Configuration
SlimRMM is configured through environment variables. This page documents all available options.
Environment Variables
Core Settings
| Variable | Required | Default | Description |
|---|---|---|---|
SECRET_KEY | Yes | - | JWT signing key. Generate with python -c "import secrets; print(secrets.token_urlsafe(32))" |
AGENT_INSTALL_KEY | Yes | - | Agent registration key |
DEBUG | No | false | Enable debug mode (never in production!) |
ENVIRONMENT | No | production | development, staging, or production |
Database
| Variable | Required | Default | Description |
|---|---|---|---|
DATABASE_URL | Yes | - | Database connection string |
PostgreSQL (Recommended):
DATABASE_URL=postgresql+asyncpg://user:password@host:5432/dbnameSQLite (Development only):
DATABASE_URL=sqlite+aiosqlite:///./rmm.dbRedis
| Variable | Required | Default | Description |
|---|---|---|---|
REDIS_URL | Yes* | - | Redis connection string |
*Required for production. SQLite mode can work without Redis.
REDIS_URL=redis://localhost:6379/0
REDIS_URL=redis://:password@host:6379/0JWT & Authentication
| Variable | Required | Default | Description |
|---|---|---|---|
JWT_ALGORITHM | No | HS256 | JWT algorithm |
ACCESS_TOKEN_EXPIRE_MINUTES | No | 15 | Access token lifetime |
REFRESH_TOKEN_EXPIRE_DAYS | No | 7 | Refresh token lifetime |
CORS & Frontend
| Variable | Required | Default | Description |
|---|---|---|---|
CORS_ORIGINS | No | ["*"] | Allowed CORS origins (JSON array) |
FRONTEND_URL | Yes | - | Frontend URL for email links |
bash
CORS_ORIGINS=["https://rmm.example.com"]
FRONTEND_URL=https://rmm.example.comMFA / WebAuthn
| Variable | Required | Default | Description |
|---|---|---|---|
MFA_ISSUER_NAME | No | SlimRMM | TOTP issuer name |
WEBAUTHN_RP_ID | No | - | WebAuthn Relying Party ID (domain) |
WEBAUTHN_RP_NAME | No | SlimRMM | WebAuthn RP display name |
bash
WEBAUTHN_RP_ID=rmm.example.com
WEBAUTHN_RP_NAME=SlimRMM DashboardPKI / Certificates
| Variable | Required | Default | Description |
|---|---|---|---|
PKI_CA_CERT_PATH | No | ./certs/ca.crt | CA certificate path |
PKI_CA_KEY_PATH | No | ./certs/ca.key | CA private key path |
PKI_CA_VALIDITY_DAYS | No | 3650 | CA certificate validity |
PKI_CERT_VALIDITY_DAYS | No | 365 | Agent certificate validity |
WebRTC / TURN
Required for remote desktop through NAT:
| Variable | Required | Default | Description |
|---|---|---|---|
TURN_SERVER_URL | No | - | TURN server URL |
TURN_SERVER_USERNAME | No | - | TURN username |
TURN_SERVER_CREDENTIAL | No | - | TURN password |
STUN_SERVERS | No | - | STUN servers (JSON array) |
bash
TURN_SERVER_URL=turn:turn.example.com:3478
TURN_SERVER_USERNAME=user
TURN_SERVER_CREDENTIAL=password
STUN_SERVERS=["stun:stun.l.google.com:19302"]Rate Limiting
| Variable | Required | Default | Description |
|---|---|---|---|
RATE_LIMIT_PER_MINUTE | No | 60 | Requests per minute per IP |
Logging
| Variable | Required | Default | Description |
|---|---|---|---|
LOG_LEVEL | No | INFO | Log level: DEBUG, INFO, WARNING, ERROR |
LOG_FORMAT | No | json | Log format: json or text |
Example Configuration
Development
bash
# .env
SECRET_KEY=dev-secret-key-change-in-production
AGENT_INSTALL_KEY=dev-agent-key
DATABASE_URL=sqlite+aiosqlite:///./rmm.db
DEBUG=true
ENVIRONMENT=development
FRONTEND_URL=http://localhost:5173
CORS_ORIGINS=["http://localhost:5173"]
LOG_LEVEL=DEBUGProduction
bash
# .env
SECRET_KEY=your-32-char-secret-key-here
AGENT_INSTALL_KEY=your-agent-install-key
DATABASE_URL=postgresql+asyncpg://rmm:password@postgres:5432/rmm
REDIS_URL=redis://redis:6379/0
DEBUG=false
ENVIRONMENT=production
FRONTEND_URL=https://rmm.example.com
CORS_ORIGINS=["https://rmm.example.com"]
MFA_ISSUER_NAME=Your Company RMM
WEBAUTHN_RP_ID=rmm.example.com
WEBAUTHN_RP_NAME=Your Company RMM
PKI_CA_VALIDITY_DAYS=3650
PKI_CERT_VALIDITY_DAYS=365
RATE_LIMIT_PER_MINUTE=60
LOG_LEVEL=INFO
LOG_FORMAT=jsonFrontend Configuration
The frontend uses environment variables at build time:
| Variable | Description |
|---|---|
VITE_API_URL | Backend API URL |
bash
VITE_API_URL=https://rmm.example.com/apiAgent Configuration
Agent configuration is stored locally after installation:
Linux/macOS: /var/lib/slimrmm/.slimrmm_config.jsonWindows: Registry
json
{
"server": "https://rmm.example.com",
"uuid": "agent-uuid-here",
"mtls_enabled": true,
"log_level": "info"
}Security Recommendations
Production Checklist
- Generate unique keys - Never use default or example keys
- Use PostgreSQL - SQLite is for development only
- Enable HTTPS - Required for WebSocket and security
- Restrict CORS - Set specific origins, not
["*"] - Set DEBUG=false - Never run debug in production
- Configure rate limiting - Prevent abuse
- Enable MFA - Require for admin accounts
Validating Configuration
Check if your configuration is valid:
bash
# Docker
docker compose exec backend python -c "from app.core.config import settings; print(settings)"
# Manual
python -c "from app.core.config import settings; print(settings)"