Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/bentlyy/Clinica/llms.txt

Use this file to discover all available pages before exploring further.

Clinica reads its configuration from environment variables at startup. In local development these are loaded from a .env file in the repository root. In production you should supply them through your platform’s secret management tooling — never by committing .env to version control.
Change secrets before any production deployment. The default values for jwt_secret and the database password in .env are public. Using them in production exposes your application to trivial attacks. The .env file itself should be added to .gitignore and never committed to version control.

Database

The API uses a single connection string to reach PostgreSQL. This is read by src/shared/db.js via the pg library’s Pool.
DATABASE_URL
string
required
Full PostgreSQL connection string. The API passes this directly to new Pool({ connectionString }).Default (docker-compose): postgresql://postgres:postgres@db:5432/clinicThe hostname db refers to the db service in docker-compose.yml. Change this to your database server’s hostname in any other environment.

Server

PORT
number
The port the API HTTP server listens on.Default: 3000

Authentication

JWT_SECRET
string
required
Secret key used to sign and verify JSON Web Tokens. Anyone who obtains this value can forge valid authentication tokens for any user in your system.Default: secret123 (insecure fallback in source)
This default value is publicly known. You must replace it with a long, random string before deploying to any environment that is accessible from the internet. Use uppercase JWT_SECRET in your .env file. Generate a secure value with:
node -e "console.log(require('crypto').randomBytes(48).toString('hex'))"

Email

Clinica sends appointment reminder emails via Gmail using Nodemailer. Both variables must be set for email delivery to work.
EMAIL_USER
string
The Gmail address used as the sender. This address appears in the from field of all outgoing emails ("Clinic App" <EMAIL_USER>).Default: your_email@example.com (placeholder — must be replaced)
EMAIL_PASS
string
The Gmail account password, or an app-specific password if two-factor authentication is enabled on the account. Google requires an app password when 2FA is active.Default: your_email_password (placeholder — must be replaced)
If you do not need email reminders, you can leave EMAIL_USER and EMAIL_PASS unset. Reminder jobs will fail silently rather than crashing the API, but all other functionality remains unaffected.

Example .env file

The repository ships with a .env file containing placeholder values. Replace every value marked below before running in any non-local environment.
.env
# Database — change password in production
DATABASE_URL=postgresql://postgres:postgres@db:5432/clinic

# Server
PORT=3000

# Authentication — MUST be changed before production use
JWT_SECRET=change-this-to-a-long-random-string

# Email (Gmail) — replace with real credentials
EMAIL_USER=your_email@example.com
EMAIL_PASS=your_email_password
Add .env to your .gitignore file. Committing real credentials to a repository — even a private one — is a significant security risk.

Build docs developers (and LLMs) love

Get started for freeTalk to us