Reference
Configuration
Configuring your Monospace environment.
Monospace Server can be configured using environment variables or a config.yaml file. Environment variables are prefixed with DIRECTUS_.
For nested configurations, double underscores (
__) are used to separate levels.Server
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_HOST | string | 127.0.0.1 | Address the server binds to |
DIRECTUS_PORT | integer | 8100 | Port the server listens on |
DIRECTUS_BASE_URL | URL | http://localhost:3000/ | Public base URL used in emails, OAuth redirects, and generated links |
DIRECTUS_SERVE_STATIC_DIR | string | ./public | Directory to serve static files from. Defaults to the public folder next to the server binary |
System Database
Configures the database Monospace uses to store its own metadata (projects, roles, policies, etc.). Currently supports PostgreSQL.
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_SYSTEM_DATABASE__PROVIDER | string | — | Database provider. Currently: postgres |
PostgreSQL Provider
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_SYSTEM_DATABASE__HOST | string | — | Database hostname |
DIRECTUS_SYSTEM_DATABASE__PORT | integer | — | Database port |
DIRECTUS_SYSTEM_DATABASE__USER | string | — | Database username |
DIRECTUS_SYSTEM_DATABASE__PASSWORD | string | — | Database password |
DIRECTUS_SYSTEM_DATABASE__DBNAME | string | — | Database name |
SSL Configuration
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_SYSTEM_DATABASE__SSL__MODE | string | require | SSL mode: disable, prefer, require, verify-ca, verify-full |
DIRECTUS_SYSTEM_DATABASE__SSL__CA_CERT | string | — | CA certificate (base64-encoded or file path) |
DIRECTUS_SYSTEM_DATABASE__SSL__CLIENT_CERT | string | — | Client certificate (base64-encoded) |
DIRECTUS_SYSTEM_DATABASE__SSL__CLIENT_KEY | string | — | Client private key (base64-encoded) |
DIRECTUS_SYSTEM_DATABASE__SSL__CLIENT_KEY_PASSWORD | string | — | Password for encrypted client key |
File Storage
Configures where Monospace stores uploaded files and assets.
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_SYSTEM_FILE_STORAGE__PROVIDER | string | — | Storage provider: local or s3 |
DIRECTUS_REDIRECT_ASSET_READ | boolean | false | Redirect asset reads to the file storage provider instead of proxying through the server |
Local Provider
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_SYSTEM_FILE_STORAGE__ROOT_PATH | string | — | Absolute path to the directory where files are stored |
S3 Provider
Compatible with AWS S3 and S3-compatible services (MinIO, Cloudflare R2, etc.).
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_SYSTEM_FILE_STORAGE__BUCKET | string | — | S3 bucket name |
DIRECTUS_SYSTEM_FILE_STORAGE__ACCESS_KEY_ID | string | — | AWS access key ID |
DIRECTUS_SYSTEM_FILE_STORAGE__SECRET_ACCESS_KEY | string | — | AWS secret access key |
DIRECTUS_SYSTEM_FILE_STORAGE__REGION | string | auto | AWS region |
DIRECTUS_SYSTEM_FILE_STORAGE__ENDPOINT | string | — | Custom endpoint URL (for S3-compatible services) |
DIRECTUS_SYSTEM_FILE_STORAGE__ROOT_PATH | string | — | Prefix path within the bucket |
Configures outbound email for invitations, password resets, and notifications.
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_SYSTEM_EMAILER__PROVIDER | string | — | Email provider: smtp |
DIRECTUS_SYSTEM_EMAILER__FROM_ADDRESS | string | — | Sender email address in the "From" header |
DIRECTUS_SYSTEM_EMAILER__FROM_NAME | string | — | Display name in the "From" header |
SMTP Provider
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_SYSTEM_EMAILER__HOST | string | — | SMTP server hostname |
DIRECTUS_SYSTEM_EMAILER__PORT | integer | — | SMTP server port (typically 25, 465, or 587) |
DIRECTUS_SYSTEM_EMAILER__USERNAME | string | — | SMTP authentication username |
DIRECTUS_SYSTEM_EMAILER__PASSWORD | string | — | SMTP authentication password |
DIRECTUS_SYSTEM_EMAILER__TLS_OFF | boolean | false | Set to true to disable TLS |
Message Queue (RabbitMQ)
Monospace uses RabbitMQ for internal event processing.
