sourcebot/docs/self-hosting/configuration/environment-variables.mdx

---
title: Environment Variables 
sidebarTitle: Environment Variables 
---

<Note>This page provides a detailed reference of all environment variables supported by Sourcebot. If you're just looking to get up and running, we recommend starting with the [getting started](/self-hosting/overview) guide instead.</Note>

### Core Environment Variables
The following environment variables allow you to configure your Sourcebot deployment.

| Variable | Default | Description |
| :------- | :------ | :---------- |
| `AUTH_CREDENTIALS_LOGIN_ENABLED` | `true` | <p>Enables/disables authentication with basic credentials. Username and passwords are stored encrypted at rest within the postgres database. Checkout the [auth docs](/self-hosting/configuration/authentication) for more info</p> |
| `AUTH_EMAIL_CODE_LOGIN_ENABLED` | `false` | <p>Enables/disables authentication with a login code that's sent to a users email. `SMTP_CONNECTION_URL` and `EMAIL_FROM_ADDRESS` must also be set. Checkout the [auth docs](/self-hosting/configuration/authentication) for more info </p> |
| `AUTH_SECRET` | Automatically generated at startup if no value is provided. Generated using `openssl rand -base64 33` | <p>Used to validate login session cookies</p> |
| `AUTH_URL` | - | <p>URL of your Sourcebot deployment, e.g., `https://example.com` or `http://localhost:3000`.</p> |
| `CONFIG_PATH` | `-` | <p>The container relative path to the declerative configuration file. See [this doc](/self-hosting/configuration/declarative-config) for more info.</p> | 
| `DATA_CACHE_DIR` | `$DATA_DIR/.sourcebot` | <p>The root data directory in which all data written to disk by Sourcebot will be located.</p> |
| `DATA_DIR` | `/data` | <p>The directory within the container to store all persistent data. Typically, this directory will be volume mapped such that data is persisted across container restarts (e.g., `docker run -v $(pwd):/data`)</p> |
| `DATABASE_DATA_DIR` | `$DATA_CACHE_DIR/db` | <p>The data directory for the default Postgres database.</p> |
| `DATABASE_URL` | `postgresql://postgres@ localhost:5432/sourcebot` | <p>Connection string of your Postgres database. By default, a Postgres database is automatically provisioned at startup within the container.</p><p>If you'd like to use a non-default schema, you can provide it as a parameter in the database url </p> |
| `EMAIL_FROM_ADDRESS` | `-` | <p>The email address that transactional emails will be sent from. See [this doc](/self-hosting/configuration/transactional-emails) for more info.</p> | 
| `REDIS_DATA_DIR` | `$DATA_CACHE_DIR/redis` | <p>The data directory for the default Redis instance.</p> |
| `REDIS_URL` | `redis://localhost:6379` | <p>Connection string of your Redis instance. By default, a Redis database is automatically provisioned at startup within the container.</p> |
| `SHARD_MAX_MATCH_COUNT` | `10000` | <p>The maximum shard count per query</p> |
| `SMTP_CONNECTION_URL` | `-` | <p>The url to the SMTP service used for sending transactional emails. See [this doc](/self-hosting/configuration/transactional-emails) for more info.</p> |
| `SOURCEBOT_ENCRYPTION_KEY` | Automatically generated at startup if no value is provided. Generated using `openssl rand -base64 24` | <p>Used to encrypt connection secrets and generate API keys.</p> |
| `SOURCEBOT_LOG_LEVEL` | `info` | <p>The Sourcebot logging level. Valid values are `debug`, `info`, `warn`, `error`, in order of severity.</p> |
| `SOURCEBOT_TELEMETRY_DISABLED` | `false` | <p>Enables/disables telemetry collection in Sourcebot. See [this doc](/self-hosting/security/telemetry) for more info.</p> |
| `TOTAL_MAX_MATCH_COUNT` | `100000` | <p>The maximum number of matches per query</p> |
| `ZOEKT_MAX_WALL_TIME_MS` | `10000` | <p>The maximum real world duration (in milliseconds) per zoekt query</p> | 

