Environment variables
Application
* SITE_ID: Database ID of the Django Site object for this installation. Defaults to: 1.
* SECRET_KEY: A long, random string used for cryptographic signing. Must be unique per environment and never committed to version control.
* ALLOWED_HOSTS: Comma-separated list of domains (without spaces) that serve this installation. Protects against HTTP Host header attacks. Example: example.com,www.example.com. Defaults to: [].
* ALLOW_CUSTOM_JS: Allow administrators to inject custom JavaScript via the admin interface. Disable in environments where strict CSP is required. Defaults to: False.
* MEDIA_SUBFOLDER: Optional subdirectory appended to MEDIA_ROOT and PRIVATE_MEDIA_ROOT. Useful for separating media files across deployments sharing the same storage. Defaults to: (empty string).
* INVITE_EXPIRY_DAYS: Number of days before a user invitation link expires. Defaults to: 30.
Security
* SECRET_KEY_FALLBACK: A previous SECRET_KEY value to support gradual key rotation. Sessions and tokens signed with this key remain valid during the transition. Defaults to: (empty string).
* DEBUG: Enables Django debug mode. Must be False in production: exposes tracebacks and disables security hardening. Defaults to: False.
* IS_HTTPS: Set to True when the application is served over HTTPS. Enables secure cookies and HSTS. Defaults to the inverse of DEBUG. Defaults to: False.
* ADMIN_SESSION_COOKIE_AGE: Maximum admin session duration in seconds. Sessions older than this are invalidated to reduce the window for session hijacking. Defaults to: 3600.
* OIDC_FRONTEND_LOGOUT_WITH_HINTS: Pass login_hint and id_token_hint when redirecting to the IdP logout endpoint. Enables single-logout for OIDC sessions. Defaults to: True.
* CSRF_TRUSTED_ORIGINS: Comma-separated list of origins trusted for CSRF verification. Required when the application is accessed via a different domain or through a reverse proxy. Defaults to: [].
* OIDC_RENEW_ID_TOKEN_EXPIRY_SECONDS: Seconds before an OIDC session is considered stale and the user is redirected to the IdP for re-authentication. Defaults to: 900.
* OPEN_FORMS_DOMAIN: Domain of the Open Forms installation (e.g. https://forms.example.nl). Used to whitelist the Open Forms SDK in the Content Security Policy so the browser permits loading its scripts, styles, fonts, and API requests. Defaults to: (empty string).
* CSP_REPORT_ONLY: When enabled, the Content Security Policy is applied in report-only mode: violations are reported but not blocked. Use only for testing a new policy; disables enforcement while active. Defaults to: False.
* CSP_REPORTS_SAVE: Save CSP reports in database. Defaults to: True.
* CSP_REPORTS_LOG: Log CSP reports. Defaults to: True.
* CSP_REPORT_PERCENTAGE: Fraction of responses (0.0–1.0) for which the CSP report-uri directive is included. Values below 1.0 sample reports to reduce load on the reporting endpoint. Defaults to: 1.0.
Database
* DB_ENGINE: Django database backend to use. The default enables PostGIS (spatial data support). Defaults to: django.contrib.gis.db.backends.postgis.
* DB_NAME: Name of the PostgreSQL database. Defaults to: open_inwoner.
* DB_USER: PostgreSQL database user. Defaults to: open_inwoner.
* DB_PASSWORD: Password for the PostgreSQL database user. Defaults to: open_inwoner.
* DB_HOST: Hostname or IP address of the PostgreSQL server. Defaults to: localhost.
* DB_PORT: Port the PostgreSQL server listens on. Defaults to: 5432.
* GEOS_LIBRARY_PATH: Absolute path to the GEOS shared library. Only required when the library cannot be found automatically. Defaults to: None.
* GDAL_LIBRARY_PATH: Absolute path to the GDAL shared library. Only required when the library cannot be found automatically. Defaults to: None.
Cache
* CACHE_DEFAULT: Redis connection string for the default cache, in host:port/db format. Defaults to: localhost:6379/0.
* CACHE_LAPOSTA_API_TIMEOUT: Seconds to cache responses from the Laposta mailing list API. Defaults to: 900.
ZGW
* CACHE_ZGW_CATALOGI_TIMEOUT: Seconds to cache ZGW catalogus data (zaaktypen, statustypen, etc.). Catalogue data changes infrequently; a long TTL reduces API load. Defaults to: 86400.
* CACHE_ZGW_ZAKEN_TIMEOUT: Seconds to cache individual zaak data fetched from ZGW APIs. Defaults to: 300.
* ZGW_MAX_REQUESTS: Maximum number of paginated API calls to follow when fetching zaken from ZGW APIs. Limits the total number of cases loaded per request. Defaults to: 8.
* ZGW_CASE_LIST_NUM_WORKERS: Number of threads used to concurrently fetch cases on the Mijn Zaken page. Set to 0 to use the library default. Defaults to: 0.
