Documentation Index
Fetch the complete documentation index at: https://mintlify.com/CapSoftware/Cap/llms.txt
Use this file to discover all available pages before exploring further.
Cap is configured entirely through environment variables. This reference documents all available options.
Quick Reference
These must be set for Cap to function:DATABASE_URL=mysql://cap:password@mysql:3306/cap
WEB_URL=https://cap.yourdomain.com
NEXTAUTH_URL=https://cap.yourdomain.com
NEXTAUTH_SECRET=your-32-byte-secret
DATABASE_ENCRYPTION_KEY=your-32-byte-hex-key
CAP_AWS_BUCKET=cap
CAP_AWS_REGION=us-east-1
Critical for production security:NEXTAUTH_SECRET=generate-with-openssl-rand-hex-32
DATABASE_ENCRYPTION_KEY=generate-with-openssl-rand-hex-32
MEDIA_SERVER_WEBHOOK_SECRET=generate-with-openssl-rand-hex-32
Enhance functionality:RESEND_API_KEY=re_xxxxx
RESEND_FROM_DOMAIN=yourdomain.com
DEEPGRAM_API_KEY=your-key
GROQ_API_KEY=your-key
General Configuration
DATABASE_URL
Required | MySQL connection string
DATABASE_URL=mysql://user:password@host:port/database
mysql://[user]:[password]@[host]:[port]/[database]
DATABASE_URL=mysql://cap:password@mysql:3306/cap
Cap requires MySQL 8.0+. MariaDB or other databases are not officially supported.
WEB_URL
Required | Public URL where Cap is accessible
WEB_URL=https://cap.yourdomain.com
- Generating share links
- Email login links
- OAuth redirect URLs
- Desktop app connections
For local development, use http://localhost:3000
NEXTAUTH_URL
Required | Should match WEB_URL
NEXTAUTH_URL=https://cap.yourdomain.com
WEB_URL.
NEXTAUTH_SECRET
Required | 32-byte secret for session encryption
NEXTAUTH_SECRET=abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789
Critical for security: Protects user sessions. Anyone with this secret can forge authentication tokens. Use a unique value for each deployment.
DATABASE_ENCRYPTION_KEY
Optional but strongly recommended | 32-byte hex string
DATABASE_ENCRYPTION_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
- AWS access keys
- API keys stored in database
- OAuth tokens
Changing this key will make existing encrypted data unreadable. Back up before changing.
Storage (S3) Configuration
CAP_AWS_BUCKET
Required | S3 bucket name
The bucket where videos and thumbnails are stored.
CAP_AWS_REGION
Required | AWS region or equivalent
For MinIO or non-AWS providers, use any valid AWS region format (e.g., us-east-1).
CAP_AWS_ACCESS_KEY
Optional | S3 access key ID
CAP_AWS_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE
MINIO_ROOT_USER.
For AWS S3, use your IAM access key.
CAP_AWS_SECRET_KEY
Optional | S3 secret access key
CAP_AWS_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
MINIO_ROOT_PASSWORD.
For AWS S3, use your IAM secret key.
S3_PUBLIC_ENDPOINT
Optional | Public URL for S3 access
S3_PUBLIC_ENDPOINT=https://s3.yourdomain.com
S3_PUBLIC_ENDPOINT=http://localhost:9000
- Video playback URLs
- Thumbnail URLs
- Direct file access
S3_INTERNAL_ENDPOINT
Optional | Internal endpoint for S3 access from server
S3_INTERNAL_ENDPOINT=http://minio:9000
- Server-to-S3 communication can use internal network
- Avoiding public internet for uploads (cost, speed)
- Docker container networking
If not set, falls back to S3_PUBLIC_ENDPOINT.
S3_PATH_STYLE
Optional | Use path-style URLs (default: true)
true: http://endpoint/bucket/key (MinIO, Backblaze)false: http://bucket.endpoint/key (AWS S3)
MinIO and most S3-compatible providers require S3_PATH_STYLE=true.