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_RABBITMQ__HOST | string | — | RabbitMQ hostname |
DIRECTUS_RABBITMQ__PORT | integer | 5672 | RabbitMQ port |
DIRECTUS_RABBITMQ__USER | string | — | RabbitMQ username |
DIRECTUS_RABBITMQ__PASSWORD | string | — | RabbitMQ password |
DIRECTUS_RABBITMQ__VHOST | string | / | RabbitMQ virtual host |
DIRECTUS_RABBITMQ__USE_TLS | boolean | false | Use AMQPS instead of AMQP |
Authentication & Tokens
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_ACCESS_TOKEN_TTL | duration | 15m | Access token validity period |
DIRECTUS_REFRESH_TOKEN_TTL | duration | 7days | Refresh token validity period |
DIRECTUS_RESET_PASSWORD_TOKEN_TTL | duration | 15m | Password reset token validity period |
DIRECTUS_RESET_PASSWORD_COOLDOWN_TTL | duration | 30s | Cooldown before a user can request another password reset |
DIRECTUS_INVITE_TOKEN_TTL | duration | 7days | Invite token validity period |
DIRECTUS_JWT_LEEWAY | integer | 60 | JWT clock skew tolerance in seconds |
DIRECTUS_JWT_PRIVATE_KEY | string | — | Ed25519 private key for JWT signing (PEM content or file path) |
DIRECTUS_JWT_PUBLIC_KEY | string | — | Ed25519 public key for JWT verification (PEM content or file path) |
Duration values use human-readable format: 15m, 30s, 7days, 1h, etc.
Cookies
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_SESSION_COOKIE_NAME | string | directus_session | Name of the session cookie |
DIRECTUS_REFRESH_COOKIE_NAME | string | directus_refresh | Name of the refresh token cookie |
DIRECTUS_COOKIE_SECURE | boolean | true | Set the Secure flag on cookies. Set to false for local development over HTTP |
Limits
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_QUERY_LIMIT_DEFAULT | integer | 100 | Default page size when no limit is specified |
DIRECTUS_QUERY_LIMIT_MAX | integer | — | Maximum allowed page size. No limit if unset |
DIRECTUS_QUERY_BATCH_SIZE | integer | — | Batch size for bulk operations |
DIRECTUS_QUERY_LIMIT_MAX_FEDERATED | integer | 1000 | Maximum records fetched in a single cross-source relational query |
DIRECTUS_MAX_PAYLOAD_SIZE | string | 2m | Maximum request payload size. Supports g, m, k suffixes (bytes without suffix) |
DIRECTUS_MAX_FILE_PAYLOAD_SIZE | string | 5m | Maximum file upload size. Supports g, m, k suffixes (bytes without suffix) |
Encryption (KMS)
Configures the Key Management Service used to encrypt sensitive values stored in the database.
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_KMS__TYPE | string | — | KMS type. Currently: directus (local encryption) |
DIRECTUS_KMS__MASTER_KEY | string | — | Base64-encoded master encryption key |
DIRECTUS_KMS__MASTER_KEY__FILE | string | — | Path to a file containing the master key |
Content Security Policy
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_CONTENT_SECURITY_POLICY__ENABLED | boolean | true | Enable Content-Security-Policy headers |
DIRECTUS_CONTENT_SECURITY_POLICY__DIRECTIVES__* | string | — | Override individual CSP directives |
Observability
| Variable | Type | Default | Description |
|---|---|---|---|
DIRECTUS_LOG | string | info | Log level filter using tracing EnvFilter syntax. Examples: debug, info,aide=warn, directus=trace |
DIRECTUS_ENABLE_OTEL_EXPORT | boolean | false | Export traces to an OpenTelemetry collector |
When DIRECTUS_ENABLE_OTEL_EXPORT is enabled, configure the collector endpoint using standard OpenTelemetry environment variables (e.g., OTEL_EXPORTER_OTLP_ENDPOINT).