Enables/disables authentication with basic credentials. Username and passwords are stored encrypted at rest within the postgres database. Checkout the [auth docs](/self-hosting/configuration/authentication) for more info
| | `AUTH_EMAIL_CODE_LOGIN_ENABLED` | `false` |Enables/disables authentication with a login code that's sent to a users email. `SMTP_CONNECTION_URL` and `EMAIL_FROM_ADDRESS` must also be set. Checkout the [auth docs](/self-hosting/configuration/authentication) for more info
| | `AUTH_SECRET` | Automatically generated at startup if no value is provided. Generated using `openssl rand -base64 33` |Used to validate login session cookies
| | `AUTH_URL` | - |URL of your Sourcebot deployment, e.g., `https://example.com` or `http://localhost:3000`.
| | `CONFIG_PATH` | `-` |The container relative path to the declerative configuration file. See [this doc](/self-hosting/configuration/declarative-config) for more info.
| | `DATA_CACHE_DIR` | `$DATA_DIR/.sourcebot` |The root data directory in which all data written to disk by Sourcebot will be located.
| | `DATA_DIR` | `/data` |The directory within the container to store all persistent data. Typically, this directory will be volume mapped such that data is persisted across container restarts (e.g., `docker run -v $(pwd):/data`)
| | `DATABASE_DATA_DIR` | `$DATA_CACHE_DIR/db` |The data directory for the default Postgres database.
| | `DATABASE_URL` | `postgresql://postgres@ localhost:5432/sourcebot` |Connection string of your Postgres database. By default, a Postgres database is automatically provisioned at startup within the container.
If you'd like to use a non-default schema, you can provide it as a parameter in the database url
| | `EMAIL_FROM_ADDRESS` | `-` |The email address that transactional emails will be sent from. See [this doc](/self-hosting/configuration/transactional-emails) for more info.
| | `REDIS_DATA_DIR` | `$DATA_CACHE_DIR/redis` |The data directory for the default Redis instance.
| | `REDIS_URL` | `redis://localhost:6379` |Connection string of your Redis instance. By default, a Redis database is automatically provisioned at startup within the container.
| | `SHARD_MAX_MATCH_COUNT` | `10000` |The maximum shard count per query
| | `SMTP_CONNECTION_URL` | `-` |The url to the SMTP service used for sending transactional emails. See [this doc](/self-hosting/configuration/transactional-emails) for more info.
| | `SOURCEBOT_ENCRYPTION_KEY` | Automatically generated at startup if no value is provided. Generated using `openssl rand -base64 24` |Used to encrypt connection secrets and generate API keys.
| | `SOURCEBOT_LOG_LEVEL` | `info` |The Sourcebot logging level. Valid values are `debug`, `info`, `warn`, `error`, in order of severity.
| | `SOURCEBOT_TELEMETRY_DISABLED` | `false` |Enables/disables telemetry collection in Sourcebot. See [this doc](/self-hosting/security/telemetry) for more info.
| | `TOTAL_MAX_MATCH_COUNT` | `100000` |The maximum number of matches per query
| | `ZOEKT_MAX_WALL_TIME_MS` | `10000` |The maximum real world duration (in milliseconds) per zoekt query
| ### Enterprise Environment Variables | Variable | Default | Description | | :------- | :------ | :---------- | | `AUTH_EE_ENABLE_JIT_PROVISIONING` | `false` |Enables/disables just-in-time user provisioning for SSO providers.
| | `AUTH_EE_GITHUB_BASE_URL` | `https://github.com` |The base URL for GitHub Enterprise SSO authentication.
| | `AUTH_EE_GITHUB_CLIENT_ID` | `-` |The client ID for GitHub Enterprise SSO authentication.
| | `AUTH_EE_GITHUB_CLIENT_SECRET` | `-` |The client secret for GitHub Enterprise SSO authentication.
| | `AUTH_EE_GITLAB_BASE_URL` | `https://gitlab.com` |The base URL for GitLab Enterprise SSO authentication.
| | `AUTH_EE_GITLAB_CLIENT_ID` | `-` |The client ID for GitLab Enterprise SSO authentication.
| | `AUTH_EE_GITLAB_CLIENT_SECRET` | `-` |The client secret for GitLab Enterprise SSO authentication.
| | `AUTH_EE_GOOGLE_CLIENT_ID` | `-` |The client ID for Google SSO authentication.
| | `AUTH_EE_GOOGLE_CLIENT_SECRET` | `-` |The client secret for Google SSO authentication.
| | `AUTH_EE_KEYCLOAK_CLIENT_ID` | `-` |The client ID for Keycloak SSO authentication.
| | `AUTH_EE_KEYCLOAK_CLIENT_SECRET` | `-` |The client secret for Keycloak SSO authentication.
| | `AUTH_EE_KEYCLOAK_ISSUER` | `-` |The issuer URL for Keycloak SSO authentication.
| | `AUTH_EE_OKTA_CLIENT_ID` | `-` |The client ID for Okta SSO authentication.
| | `AUTH_EE_OKTA_CLIENT_SECRET` | `-` |The client secret for Okta SSO authentication.
| | `AUTH_EE_OKTA_ISSUER` | `-` |The issuer URL for Okta SSO authentication.
| ### Review Agent Environment Variables | Variable | Default | Description | | :------- | :------ | :---------- | | `GITHUB_APP_ID` | `-` |The GitHub App ID used for review agent authentication.
| | `GITHUB_APP_PRIVATE_KEY_PATH` | `-` |The container relative path to the private key file for the GitHub App used by the review agent.
| | `GITHUB_APP_WEBHOOK_SECRET` | `-` |The webhook secret for the GitHub App used by the review agent.
| | `OPENAI_API_KEY` | `-` |The OpenAI API key used by the review agent.
| | `REVIEW_AGENT_API_KEY` | `-` |The Sourcebot API key used by the review agent.
| | `REVIEW_AGENT_AUTO_REVIEW_ENABLED` | `false` |Enables/disables automatic code reviews by the review agent.
| | `REVIEW_AGENT_LOGGING_ENABLED` | `true` |Enables/disables logging for the review agent. Logs are saved in `DATA_CACHE_DIR/review-agent`
| | `REVIEW_AGENT_REVIEW_COMMAND` | `review` |The command used to trigger a code review by the review agent.
|