AWS S3 works with both but defaults to false.
CAP_AWS_BUCKET_URL
Optional | Custom public URL for bucket (CloudFront)
CAP_AWS_BUCKET_URL=https://cdn.yourdomain.com
CloudFront Configuration
Optional | For signed CloudFront URLs
CAP_CLOUDFRONT_DISTRIBUTION_ID=E1234567890ABC
CLOUDFRONT_KEYPAIR_ID=APKAXXXXXXXXXXXXXXXX
CLOUDFRONT_KEYPAIR_PRIVATE_KEY=-----BEGIN PRIVATE KEY-----\n...
Email Configuration
RESEND_API_KEY
Optional | Resend API key for email sending
RESEND_API_KEY=re_xxxxxxxxxxxxx
- Login links appear in server logs
- No email notifications
RESEND_FROM_DOMAIN
Optional | Verified domain for sending emails
RESEND_FROM_DOMAIN=yourdomain.com
noreply@yourdomain.com
Authentication
Google OAuth
Optional | Enable Google login
GOOGLE_CLIENT_ID=xxxxx.apps.googleusercontent.com
GOOGLE_CLIENT_SECRET=GOCSPX-xxxxx
- Create project in Google Cloud Console
- Enable Google+ API
- Create OAuth 2.0 credentials
- Add authorized redirect URI:
https://yourdomain.com/api/auth/callback/google
WorkOS SSO
Optional | Enterprise SSO via WorkOS
WORKOS_CLIENT_ID=client_xxxxx
WORKOS_API_KEY=sk_xxxxx
AI Features
DEEPGRAM_API_KEY
Optional | Audio transcription
DEEPGRAM_API_KEY=xxxxxxxxxxxxx
- Automatic video transcription
- Searchable captions
- Accessibility features
Get from deepgram.com
GROQ_API_KEY
Optional | Fast AI summaries (recommended)
Enables AI-generated video summaries using Groq’s fast LLM inference.
Get from groq.com
OPENAI_API_KEY
Optional | AI summaries via OpenAI
Fallback for AI summaries if GROQ_API_KEY not set.
Get from platform.openai.com
ANTHROPIC_API_KEY
Optional | Claude AI chat
ANTHROPIC_API_KEY=sk-ant-xxxxx
REPLICATE_API_TOKEN
Optional | Audio enhancement
REPLICATE_API_TOKEN=r8_xxxxx
SUPERMEMORY_API_KEY
Optional | Supermemory integration
SUPERMEMORY_API_KEY=xxxxx
SUPERMEMORY_KNOWLEDGE_TAG=cap
MEDIA_SERVER_URL=http://media-server:3456
http://media-server:3456
For external media server, use public URL.
Optional but recommended | Webhook authentication
MEDIA_SERVER_WEBHOOK_SECRET=generate-with-openssl-rand-hex-32
MEDIA_SERVER_WEBHOOK_URL=http://cap-web:3000
http://cap-web:3000
For Docker Desktop on Mac/Windows, use host.docker.internal:
MEDIA_SERVER_WEBHOOK_URL=http://host.docker.internal:3000
Application Settings
CAP_VIDEOS_DEFAULT_PUBLIC
Optional | Default video visibility (default: true)
CAP_VIDEOS_DEFAULT_PUBLIC=false
true: Videos are public by defaultfalse: Videos are private by default
CAP_ALLOWED_SIGNUP_DOMAINS
Optional | Restrict signups to specific domains
CAP_ALLOWED_SIGNUP_DOMAINS=company.com,partner.com
@acme.com emails:
CAP_ALLOWED_SIGNUP_DOMAINS=acme.com
Analytics & Monitoring
Tinybird Analytics
Optional | Video analytics via Tinybird
TINYBIRD_HOST=https://api.tinybird.co
TINYBIRD_TOKEN=p.xxxxx
- View analytics
- Play duration tracking
- Geographic analytics
- Engagement metrics
See Cap analytics setup for provisioning.