* ZGW_CASE_LIST_FETCH_TIMEOUT: Total seconds the Mijn Zaken worker pool may spend fetching cases. Should be slightly less than the overall request timeout. Defaults to: 25.
* ZGW_CACHE_WARMUP_TIMEOUT: Seconds the login cache warm-up task may run per API group. Must exceed ZGW_CASE_LIST_FETCH_TIMEOUT because the warm-up fetches additional data (statuses, roles, documents). Defaults to: 120.
* ZGW_LIMIT_NOTIFICATIONS_FREQUENCY: Minimum seconds between duplicate ZGW notifications for the same zaak. Prevents notification storms when the same event is delivered multiple times. Defaults to: 900.
* DOCUMENT_RECENT_DAYS: Documents created within this many days are labelled as recent in the UI. Defaults to: 1.
* CONTACTMOMENT_NEW_DAYS: Contactmoment answers created within this many days are shown as new in the UI. Defaults to: 7.
Logging
* LOG_REQUESTS: Enable structured request logging via django-structlog middleware. Logs method, path, status code, and duration for every request. Defaults to: True.
* LOG_STDOUT: Write application and request logs to stdout instead of rotating log files. Enable in containerised deployments where stdout is collected by the platform. Defaults to: False.
* CELERY_LOGLEVEL: Log level for Celery workers. One of DEBUG, INFO, WARNING, ERROR, CRITICAL. Defaults to: INFO.
* LOG_FORMAT_CONSOLE: Formatter to use for console log output. Use ‘json’ for machine-readable output or ‘plain_console’ for human-readable output. Defaults to: plain_console.
* LOG_OUTGOING_REQUESTS_DB_SAVE: Persist outgoing HTTP request logs to the database so they are viewable in the admin interface. Defaults to: True.
Email
* EMAIL_HOST: Hostname of the SMTP server used to send outgoing email. Defaults to: localhost.
* EMAIL_PORT: Port of the SMTP server. Port 25 is blocked on Google Cloud; use 587 instead. Defaults to: 25.
* EMAIL_HOST_USER: Username for SMTP authentication. Leave empty if the server does not require auth. Defaults to: (empty string).
* EMAIL_HOST_PASSWORD: Password for SMTP authentication. Defaults to: (empty string).
* EMAIL_USE_TLS: Enable STARTTLS when connecting to the SMTP server. Defaults to: False.
* DEFAULT_FROM_EMAIL: Default sender address for outgoing email. Defaults to: openinwoner@maykinmedia.nl.
Monitoring
* ENVIRONMENT: Name of the deployment environment (e.g. production, staging, review). Included in Sentry reports and the admin page title. Defaults to: (empty string).
* SENTRY_DSN: Sentry Data Source Name (DSN) for error reporting. Leave empty to disable Sentry. Defaults to: None.
* ELASTIC_APM_SECRET_TOKEN: Secret token for authenticating with the Elastic APM server. Defaults to: default.
Celery
* CELERY_TASK_HARD_TIME_LIMIT: Hard time limit in seconds for Celery tasks. A task exceeding this limit is forcibly terminated. Defaults to: 900.
* CACHE_SEEDING_QUEUE: Celery queue for cache-seeding tasks. Point this to a dedicated high-priority queue to keep warm-up latency low. Defaults to: celery.
Elasticsearch
* ES_USERNAME: Username for Elasticsearch basic authentication. Must be set together with ES_PASSWORD. Defaults to: (empty string).
* ES_PASSWORD: Password for Elasticsearch basic authentication. Must be set together with ES_USERNAME. Defaults to: (empty string).
* ES_HOST: URL of the Elasticsearch node, including scheme and port. Defaults to: http://localhost:9200.
* ES_INDEX_PRODUCTS: Elasticsearch index name for PDC product records. Defaults to: products.
* ES_INDEX_CMS_PAGES: Elasticsearch index name for CMS page records. Defaults to: cms_pages.
* RESULTS_PER_PAGE: Number of search results shown per page. Defaults to: 9.
Authentication
* DIGID_ENABLED: Enable DigiD authentication. Set to False to hide DigiD login options. Defaults to: True.
* DIGID_MOCK: Use the DigiD mock backend instead of the real SAML integration. Must be False in production. Defaults to: True.
* EHERKENNING_MOCK: Use the eHerkenning mock backend instead of the real SAML integration. Must be False in production. Defaults to: True.
* ACCOUNTS_SMS_GATEWAY_BACKEND: Python dotted path to the SMS gateway backend class. Use the Dummy backend for local development. Defaults to: open_inwoner.accounts.gateways.Dummy.
* ACCOUNTS_SMS_GATEWAY_API_KEY: API key for the configured SMS gateway. Defaults to: openinwoner.
* ACCOUNTS_SMS_GATEWAY_ORIGINATOR: Sender name or number shown on SMS messages (max 11 alphanumeric characters). Defaults to: Gemeente.
Optional
* ELASTICSEARCH_DSL_AUTO_REFRESH: Defaults to: True.
* ELASTICSEARCH_DSL_AUTOSYNC: Defaults to: True.