Skip to main content
Version: 2.11


Saleor follows the 12 factor approach so you can configure Saleor using environment variables.

Below is a list of available environment variables and their default values.

Setting environment variables

While most production environments offer a way to configure the environment, you will likely want to first set them on your local development machine.

To set the variable temporarily, until the terminal window is closed:

set SECRET_KEY "<mysecretkey>"

To permanently set the variable:

setx SECRET_KEY "<mysecretkey>"

General configuration


A list of strings representing host/domain names of client applications (storefront or dashboard) that use this Saleor instance as a backend. Values in this list should be URLs in RFC 1808 format.

Some operations, such as registering a new account or resetting the password, involve sending an email from the backend with a link that users need to click to confirm the action. The backend doesn't know the structure of frontend applications' routing and the path to the view where users can proceed with the operation needs to be passed as arguments in GraphQL mutations. These paths are validated against URLs configured in the ALLOWED_CLIENT_HOSTS setting.

ALLOWED_CLIENT_HOSTS is required in production mode (with DEBUG=False). In local development (DEBUG=True) when it's not set, the paths are validated against localhost,

Multiple values should be separated with a comma.


Controls the value of Access-Control-Allow-Origin response header. Defaults to *.


This variable controls Django’s allowed hosts setting. It defaults to localhost.

Multiple values should be separated with a comma.


The URL of a cache database. It defaults to local process memory.

Redis is recommended. Heroku’s Redis will export this setting automatically.

Example: redis://


Indicates whether or not new images are created on-the-fly. Defaults to True.

For production, we recommend you set this to False to improve performance. Make sure all images come with a pre-warm to ensure they’re created and available at the appropriate URL.

To create missing thumbnails for all images use:

python create_thumbnails


The connection URL to a PostgreSQL database. Defaults to postgres://saleor:saleor@localhost:5432/saleor.

Format: postgres://<username>:<password>@<hostname>:<port>/<database-name>

Most Heroku databases will export this setting automatically.


Controls Django’s debug mode. It defaults to True.


Indicates the default country of your store. Depending on what setup you require, this variable also controls the default VAT, shipping country, etc. Defaults to US.


Indicates a default currency which is a basis for all prices entered and stored in your store. Defaults to USD.


Indicates a default email address to use for all outgoing mail.


Controls whether to run Django Debug Toolbar. Defaults to False.

To use the toolbar, you also need to enable the PLAYGROUND_ENABLED setting. Then, the toolbar will be rendered when accessing the /graphql/ URL. Note that using the toolbar is recommended only locally and should be disabled in production, as it affects the performance and may potentially reveal sensitive or private information.


The URL of the email gateway. Defaults to printing everything to the console.

Some examples:

Amazon SESsmtp://
A SMTP server unencryptedsmtp://

Example: smtp://


Controls whether registering new customer accounts should require email confirmation. Requires ALLOWED_CLIENT_HOSTS variable to be set.

Defaults to True.


Controls Django’s internal IPs setting. Defaults to

Multiple values should be separated with a comma.


Controls whether JWT access tokens should expire or not. Defaults to False.


The time until JWT access tokens expire. The value should be a time expressions like 5m, 5 minutes, 5d, 5 days, 1w, 1 week. Defaults to 5 minutes.


The time until JWT refresh tokens expire. The value should be a time expressions like 5m, 5 minutes, 5d, 5 days, 1w, 1 week. Defaults to 30 days.


The time until email change request tokens expire. The value should be a time expressions like 5m, 5 minutes, 5d, 5 days, 1w, 1 week. Defaults to 1 hour.


Controls the maximum quantity of a line item that can be added to a checkout. Defaults to 50.


Controls Django's MEDIA_URL setting. Defaults to /media/.


Controls whether to run Playground - the interactive GraphQL explorer - when accessing the /graphql/ URL exposed by Saleor. Defaults to True.


Controls Django’s secret key setting.


Controls the production assets mount path. Defaults to /static/.

Currency exchange

Saleor can automatically convert amounts between currencies. To use this feature, you will need an Open Exchange Rates account.


Your store’s Open Exchange Rates "App ID".