PostHog
Optional | Product analytics
POSTHOG_PERSONAL_API_KEY=phx_xxxxx
Cap Cloud Variables
These variables are only needed for hosting Cap as a paid SaaS like cap.so. Self-hosters can ignore these.
Stripe Payments
STRIPE_SECRET_KEY=sk_xxxxx
STRIPE_WEBHOOK_SECRET=whsec_xxxxx
Discord Webhooks
DISCORD_FEEDBACK_WEBHOOK_URL=https://discord.com/api/webhooks/xxxxx
DISCORD_LOGS_WEBHOOK_URL=https://discord.com/api/webhooks/xxxxx
Dub.co Link Shortening
Shorten share links via Dub.co.
Vercel Integration
VERCEL_ENV=production
VERCEL_TEAM_ID=team_xxxxx
VERCEL_PROJECT_ID=prj_xxxxx
VERCEL_AUTH_TOKEN=xxxxx
VERCEL_AWS_ROLE_ARN=arn:aws:iam::xxxxx
MySQL Configuration
These are for the MySQL container in Docker Compose. Not needed if using external database.
MYSQL_PASSWORD
MYSQL_PASSWORD=your-secure-password
cap MySQL user.
MYSQL_ROOT_PASSWORD
MYSQL_ROOT_PASSWORD=your-root-password
root user.
MinIO Configuration
These are for the MinIO container in Docker Compose. Not needed if using AWS S3 or other providers.
MINIO_ROOT_USER
MinIO admin username.
MINIO_ROOT_PASSWORD
MINIO_ROOT_PASSWORD=your-secure-password
Port Configuration
CAP_PORT
Optional | Port for Cap web (default: 3000)
Change if port 3000 is in use.
MINIO_PORT
Optional | MinIO API port (default: 9000)
MINIO_CONSOLE_PORT
Optional | MinIO web console (default: 9001)
Environment File Example
Complete .env file for production:
# Public URLs
WEB_URL=https://cap.yourdomain.com
NEXTAUTH_URL=https://cap.yourdomain.com
S3_PUBLIC_ENDPOINT=https://s3.yourdomain.com
# Security (generate with: openssl rand -hex 32)
NEXTAUTH_SECRET=your-generated-secret
DATABASE_ENCRYPTION_KEY=your-generated-key
MEDIA_SERVER_WEBHOOK_SECRET=your-generated-secret
# Database
DATABASE_URL=mysql://cap:password@mysql:3306/cap
MYSQL_PASSWORD=your-mysql-password
MYSQL_ROOT_PASSWORD=your-root-password
# S3 Storage
CAP_AWS_BUCKET=cap
CAP_AWS_REGION=us-east-1
CAP_AWS_ACCESS_KEY=capadmin
CAP_AWS_SECRET_KEY=your-minio-password
S3_INTERNAL_ENDPOINT=http://minio:9000
S3_PATH_STYLE=true
# MinIO
MINIO_ROOT_USER=capadmin
MINIO_ROOT_PASSWORD=your-minio-password
# Email (optional)
RESEND_API_KEY=re_xxxxx
RESEND_FROM_DOMAIN=yourdomain.com
# AI Features (optional)
DEEPGRAM_API_KEY=xxxxx
GROQ_API_KEY=gsk_xxxxx
# Media Server
MEDIA_SERVER_URL=http://media-server:3456
MEDIA_SERVER_WEBHOOK_URL=http://cap-web:3000
# Settings
CAP_VIDEOS_DEFAULT_PUBLIC=true
Validation
Cap validates environment variables on startup. Check logs for errors:
docker compose logs cap-web | grep -i error
- Missing required variables
- Invalid URL formats
- Incorrect secret lengths
- Database connection failures
Next Steps
S3 Storage
Detailed S3 configuration guides
Email Setup
Configure email delivery
SSL/HTTPS
Secure your deployment
Troubleshooting
Debug configuration issues