Environment Variables¶
This document describes every environment variable used by Digistore, grouped by responsibility, with: - Purpose - Where it is used - Whether it is required - Dev vs Prod notes
All variables are loaded from the .env file and injected into:
- Django
- Docker containers
- Celery workers & beat
- Redis
- PostgreSQL
- External services (payments, email, analytics, storage)
Environment Mode & Django Settings¶
MAKEFILE_ENV¶
Required: Yes Values: dev / prod
Controls which Docker Compose file and commands are used by Makefile. - dev → docker-compose.dev.yml - prod → docker-compose.prod.yml
DJANGO_SETTINGS_MODULE¶
Required: Yes Example: digistore.settings.production
Controls which Django settings file is loaded. - digistore.settings.local → development - digistore.settings.production → production
DEBUG¶
Required: Yes Values: True / False
- True → development only
- False → mandatory in production
⚠️ Must be False in production.
SECRET_KEY¶
Required: Yes Purpose: Cryptographic signing (sessions, CSRF, tokens) - Must be unique and secret - Never reuse across environments - Changing this invalidates all sessions
ALLOWED_HOSTS¶
Required: Yes (Prod)
Comma-separated list of allowed domains.
Example: ALLOWED_HOSTS=example.com,www.example.com
CSRF_TRUSTED_ORIGINS¶
Required: Yes (Prod)
Must include full scheme.
Example: CSRF_TRUSTED_ORIGINS=https://example.com,https://www.example.com
⚠ Update from http to https after SSL is enabled.
PROJECT_SLUG¶
Internal project identifier.
Used in: - Logs - File paths - Naming
SITE_NAME¶
Display name of the platform.
Used in: - UI headers - Email subjects - System messages
SITE_DOMAIN¶
Public base URL.
Used in: - Email verification links - Password reset - Payment return URLs
Dev: SITE_DOMAIN=127.0.0.1:8000
Prod: SITE_DOMAIN=https://example.com
SITE_TAGLINE¶
Optional branding tagline (UI only).
SITE_PRODUCT¶
Product type label (e.g. Templates, Courses, SaaS).
Used in: - UI marketing text - Email templates
EMAIL¶
Public contact email address. Shown in: - Footer - Support links
POSTGRES_DB¶
Database name.
POSTGRES_USER¶
POSTGRES_PASSWORD¶
Authentication credentials.
DB_HOST¶
Docker service hostname.
Usually: DB_HOST=db
DB_NAME¶
Same as POSTGRES_DB (used by Django).
DB_USER¶
Same as POSTGRES_USER
DB_PASSWORD¶
Same as POSTGRES_PASSWORD
DB_PORT¶
Default: 5432
REDIS_HOST¶
REDIS_PORT¶
Docker service connection details.
REDIS_USERNAME¶
REDIS_PASSWORD¶
Used if Redis AUTH is enabled.
CACHE_REDIS_URL¶
Redis DB for Django cache.
Example: redis://user:pass@redis:6379/1
CELERY_REDIS_URL¶
Redis DB for Celery broker & results.
Example: redis://user:pass@redis:6379/2
Used for:
- Email sending
- Telegram notifications
- Database backups
RESEND_API_KEY¶
API key for Resend email service. Used by: - django-anymail
FROM_EMAIL¶
Sender address for all system emails. Used for: - Email verification - Password reset - Notifications
DODO_PAYMENTS_API_KEY¶
Authentication key for Dodo API.
DODO_API_URL¶
Use test in dev, live in prod.
Example: https://test.dodopayments.com
DODO_WEBHOOK_SECRET¶
Used to verify webhook signatures. ⚠ Must match secret in Dodo dashboard.
DODO_BRAND_ID¶
Brand identifier registered in Dodo Payments. Used for: - Checkout branding - Invoice metadata
GA_MEASUREMENT_ID¶
Frontend tracking ID.
GA_PROPERTY_ID¶
Used for server-side analytics API.
GA_API_SECRET¶
Secret for GA Measurement Protocol.
GA_CACHE_TTL¶
GA_REALTIME_TTL¶
GA_WEEKLY_TTL¶
Controls Redis cache in Google Analytics while showing data on dashboard Values are in seconds.
GOOGLE_CLIENT_ID¶
GOOGLE_CLIENT_SECRET¶
Google OAuth Used by: - social-auth-app-django - Google login Optional if social login is disabled.
RECAPTCHA_PUBLIC_KEY¶
RECAPTCHA_PRIVATE_KEY¶
Google reCAPTCHA Used in: - Registration - Spam protection ⚠ Keys must match domain.
AWS_S3_ACCESS_KEY_ID¶
AWS_S3_SECRET_ACCESS_KEY¶
AWS_S3_ENDPOINT_URL¶
AWS_S3_CUSTOM_DOMAIN¶
AWS_STORAGE_BUCKET_NAME¶
AWS_S3_REGION¶
Details and Credentials for digital ocean object storage. You can get these detail from Digitial Ocean Object Storage.
TELEGRAM_BOT_TOKEN¶
Bot token for notifications.
TELEGRAM_SELLER_CHAT_ID¶
Chat where seller alerts are sent. Used when: - New support ticket - Important system events
MAINTENANCE_BYPASS_KEY¶
Emergency bypass token
Usage: ?uc=pykits
Allows access even when site is in maintenance mode.
DOCS_BASE_URL¶
Base URL for help & docs links inside UI.
Example: https://docs.digistore.dev
DEFAULT_IMAGE_MAX_KB¶
Target max image size after compression.
DEFAULT_IMAGE_QUALITY¶
Initial WebP quality.
MIN_IMAGE_QUALITY¶
Lower bound for compression loop.
Summary Table¶
| Category | Required in Prod |
|---|---|
| Django Core | ✅ |
| Database | ✅ |
| Redis | ✅ |
| Celery | ✅ |
| ✅ | |
| Payments | ✅ |
| Storage | ✅ |
| Analytics | Optional |
| Google OAuth | Optional |
| Telegram | Optional |
| Docs URL | Optional |
Security Notes¶
- Never commit
.envto git - Rotate secrets periodically
- Use different values for dev & prod
- Restrict webhook URLs
- Enable HTTPS before enabling payments