.env.template

# Get a free trial key from https://www.xlwings.org/trial
XLWINGS_LICENSE_KEY="your_license_key"

# Use one of "dev", "qa", "uat", "staging", or "prod". "dev" will activate hotreload for
# the task pane and other dev-specific features. This setting also takes care of loading
# the correct ID in the manifest. Except for "prod", the environment name will show up
# in the add-in name (ProjectName [dev]) and custom functions (NAMESPACE_DEV.MYFUNC)
XLWINGS_ENVIRONMENT="dev"

# Secret key is generated by "python run.py init"
XLWINGS_SECRET_KEY=""

# This sets the HTTP response headers recommended by OWASP. Some of the headers have to
# be less restrictive if XLWINGS_ENABLE_EXCEL_ONLINE=true. Note that this only applies
# to xlwings Server, not xlwings Wasm.
# XLWINGS_ADD_SECURITY_HEADERS=true

# If you mount xlwings Server on a non-root path (e.g., https://my.domain.com/myapp)
# via a reverse proxy such as nginx, you need to set this to: "/myapp". You most likely
# also need to set the XLWINGS_STATIC_URL_PATH="/myapp/static"
# XLWINGS_APP_PATH=""

# To authenticate users, provide the Auth providers as list.
# E.g, to enable Entra ID SSO auth: XLWINGS_AUTH_PROVIDERS=["entraid"]. If you want
# to accept multipe authentication methods, you will need the name as
# Auth-Provider header from the client.
# XLWINGS_AUTH_PROVIDERS=[]

# Enable Single Sign-On (SSO) via Microsoft Entra ID (previously Azure AD)
# XLWINGS_AUTH_ENTRAID_CLIENT_ID=
# XLWINGS_AUTH_ENTRAID_TENANT_ID=

# RBAC (role-based access control)
# If your auth provider supports roles, you can list the required roles here.
# E.g.: XLWINGS_AUTH_REQUIRED_ROLES=["xlwings.user"]
# XLWINGS_AUTH_REQUIRED_ROLES=[]

# Set this to true if you have users from external organizations
# XLWINGS_AUTH_ENTRAID_MULTITENANT=false

# If the add-in will be distributed via Microsoft's public add-in store, set this to
# true to load office.js via their CDN
# XLWINGS_CDN_OFFICEJS=false

# By default, xlwings Wasm uses the CDN for Pyodide. If you set this to false,
# Excel won't require any connection to the public Internet as everything will be served
# from the static file server. This, however, requires you to provide all Python wheels
# via the app/static/vendors/pyodide folder.
# XLWINGS_CDN_PYODIDE=true

# If you use the Office Scripts integration or custom functions in Excel on the web,
# you need to configure CORS. Otherwise you should disable it by setting it to an empty
# string.
# XLWINGS_CORS_ALLOW_ORIGINS=["*"]

# This allows you to override the date format for custom functions globally.
# Example: XLWINGS_DATE_FORMAT="m/d/yyyy"
# XLWINGS_DATE_FORMAT=

# This loads Alpine.js (CSP build) for client-side interactions
# see: https://alpinejs.dev/advanced/csp
# XLWINGS_ENABLE_ALPINEJS_CSP=true

# This loads Bootstrap with the xlwings theme
# XLWINGS_ENABLE_BOOTSTRAP=true

# There are various examples included under app/templates/examples. If you don't need
# them, you can disable them by setting it to false.
# XLWINGS_ENABLE_EXAMPLES=true

# Excel on the web requires less strict security headers
# XLWINGS_ENABLE_EXCEL_ONLINE=true

# Enables hot reloading of Office.js add-ins.
# Requires XLWINGS_ENVIRONMENT="dev" and XLWINGS_ENABLE_SOCKETIO=true.
# XLWINGS_ENABLE_HOTRELOAD=true

# This loads htmx for client-server interaction, see https://htmx.org
# XLWINGS_ENABLE_HTMX=true

# If true, it uses xlwings Wasm instead of xlwings Server. This will use Python
# via WASM and won't require a Python installation on the backend. This allows you to
# deploy the add-in to a static file server such as GitHub Pages or Cloudflare Pages.
# XLWINGS_ENABLE_LITE=false

# This loads Socket.io, which is required for streaming custom functions
# and can be used for realtime interaction on the task pane. Note that this must also
# be true to enable hotreloading of the taskpane during development.
# XLWINGS_ENABLE_SOCKETIO=true

# This will be prepended to all custom functions, e.g., "XLWINGS.MYFUNC". Note that
# if the environment is not "prod", it will append the environment to the namespace,
# e.g., XLWINGS_DEV to prevent name clashes when you have the same add-in from multiple
# environments installed.
# XLWINGS_FUNCTIONS_NAMESPACE="XLWINGS"

# In case xlwings Server doesn't manage to get the URL correct under /manifest, you
# can set the proper hostname here, e.g., mydomain.com (without the https://)
# XLWINGS_HOSTNAME=

# Set the log level to "DEBUG" for more details, but this can log sensitive tokens!
# XLWINGS_LOG_LEVEL="INFO"

# A Redis URL for the caching of object handles. Required for production use.
# Example: redis://host:6379/0 or rediss://host:6379/0
# XLWINGS_OBJECT_CACHE_URL=

# This setting expects a cron expression that determines when objects that are cached
# via object handles should be purged from the cache. This requires
# XLWINGS_OBJECT_CACHE_URL to be configured. By default, the object cache is purged
# every Saturday at 12:00 PM (UTC).
# XLWINGS_OBJECT_CACHE_EXPIRE_AT="0 12 * * sat"

# If true, cached objects (via object handles) will be compressed when stored in Redis.
# This requires XLWINGS_OBJECT_CACHE_URL to be configured.
# XLWINGS_OBJECT_CACHE_ENABLE_COMPRESSION=true

# This will determine the name of the add-in. If the environment is not "prod", the name
# of the environment will be shown like this: Project Name [dev]
# XLWINGS_PROJECT_NAME="xlwings Server"

# Number of seconds after which requests to the backend will timeout
# XLWINGS_REQUEST_TIMEOUT=300

# If you run the Socket.IO server in an own process, you need to configure a message
# queue, such as Redis/Valkey. E.g.: redis://host:6379/0
# XLWINGS_SOCKETIO_MESSAGE_QUEUE_URL=

# If you run the Socket.IO server in an own process, you need to set this to true for
# ONLY (!) the app that represents the Socket.IO server.
# XLWINGS_SOCKETIO_SERVER_APP=false

# The absolute path to the static files. If you set XLWINGS_APP_PATH to "/myapp", you
# likely need to change this to "/myapp/static".
# XLWINGS_STATIC_URL_PATH="/static"