### Enterprise Environment Variables
| Variable | Default | Description |
| :------- | :------ | :---------- |
| `AUTH_EE_ENABLE_JIT_PROVISIONING` | `false` | <p>Enables/disables just-in-time user provisioning for SSO providers.</p> |
| `AUTH_EE_GITHUB_BASE_URL` | `https://github.com` | <p>The base URL for GitHub Enterprise SSO authentication.</p> |
| `AUTH_EE_GITHUB_CLIENT_ID` | `-` | <p>The client ID for GitHub Enterprise SSO authentication.</p> |
| `AUTH_EE_GITHUB_CLIENT_SECRET` | `-` | <p>The client secret for GitHub Enterprise SSO authentication.</p> |
| `AUTH_EE_GITLAB_BASE_URL` | `https://gitlab.com` | <p>The base URL for GitLab Enterprise SSO authentication.</p> |
| `AUTH_EE_GITLAB_CLIENT_ID` | `-` | <p>The client ID for GitLab Enterprise SSO authentication.</p> |
| `AUTH_EE_GITLAB_CLIENT_SECRET` | `-` | <p>The client secret for GitLab Enterprise SSO authentication.</p> |
| `AUTH_EE_GOOGLE_CLIENT_ID` | `-` | <p>The client ID for Google SSO authentication.</p> |
| `AUTH_EE_GOOGLE_CLIENT_SECRET` | `-` | <p>The client secret for Google SSO authentication.</p> |
| `AUTH_EE_KEYCLOAK_CLIENT_ID` | `-` | <p>The client ID for Keycloak SSO authentication.</p> |
| `AUTH_EE_KEYCLOAK_CLIENT_SECRET` | `-` | <p>The client secret for Keycloak SSO authentication.</p> |
| `AUTH_EE_KEYCLOAK_ISSUER` | `-` | <p>The issuer URL for Keycloak SSO authentication.</p> |
| `AUTH_EE_OKTA_CLIENT_ID` | `-` | <p>The client ID for Okta SSO authentication.</p> |
| `AUTH_EE_OKTA_CLIENT_SECRET` | `-` | <p>The client secret for Okta SSO authentication.</p> |
| `AUTH_EE_OKTA_ISSUER` | `-` | <p>The issuer URL for Okta SSO authentication.</p> |


### Review Agent Environment Variables
| Variable | Default | Description |
| :------- | :------ | :---------- |
| `GITHUB_APP_ID` | `-` | <p>The GitHub App ID used for review agent authentication.</p> |
| `GITHUB_APP_PRIVATE_KEY_PATH` | `-` | <p>The container relative path to the private key file for the GitHub App used by the review agent.</p> |
| `GITHUB_APP_WEBHOOK_SECRET` | `-` | <p>The webhook secret for the GitHub App used by the review agent.</p> |
| `OPENAI_API_KEY` | `-` | <p>The OpenAI API key used by the review agent.</p> |
| `REVIEW_AGENT_API_KEY` | `-` | <p>The Sourcebot API key used by the review agent.</p> |
| `REVIEW_AGENT_AUTO_REVIEW_ENABLED` | `false` | <p>Enables/disables automatic code reviews by the review agent.</p> |
| `REVIEW_AGENT_LOGGING_ENABLED` | `true` | <p>Enables/disables logging for the review agent. Logs are saved in `DATA_CACHE_DIR/review-agent`</p> |
| `REVIEW_AGENT_REVIEW_COMMAND` | `review` | <p>The command used to trigger a code review by the review agent.</p> |
V4 (#311) Sourcebot V4 introduces authentication, performance improvements and code navigation. Checkout the [migration guide](https://docs.sourcebot.dev/self-hosting/upgrade/v3-to-v4-guide) for information on upgrading your instance to v4. ### Changed - [Breaking Change] Authentication is now required by default. Notes: - When setting up your instance, email / password login will be the default authentication provider. - The first user that logs into the instance is given the `owner` role. ([docs](https://docs.sourcebot.dev/docs/more/roles-and-permissions)). - Subsequent users can request to join the instance. The `owner` can approve / deny requests to join the instance via `Settings` > `Members` > `Pending Requests`. - If a user is approved to join the instance, they are given the `member` role. - Additional login providers, including email links and SSO, can be configured with additional environment variables. ([docs](https://docs.sourcebot.dev/self-hosting/configuration/authentication)). - Clicking on a search result now takes you to the `/browse` view. Files can still be previewed by clicking the "Preview" button or holding `Cmd` / `Ctrl` when clicking on a search result. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Added - [Sourcebot EE] Added search-based code navigation, allowing you to jump between symbol definition and references when viewing source files. [Read the documentation](https://docs.sourcebot.dev/docs/search/code-navigation). [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) - Added collapsible filter panel. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) ### Fixed - Improved scroll performance for large numbers of search results. [#315](https://github.com/sourcebot-dev/sourcebot/pull/315) 2025-05-28 23:08:42 +00:00			`---`
			`title: Environment Variables`
			`sidebarTitle: Environment Variables`
			`---`

