Kantuta POS Backend is configured exclusively through environment variables — there are no hard-coded connection strings or secrets in the source code. Every module (TypeORM, Redis cache, JWT, Nodemailer, Resend, and the AI assistant) reads its configuration fromDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/Eleazarguitar18/kantuta_pos_back/llms.txt
Use this file to discover all available pages before exploring further.
process.env via NestJS ConfigService at startup. This page is the single authoritative reference for every variable the application recognises, what it controls, and whether it is required or optional.
Creating your .env file
The simplest way to get started is to copy the example file shipped with the repository:.env.example is present, create .env manually in the project root and populate it using the reference below.
Database
Kantuta POS uses TypeORM with a PostgreSQL driver. All connection details are read at startup; the application will throw if any required variable is missing.Hostname or IP address of the PostgreSQL server. When running PostgreSQL on your Docker host, use
host.docker.internal. For a managed cloud database, use the provided hostname.Example: localhostTCP port PostgreSQL is listening on.Default:
5432PostgreSQL role (username) used to authenticate the connection.Example:
kantuta_userPassword for the PostgreSQL role specified in
DATABASE_USER.Name of the PostgreSQL database. The database must exist before starting the application; TypeORM will create tables inside it but will not create the database itself.Example:
kantuta_posSet to
"true" to enable SSL/TLS for the database connection. Evaluated as a string comparison (=== 'true'), so any other value (including absence) disables SSL.Default: false (SSL disabled)Example: trueRedis
The Redis connection is used for the NestJSCacheModule (powered by @keyv/redis). You can supply either a full connection URL or individual host/port/credentials — the config resolves the URL first if present, then falls back to building one from the individual variables.
Hostname of the Redis server. When running Redis on your Docker host, use
host.docker.internal.Example: localhostTCP port Redis is listening on.Default:
6379Password for Redis authentication (
requirepass). Leave unset or empty for password-free local instances.Redis ACL username (Redis 6+ with ACL enabled). Leave unset for the default (
default) user or password-only authentication.Full Redis connection URL. When set, this takes precedence over
REDIS_HOST, REDIS_PORT, REDIS_USER, and REDIS_PASSWORD. Useful for cloud Redis providers that supply a single connection string.Example: redis://:[email protected]:6379JWT
The JWT configuration is validated on startup — the application will throw ifJWT_SECRET is absent.
Secret key used to sign and verify access tokens. Use a cryptographically random string of at least 32 characters. Treat this value with the same care as a database password.Example:
a_very_long_random_string_at_least_32_charsExpiry duration for access tokens, expressed as a ms string or a number of seconds.Default:
8h (falls back to this value in jwt.config.ts if unset)Example: 1h, 15m, 3600Secret key for signing refresh tokens. Should be distinct from
JWT_SECRET. Required only if the refresh-token flow is active.Expiry duration for refresh tokens.Example:
7d, 30dApplication
HTTP port the NestJS server binds to inside the container.Default:
3000Runtime environment. Affects NestJS behaviour (e.g. error detail in responses) and is used by the database config to gate auto-migration features.Accepted values:
development | productionEmail — SMTP (Nodemailer)
Kantuta POS Backend uses@nestjs-modules/mailer with Nodemailer for transactional emails via SMTP. These variables are consumed by mail.module.ts.
SMTP server hostname.Example:
smtp.gmail.com, smtp.mailgun.orgSMTP server port.Common values:
587 (STARTTLS), 465 (SSL), 25 (plain)Set to
"true" to use implicit TLS (port 465). For STARTTLS (port 587) leave this unset or set to "false".Example: falseSMTP authentication username — typically your full email address.Example:
[email protected]SMTP authentication password or app-specific password (required by providers like Gmail when 2FA is enabled).
Set to
"true" to enforce strict TLS certificate validation. Set to "false" only in trusted private networks where the SMTP server uses a self-signed certificate.Default: falseEmail — Resend
As an alternative (or complement) to SMTP, theMailService also supports Resend for transactional email delivery.
API key obtained from your Resend dashboard. Required when using Resend as the email transport.Example:
re_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxAI Services (optional)
API key for Groq. Used by the
AiAssistantService which powers the Kantu AI assistant via the llama-3.3-70b-versatile model routed through Groq’s OpenAI-compatible endpoint. If absent the AI assistant module will fail to initialise.API key for Google Gemini. Intended for the
GeminiModule, which is present in the project but not yet implemented — GeminiService currently contains no logic. Leave unset; this variable is not read by any active code.Sample .env template
Copy this template into your.env file and fill in the values:
Note on TypeORM synchronize
The database configuration currently sets synchronize: true, which instructs TypeORM to automatically update the database schema on every application startup to match your entity definitions. This is convenient during development but carries risk in production — a schema change can result in data loss if columns are dropped or renamed.
For production deployments, consider setting
synchronize: false in database.config.ts (the commented-out alternative is already present in the source) and managing schema changes through TypeORM migrations instead. Run npm run typeorm migration:generate and npm run typeorm migration:run as part of your deployment pipeline.