Appearance
Configure the Environment
TT Time Tracker uses two environment files:
| File | Used by |
|---|---|
.env | Vue frontend (Vite) — values are inlined at build time |
.env.backend | NestJS API and BullMQ worker — loaded at runtime |
Client environment (.env)
Copy from .env.example:
bash
cp .env.example .env| Variable | Required | Default | Description |
|---|---|---|---|
VITE_API_URL | Yes | http://localhost:3000 | Base URL of the API. Change to your production API URL for production builds. |
VITE_APP_VERSION | No | 0.0.0 | Version string shown in the UI. |
VITE_APP_BASE_URL | No | http://localhost:5173 | Public base URL of the client. Used for OAuth redirects. |
WARNING
VITE_* variables are inlined at build time. If you change them, you must rebuild the frontend. They are visible in the compiled JavaScript — do not put secrets here.
Backend environment (.env.backend)
Copy from .env.backend.example:
bash
cp .env.backend.example .env.backendRequired
| Variable | Description |
|---|---|
DATABASE_URL | PostgreSQL connection string, e.g. postgresql://tt:password@localhost:5432/tt?schema=public |
POSTGRES_PASSWORD | Password for the postgres Docker container (must match DATABASE_URL) |
REDIS_URL | Redis connection string, e.g. redis://localhost:6379 |
BETTER_AUTH_SECRET | Session signing secret. Generate with openssl rand -base64 32. Minimum 32 characters. |
BETTER_AUTH_URL | Public URL of the API, e.g. http://localhost:3000. Used for OAuth redirect URIs. |
RUSTFS_ACCESS_KEY | Access key for the S3-compatible file store. |
RUSTFS_SECRET_KEY | Secret key for the S3-compatible file store. |
Google OAuth (required for login)
| Variable | Description |
|---|---|
GOOGLE_CLIENT_ID | OAuth client ID from Google Cloud Console |
GOOGLE_CLIENT_SECRET | OAuth client secret |
Create credentials at console.cloud.google.com → APIs & Services → Credentials → Create OAuth 2.0 Client. Set the authorized redirect URI to {BETTER_AUTH_URL}/api/auth/callback/google.
File storage
| Variable | Default | Description |
|---|---|---|
RUSTFS_ENDPOINT | http://localhost:9000 | S3-compatible storage endpoint |
RUSTFS_BUCKET | tt-invoices | Bucket name for invoice files |
In production you can point this at AWS S3 or MinIO by changing RUSTFS_ENDPOINT and using the appropriate credentials.
Invoice OCR (optional)
| Variable | Description |
|---|---|
OPENAI_KEY | OpenAI API key for extracting structured data from OCR text |
GOOGLE_APPLICATION_CREDENTIALS | Path to a GCP service account JSON file with Cloud Vision API access |
Without these, uploaded invoices will remain in a pending state and no OCR extraction will occur.
Observability (optional)
All observability integrations are no-ops when their environment variables are unset — safe to skip in local development.
| Variable | Description |
|---|---|
SENTRY_DSN | Sentry DSN for backend (api + worker) error tracking |
SENTRY_DSN_FRONTEND | Sentry DSN for frontend error tracking (returned via /config) |