			`<Note>This page provides a detailed reference of all environment variables supported by Sourcebot. If you're just looking to get up and running, we recommend starting with the [getting started](/self-hosting/overview) guide instead.</Note>`

			`### Core Environment Variables`
			`The following environment variables allow you to configure your Sourcebot deployment.`

			`\| Variable \| Default \| Description \|`
			`\| :------- \| :------ \| :---------- \|`
			\| `AUTH_CREDENTIALS_LOGIN_ENABLED` \| `true` \| <p>Enables/disables authentication with basic credentials. Username and passwords are stored encrypted at rest within the postgres database. Checkout the [auth docs](/self-hosting/configuration/authentication) for more info</p> \|
			\| `AUTH_EMAIL_CODE_LOGIN_ENABLED` \| `false` \| <p>Enables/disables authentication with a login code that's sent to a users email. `SMTP_CONNECTION_URL` and `EMAIL_FROM_ADDRESS` must also be set. Checkout the [auth docs](/self-hosting/configuration/authentication) for more info </p> \|
			\| `AUTH_SECRET` \| Automatically generated at startup if no value is provided. Generated using `openssl rand -base64 33` \| <p>Used to validate login session cookies</p> \|
			\| `AUTH_URL` \| - \| <p>URL of your Sourcebot deployment, e.g., `https://example.com` or `http://localhost:3000`.</p> \|
			\| `CONFIG_PATH` \| `-` \| <p>The container relative path to the declerative configuration file. See [this doc](/self-hosting/configuration/declarative-config) for more info.</p> \|
			\| `DATA_CACHE_DIR` \| `$DATA_DIR/.sourcebot` \| <p>The root data directory in which all data written to disk by Sourcebot will be located.</p> \|
			\| `DATA_DIR` \| `/data` \| <p>The directory within the container to store all persistent data. Typically, this directory will be volume mapped such that data is persisted across container restarts (e.g., `docker run -v $(pwd):/data`)</p> \|
			\| `DATABASE_DATA_DIR` \| `$DATA_CACHE_DIR/db` \| <p>The data directory for the default Postgres database.</p> \|
			\| `DATABASE_URL` \| `postgresql://postgres@ localhost:5432/sourcebot` \| <p>Connection string of your Postgres database. By default, a Postgres database is automatically provisioned at startup within the container.</p><p>If you'd like to use a non-default schema, you can provide it as a parameter in the database url </p> \|
			\| `EMAIL_FROM_ADDRESS` \| `-` \| <p>The email address that transactional emails will be sent from. See [this doc](/self-hosting/configuration/transactional-emails) for more info.</p> \|
			\| `REDIS_DATA_DIR` \| `$DATA_CACHE_DIR/redis` \| <p>The data directory for the default Redis instance.</p> \|
			\| `REDIS_URL` \| `redis://localhost:6379` \| <p>Connection string of your Redis instance. By default, a Redis database is automatically provisioned at startup within the container.</p> \|
			\| `SHARD_MAX_MATCH_COUNT` \| `10000` \| <p>The maximum shard count per query</p> \|
			\| `SMTP_CONNECTION_URL` \| `-` \| <p>The url to the SMTP service used for sending transactional emails. See [this doc](/self-hosting/configuration/transactional-emails) for more info.</p> \|
			\| `SOURCEBOT_ENCRYPTION_KEY` \| Automatically generated at startup if no value is provided. Generated using `openssl rand -base64 24` \| <p>Used to encrypt connection secrets and generate API keys.</p> \|
			\| `SOURCEBOT_LOG_LEVEL` \| `info` \| <p>The Sourcebot logging level. Valid values are `debug`, `info`, `warn`, `error`, in order of severity.</p> \|
			\| `SOURCEBOT_TELEMETRY_DISABLED` \| `false` \| <p>Enables/disables telemetry collection in Sourcebot. See [this doc](/self-hosting/security/telemetry) for more info.</p> \|
			\| `TOTAL_MAX_MATCH_COUNT` \| `100000` \| <p>The maximum number of matches per query</p> \|
			\| `ZOEKT_MAX_WALL_TIME_MS` \| `10000` \| <p>The maximum real world duration (in milliseconds) per zoekt query</p> \|

