Aura Auth
Configuration

Environment Variables

Complete guide to configuring Aura Auth via environment variables

Environment Variables

Aura Auth requires environment variables to store sensitive data related to OAuth credentials, secret keys for signing and encrypting JWTs and CSRF tokens, and salts for key derivation. Additionally, there are environment variables that control runtime behavior of the core auth module, such as trusted origins and debug mode.

All environment variables support multiple patterns that allow Aura Auth to load automatically without needing to set them directly in the createAuth function.

When Aura Auth resolves a variable key, it checks the following names in order and uses the first non-empty value:

  1. AURA_AUTH_{KEY}
  2. AURA_{KEY}
  3. AUTH_{KEY}
  4. {KEY}

For more details, read:

Environment variables override the corresponding configuration options in the createAuth function, including secret, trustedOrigins, and logger. If you set an environment variable for these options, it will take precedence over the value provided in createAuth.

Secure Variables

NameDescription
SECRET32-byte secret for JWTs signing/encryption
SALT32-byte salt for key derivation used for signing and encrypting JWTs and CSRF tokens

Generating Secrets and Salts

# Using Node.js
node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"

# Using OpenSSL
openssl rand -base64 32
.env
# Secret
AURA_AUTH_SECRET=

# Salt
AURA_AUTH_SALT=

OAuth Variables

PatternDescription
{PROVIDER}_CLIENT_IDClient ID obtained from the OAuth app
{PROVIDER}_CLIENT_SECRETClient Secret obtained from the OAuth app
.env
# GitHub OAuth Credentials
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=

# GitHub OAuth Credentials
AURA_GITHUB_CLIENT_ID=
AURA_GITHUB_CLIENT_SECRET=

# GitHub OAuth Credentials
AURA_AUTH_GITHUB_CLIENT_ID=
AURA_AUTH_GITHUB_CLIENT_SECRET=

Some of the supported OAuth providers provided by Aura Auth include:

To see all the providers supported by Aura Auth, see OAuth Providers.

Never commit your .env file. Always use a secret manager in production.

Runtime Variables

These variables control runtime behavior of the core auth module.

KeyTypeDescription
TRUSTED_ORIGINSstringComma/semicolon/newline-separated origins used as trusted origin allowlist.
DEBUGbooleanEnables debug logging when set to one of: 1, true, yes, on, debug.
LOG_LEVELstringLogger level used by built-in logger (debug, info, warn, error).
.env
# Trusted origins (one or many)
AURA_AUTH_TRUSTED_ORIGINS="https://app.example.com,https://admin.example.com"

# Debug mode
AURA_AUTH_DEBUG="1"

# Built-in logger level
AURA_AUTH_LOG_LEVEL="info"

Security Model

Deep dive into the security mechanisms protecting Aura Auth

Configuration Options

Configure and customize Aura Auth defaults via createAuth.

On this page

Environment VariablesSecure VariablesGenerating Secrets and SaltsOAuth VariablesRuntime Variables