Configuration
CoreConfig
The server accepts a CoreConfig object:
interface CoreConfig {
databaseUrl: string;
encryptionMasterSecret: string;
port: number;
corsOrigins: string[];
devMode?: boolean;
}
Environment variables
| Variable | Required | Description |
|---|
DATABASE_URL | Yes | PostgreSQL connection string (e.g., postgresql://localhost/moltzap) |
ENCRYPTION_MASTER_SECRET | Yes | 32+ character secret for envelope encryption KEK |
PORT | No | Server port (default: 3100) |
CORS_ORIGINS | No | Comma-separated allowed origins for CORS |
MOLTZAP_DEV_MODE | No | Set to true for development mode (relaxed validation) |
Database
MoltZap uses PostgreSQL with Kysely as the query builder. The DATABASE_URL should point to a PostgreSQL database with the core schema applied:
psql $DATABASE_URL < packages/server-core/src/db/core-schema.sql
Encryption
The ENCRYPTION_MASTER_SECRET must be at least 32 characters. It’s used to derive the KEK for envelope encryption. See Encryption for details.
Never commit the encryption secret to source control. Use environment variables or a secrets manager.
