Environment Variables
Set these in wrangler.toml under [vars] for non-secret values, or use npx wrangler secret put KEY for secrets.
Core
| Variable | Required | Description |
|---|
ADMIN_TOKEN | Yes | Shared secret for Bearer token API access. Use a long random string. |
SETUP_TOKEN | Recommended | Required during initial admin account creation. Prevents race attacks on setup. |
SECURE_COOKIES | Recommended | Set to "true" for production. Forces Secure flag on session cookies. |
ALLOWED_ORIGINS | Recommended | Comma-separated allowed origins for CORS. E.g., "https://admin.example.com,https://example.com" |
SESSION_SLIDING_WINDOW | Optional | Set to "true" to extend active sessions automatically. |
GitHub OAuth
| Variable | Description |
|---|
GITHUB_CLIENT_ID | GitHub OAuth app client ID |
GITHUB_CLIENT_SECRET | GitHub OAuth app client secret |
OAUTH_CALLBACK_URL | Base URL for OAuth callbacks (e.g., https://cms.example.com) |
Google OAuth
| Variable | Description |
|---|
GOOGLE_CLIENT_ID | Google OAuth client ID |
GOOGLE_CLIENT_SECRET | Google OAuth client secret |
Email / Magic Links
| Variable | Description |
|---|
SMTP_HOST | SMTP server hostname |
SMTP_PORT | SMTP port (default: 587) |
SMTP_USER | SMTP username |
SMTP_PASS | SMTP password |
SMTP_FROM | Sender email (e.g., noreply@example.com) |
SMTP_FROM_NAME | Sender display name |
MAGIC_LINK_BASE_URL | Base URL for magic link emails (where the admin UI is hosted) |
SENDGRID_API_KEY | Alternative to SMTP โ SendGrid API key |
RESEND_API_KEY | Alternative to SMTP โ Resend API key |
MAILGUN_API_KEY | Alternative to SMTP โ Mailgun API key |
Cloudflare Access
| Variable | Description |
|---|
CF_ACCESS_ENABLED | Set to "true" to enable Cloudflare Access login |
CF_ACCESS_TEAM_DOMAIN | Your Cloudflare Access team domain (e.g., yourteam.cloudflareaccess.com) |
CF_ACCESS_AUD | Application Audience (AUD) tag from Access settings |
Cloudflare Turnstile
| Variable | Description |
|---|
TURNSTILE_SECRET | Cloudflare Turnstile secret key for bot protection on forms |
Frontend environment variables
Each frontend starter uses one env var to point to the CMS API:
| Frontend | Variable | Example |
|---|
| React (Vite) | VITE_CMS_URL | https://cms.example.com/api/v1 |
| Next.js | NEXT_PUBLIC_CMS_URL | https://cms.example.com/api/v1 |
| Astro | PUBLIC_CMS_URL | https://cms.example.com/api/v1 |