Environment (.env) Reference
Prisma PHP reads configuration from your .env file at boot.
You can safely add your own variables. Changes require a restart in most environments.
Core ENV
# Authentication secret key for JWT or session encryption.
AUTH_SECRET="YVz81IfN5UwVF3jYn9hw6BxybxwtjBZi/da5Ism4YZQu"
# Name of the authentication cookie.
AUTH_COOKIE_NAME="f9968968b8e14f0d"
# PHPMailer SMTP configuration (uncomment and set as needed)
# SMTP_HOST="smtp.gmail.com" # Your SMTP host
# SMTP_USERNAME="john.doe@gmail.com" # Your SMTP username
# SMTP_PASSWORD="123456" # Your SMTP password
# SMTP_PORT="587" # 587 for TLS, 465 for SSL, or your SMTP port
# SMTP_ENCRYPTION="ssl" # ssl or tls
# MAIL_FROM="john.doe@gmail.com" # Sender email address
# MAIL_FROM_NAME="John Doe" # Sender name
# Show errors in the browser (development only). Set to false in production.
SHOW_ERRORS="true"
# Application timezone (default: UTC)
APP_TIMEZONE="UTC"
# Application environment (development or production)
APP_ENV="development"
# Enable or disable application cache (default: false)
CACHE_ENABLED="false"
# Cache time-to-live in seconds (default: 600)
CACHE_TTL="600"
# Local storage key for browser storage (auto-generated if not set).
# Spaces will be replaced with underscores and converted to lowercase.
LOCALSTORE_KEY="f055124da4da1d72cc06782b2a568d90"
# Secret key for encrypting function calls.
FUNCTION_CALL_SECRET="5ef608031a7c9677ed11699b829e1ce5de495548547a541787e80d903b13b4f4"
# Single or multiple origins (CSV or JSON array)
CORS_ALLOWED_ORIGINS=[]
# If you need cookies/Authorization across origins, keep this true
CORS_ALLOW_CREDENTIALS="true"
# Optional tuning
CORS_ALLOWED_METHODS="GET,POST,PUT,PATCH,DELETE,OPTIONS"
CORS_ALLOWED_HEADERS="Content-Type,Authorization,X-Requested-With"
CORS_EXPOSE_HEADERS=""
CORS_MAX_AGE="86400"Quick Template
# Mail (optional)
# SMTP_HOST="smtp.gmail.com"
# SMTP_USERNAME="john.doe@gmail.com"
# SMTP_PASSWORD="123456"
# SMTP_PORT="587" # 587 (TLS) or 465 (SSL)
# SMTP_ENCRYPTION="ssl" # ssl or tls
# MAIL_FROM="john.doe@gmail.com"
# MAIL_FROM_NAME="John Doe"
# MCP Server (optional)
MCP_NAME="prisma-php-mcp"
MCP_VERSION="0.1.0"
MCP_HOST="127.0.0.1"
MCP_PORT="4000"
MCP_PATH_PREFIX="mcp"
MCP_JSON_RESPONSE="true"
# Prisma ORM (optional)
# Environment variables declared in this file are automatically made available to Prisma.
# Docs: https://pris.ly/d/prisma-schema#accessing-environment-variables-from-the-schema
# Connection strings: https://pris.ly/d/connection-strings
DATABASE_URL="postgresql://johndoe:randompassword@localhost:5432/mydb?schema=public"Core
| Variable | Default | Description |
|---|---|---|
APP_ENV |
development |
Environment name. Use production in prod. |
APP_TIMEZONE |
UTC |
PHP timezone used by the app. |
SHOW_ERRORS |
true |
Show detailed errors (set false in production). |
Authentication
| Variable | Example | Description |
|---|---|---|
AUTH_SECRET |
… |
Secret used for JWT/session encryption. Keep private. |
AUTH_COOKIE_NAME |
app_auth |
Name of the auth cookie. |
Mail (PHPMailer)
Leave unset to disable email features.
| Variable | Example | Description |
|---|---|---|
SMTP_HOST |
smtp.gmail.com |
SMTP server host. |
SMTP_USERNAME |
john.doe@gmail.com |
SMTP username/login. |
SMTP_PASSWORD |
•••••• |
SMTP password or app password. |
SMTP_PORT |
587 |
Port (587 TLS, 465 SSL, etc). |
SMTP_ENCRYPTION |
ssl |
ssl or tls. |
MAIL_FROM |
john.doe@gmail.com |
From address. |
MAIL_FROM_NAME |
John Doe |
From display name. |
Cache
| Variable | Default | Description |
|---|---|---|
CACHE_ENABLED |
false |
Enable app-level caching where supported. |
CACHE_TTL |
600 |
Cache TTL (seconds). |
Local Storage
| Variable | Example | Description |
|---|---|---|
LOCALSTORE_KEY |
1ad104…f1633 |
Key used in browser storage helpers. Auto-generated if not set. |
Security Keys
| Variable | Description |
|---|---|
FUNCTION_CALL_SECRET |
Used to sign/verify sensitive function calls. |
CORS
Control which origins can access your API from the browser. You can pass a CSV string or a JSON array to
CORS_ALLOWED_ORIGINS.
Use [] to block all cross-origin requests (same-origin only).
# Allow none (same-origin only)
CORS_ALLOWED_ORIGINS=[]
# CSV (comma-separated)
CORS_ALLOWED_ORIGINS="https://app.example.com,https://admin.example.com"
# JSON array
CORS_ALLOWED_ORIGINS=["https://app.example.com","https://admin.example.com"]
# Credentials and fine-tuning
CORS_ALLOW_CREDENTIALS="true"
CORS_ALLOWED_METHODS="GET,POST,PUT,PATCH,DELETE,OPTIONS"
CORS_ALLOWED_HEADERS="Content-Type,Authorization,X-Requested-With"
CORS_EXPOSE_HEADERS=""
CORS_MAX_AGE="86400"
Note: If you need cookies or Authorization headers across origins, keep
CORS_ALLOW_CREDENTIALS="true" and ensure your allowed origins are explicit (no *).
MCP Server (Custom)
These power your src/Lib/MCP/mcp-server.php.
| Variable | Default | Description |
|---|---|---|
MCP_NAME |
prisma-php-mcp |
Display name of your MCP service. |
MCP_VERSION |
0.0.1 |
Service version. |
MCP_HOST |
127.0.0.1 |
Bind address for HTTP transport. |
MCP_PORT |
4000 |
Port to listen on. |
MCP_PATH_PREFIX |
mcp |
Path prefix (e.g., /mcp). |
MCP_JSON_RESPONSE |
false |
Enable plain JSON responses for debugging/inspecting. |
Tip: For live inspection & testing, use the Inspector: docs.
# Start your MCP server (recommended)
npm run dev
# Or run directly with PHP if needed
php src/Lib/MCP/mcp-server.php
# Inspect it from another terminal
npx @modelcontextprotocol/inspector http://127.0.0.1:4000/mcpPrisma ORM (Optional)
Variables in .env are available to your Prisma schema.
See Prisma docs and
connection strings.
# PostgreSQL example
DATABASE_URL="postgresql://johndoe:randompassword@localhost:5432/mydb?schema=public"