Skip to main content

Server configuration

All environment variables are optional for local development. The defaults provide a working setup out of the box.
VariableDefaultDescription
DATABASE_URLBundled PostgreSQLPostgreSQL connection string. The Docker Compose setup includes PostgreSQL by default.
SECRET_ENCRYPTION_KEYAuto-generatedAES-256-GCM encryption key for the secret store. Auto-generated on first run if not set.
NEXTAUTH_SECRET-Enables Google OAuth (multi-user mode). Without this, OneCLI runs in single-user mode with no login required.
GOOGLE_CLIENT_ID-Google OAuth client ID. Required if NEXTAUTH_SECRET is set.
GOOGLE_CLIENT_SECRET-Google OAuth client secret. Required if NEXTAUTH_SECRET is set.

Single-user vs multi-user mode

By default, OneCLI runs in single-user mode with no login screen. This is ideal for local development and personal use. To enable multi-user mode with Google OAuth, set the three auth variables: 
NEXTAUTH_SECRET=your-random-secret
GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=your-client-secret

Bring your own database

By default, the Docker Compose setup bundles a PostgreSQL instance. To use an external PostgreSQL instance instead: 
DATABASE_URL=postgresql://user:password@host:5432/onecli

Telemetry

VariableDefaultDescription
DO_NOT_TRACK-Set to 1 to disable anonymous telemetry. Supported by many open-source tools (Next.js, Homebrew, Gatsby, Sanity, Railway, etc.).
See Telemetry for details on what is collected and how to opt out.

CLI configuration variables

These variables configure the oc CLI tool.
VariableDefaultDescription
ONECLI_ENVproductionSet to dev for development mode
ONECLI_PLUGIN_DIR~/.onecli/pluginsOverride the plugin binary directory

Development vs production

Setting ONECLI_ENV=dev switches oc to development mode, which uses separate directories and keychain entries to avoid interfering with your production setup:
Path / KeyProductionDevelopment
Credentials directory~/.onecli/credentials~/.onecli/credentials-dev
Cache directory~/.onecli/cache~/.onecli/cache-dev
Keychain service nameonecli-tokenonecli-token-dev
This means you can have separate tokens and plugin credentials for dev and production, running side by side on the same machine.

Plugin directory override

ONECLI_PLUGIN_DIR tells oc where to look for plugin binaries. This is useful for:
  • Pointing to a local build directory during plugin development
  • Storing plugins in a non-default path
  • Isolating plugin binaries per test environment
export ONECLI_PLUGIN_DIR=./build/plugins
oc google calendar list-events

Credential environment variables

When oc executes a plugin command, it injects credentials as environment variables. These are not user-configurable. oc sets them automatically based on stored credentials: 
OC_{PLUGINNAME}_ACCESS_TOKEN
OC_{PLUGINNAME}_REFRESH_TOKEN
OC_{PLUGINNAME}_TOKEN_TYPE
OC_{PLUGINNAME}_EXPIRES_AT
See Plugin protocol for details on credential injection.