSQL connection string. Loop automatically selects the right driver based on NODE_ENV: the Neon serverless driver in production, or the standard pg driver for local development.

Production (Neon):

DATABASE_URL=postgresql://user:password@ep-cool-darkness-123456.us-east-2.aws.neon.tech/loopdb?sslmode=require

Local development (Docker):

DATABASE_URL=postgresql://loop:loop@localhost:54320/loop

The local default connects to the PostgreSQL container started by pnpm run db:dev:up.

LOOP_API_KEY

A secret token that protects all API endpoints under /api/*. Every request must include it in the Authorization header:

Authorization: Bearer loop_your_secret_key_here

To generate a secure key, use the built-in key generation command:

pnpm run generate-key

This generates a cryptographically secure loop_ prefixed key and writes it to both .env files automatically. To generate a key manually, use any cryptographically random string generator:

# Using openssl
openssl rand -hex 32

# Using Node.js
node -e "console.log('loop_' + require('crypto').randomBytes(32).toString('hex'))"

Webhook Secrets

Each webhook integration has its own secret for payload verification. These are only required if you configure the corresponding integration.

  • GITHUB_WEBHOOK_SECRET -- Set this to the same value you configure in your GitHub repository's webhook settings. GitHub signs payloads with HMAC-SHA256 using this secret.
  • SENTRY_CLIENT_SECRET -- Set this to match your Sentry integration's client secret. Sentry signs payloads with HMAC-SHA256.
  • POSTHOG_WEBHOOK_SECRET -- A shared secret that PostHog includes in webhook requests for verification.

Dashboard (@loop/app)

These variables configure the React dashboard SPA. Variables prefixed with VITE_ are embedded at build time.

VariableRequiredDefaultDescription
VITE_API_URLNohttp://localhost:4242Base URL of the Loop API server. Set this to your production API URL when deploying.
VITE_LOOP_API_KEYYes--Bearer token for authenticating dashboard API requests. Must match the LOOP_API_KEY set on the API server.

Since VITE_ variables are embedded into the client-side JavaScript bundle at build time, they are visible to anyone who can access the dashboard. The VITE_LOOP_API_KEY grants full API access. Only deploy the dashboard behind authentication or on a trusted network.

VITE_API_URL

The base URL where the Loop API is running. In development this defaults to http://localhost:4242. For production, set it to your deployed API URL:

VITE_API_URL=https://api.looped.me

VITE_LOOP_API_KEY

The API key the dashboard uses to authenticate with the API server. This must be the same value as the LOOP_API_KEY configured on the API server:

VITE_LOOP_API_KEY=loop_your_secret_key_here

Example .env Files

API (.env in apps/api/)

DATABASE_URL=postgresql://user:password@host/dbname
LOOP_API_KEY=loop_your_secret_key_here

# Optional: webhook integrations
GITHUB_WEBHOOK_SECRET=whsec_your_github_secret
SENTRY_CLIENT_SECRET=your_sentry_secret
POSTHOG_WEBHOOK_SECRET=your_posthog_secret

Dashboard (.env in apps/app/)

VITE_API_URL=https://api.looped.me
VITE_LOOP_API_KEY=loop_your_secret_key_here

Self-Hosting

Deploy and run Loop on your own infrastructure. Understand the system requirements, architecture, and deployment options.

Deployment Guide

Step-by-step instructions for deploying Loop on Vercel or manually on your own infrastructure.

On this page

Environment VariablesAPI Server (@loop/api)DATABASE_URLLOOP_API_KEYWebhook SecretsDashboard (@loop/app)VITE_API_URLVITE_LOOP_API_KEYExample .env FilesAPI (.env in apps/api/)Dashboard (.env in apps/app/)