			`### Enterprise Environment Variables`
			`\| Variable \| Default \| Description \|`
			`\| :------- \| :------ \| :---------- \|`
			\| `AUTH_EE_ENABLE_JIT_PROVISIONING` \| `false` \| <p>Enables/disables just-in-time user provisioning for SSO providers.</p> \|
			\| `AUTH_EE_GITHUB_BASE_URL` \| `https://github.com` \| <p>The base URL for GitHub Enterprise SSO authentication.</p> \|
			\| `AUTH_EE_GITHUB_CLIENT_ID` \| `-` \| <p>The client ID for GitHub Enterprise SSO authentication.</p> \|
			\| `AUTH_EE_GITHUB_CLIENT_SECRET` \| `-` \| <p>The client secret for GitHub Enterprise SSO authentication.</p> \|
			\| `AUTH_EE_GITLAB_BASE_URL` \| `https://gitlab.com` \| <p>The base URL for GitLab Enterprise SSO authentication.</p> \|
			\| `AUTH_EE_GITLAB_CLIENT_ID` \| `-` \| <p>The client ID for GitLab Enterprise SSO authentication.</p> \|
			\| `AUTH_EE_GITLAB_CLIENT_SECRET` \| `-` \| <p>The client secret for GitLab Enterprise SSO authentication.</p> \|
			\| `AUTH_EE_GOOGLE_CLIENT_ID` \| `-` \| <p>The client ID for Google SSO authentication.</p> \|
			\| `AUTH_EE_GOOGLE_CLIENT_SECRET` \| `-` \| <p>The client secret for Google SSO authentication.</p> \|
			\| `AUTH_EE_KEYCLOAK_CLIENT_ID` \| `-` \| <p>The client ID for Keycloak SSO authentication.</p> \|
			\| `AUTH_EE_KEYCLOAK_CLIENT_SECRET` \| `-` \| <p>The client secret for Keycloak SSO authentication.</p> \|
			\| `AUTH_EE_KEYCLOAK_ISSUER` \| `-` \| <p>The issuer URL for Keycloak SSO authentication.</p> \|
			\| `AUTH_EE_OKTA_CLIENT_ID` \| `-` \| <p>The client ID for Okta SSO authentication.</p> \|
			\| `AUTH_EE_OKTA_CLIENT_SECRET` \| `-` \| <p>The client secret for Okta SSO authentication.</p> \|
			\| `AUTH_EE_OKTA_ISSUER` \| `-` \| <p>The issuer URL for Okta SSO authentication.</p> \|


			`### Review Agent Environment Variables`
			`\| Variable \| Default \| Description \|`
			`\| :------- \| :------ \| :---------- \|`
			\| `GITHUB_APP_ID` \| `-` \| <p>The GitHub App ID used for review agent authentication.</p> \|
			\| `GITHUB_APP_PRIVATE_KEY_PATH` \| `-` \| <p>The container relative path to the private key file for the GitHub App used by the review agent.</p> \|
			\| `GITHUB_APP_WEBHOOK_SECRET` \| `-` \| <p>The webhook secret for the GitHub App used by the review agent.</p> \|
			\| `OPENAI_API_KEY` \| `-` \| <p>The OpenAI API key used by the review agent.</p> \|
			\| `REVIEW_AGENT_API_KEY` \| `-` \| <p>The Sourcebot API key used by the review agent.</p> \|
			\| `REVIEW_AGENT_AUTO_REVIEW_ENABLED` \| `false` \| <p>Enables/disables automatic code reviews by the review agent.</p> \|
			\| `REVIEW_AGENT_LOGGING_ENABLED` \| `true` \| <p>Enables/disables logging for the review agent. Logs are saved in `DATA_CACHE_DIR/review-agent`</p> \|
			\| `REVIEW_AGENT_REVIEW_COMMAND` \| `review` \| <p>The command used to trigger a code review by the review agent.</p> \|