| title | Environment variables |
|---|---|
| sidebarTitle | Environment variables |
| mode | wide |
This page provides a detailed reference of all environment variables supported by Sourcebot. If you're just looking to get up and running, we recommend starting with the deployment guide instead.
The following environment variables allow you to configure your Sourcebot deployment.
| Variable | Default | Description |
|---|---|---|
AUTH_CREDENTIALS_LOGIN_ENABLED |
true |
Enables/disables authentication with basic credentials. Username and passwords are stored encrypted at rest within the postgres database. Checkout the auth docs for more info |
AUTH_EMAIL_CODE_LOGIN_ENABLED |
false |
Enables/disables authentication with a login code that's sent to a users email. |
AUTH_SECRET |
Automatically generated at startup if no value is provided. Generated using openssl rand -base64 33 |
Used to validate login session cookies |
AUTH_URL |
- | URL of your Sourcebot deployment, e.g., |
CONFIG_PATH |
- |
The container relative path to the declerative configuration file. See this doc for more info. |
DATA_CACHE_DIR |
$DATA_DIR/.sourcebot |
The root data directory in which all data written to disk by Sourcebot will be located. |
DATA_DIR |
/data |
The directory within the container to store all persistent data. Typically, this directory will be volume mapped such that data is persisted across container restarts (e.g., |
DATABASE_DATA_DIR |
$DATA_CACHE_DIR/db |
The data directory for the default Postgres database. |
DATABASE_URL |
postgresql://postgres@ localhost:5432/sourcebot |
Connection string of your Postgres database. By default, a Postgres database is automatically provisioned at startup within the container. If you'd like to use a non-default schema, you can provide it as a parameter in the database url |
EMAIL_FROM_ADDRESS |
- |
The email address that transactional emails will be sent from. See this doc for more info. |
FORCE_ENABLE_ANONYMOUS_ACCESS |
false |
When enabled, anonymous access to the organization will always be enabled |
REDIS_DATA_DIR |
$DATA_CACHE_DIR/redis |
The data directory for the default Redis instance. |
REDIS_URL |
redis://localhost:6379 |
Connection string of your Redis instance. By default, a Redis database is automatically provisioned at startup within the container. |
REDIS_REMOVE_ON_COMPLETE |
0 |
Controls how many completed jobs are allowed to remain in Redis queues |
REDIS_REMOVE_ON_FAIL |
100 |
Controls how many failed jobs are allowed to remain in Redis queues |
REPO_SYNC_RETRY_BASE_SLEEP_SECONDS |
60 |
The base sleep duration (in seconds) for exponential backoff when retrying repository sync operations that fail |
GITLAB_CLIENT_QUERY_TIMEOUT_SECONDS |
600 |
The timeout duration (in seconds) for GitLab client queries |
SHARD_MAX_MATCH_COUNT |
10000 |
The maximum shard count per query |
SMTP_CONNECTION_URL |
- |
The url to the SMTP service used for sending transactional emails. See this doc for more info. |
SOURCEBOT_ENCRYPTION_KEY |
Automatically generated at startup if no value is provided. Generated using openssl rand -base64 24 |
Used to encrypt connection secrets and generate API keys. |
SOURCEBOT_PUBLIC_KEY_PATH |
/app/public.pem |
Sourcebot's public key that's used to verify encrypted license key signatures. |
SOURCEBOT_LOG_LEVEL |
info |
The Sourcebot logging level. Valid values are |
SOURCEBOT_STRUCTURED_LOGGING_ENABLED |
false |
Enables/disable structured JSON logging. See this doc for more info. |
SOURCEBOT_STRUCTURED_LOGGING_FILE |
- | Optional file to log to if structured logging is enabled |
SOURCEBOT_TELEMETRY_DISABLED |
false |
Enables/disables telemetry collection in Sourcebot. See this doc for more info. |
TOTAL_MAX_MATCH_COUNT |
100000 |
The maximum number of matches per query |
ZOEKT_MAX_WALL_TIME_MS |
10000 |
The maximum real world duration (in milliseconds) per zoekt query |
| Variable | Default | Description |
|---|---|---|
SOURCEBOT_EE_AUDIT_LOGGING_ENABLED |
true |
Enables/disables audit logging |
AUTH_EE_GITHUB_BASE_URL |
https://github.com |
The base URL for GitHub Enterprise SSO authentication. |
AUTH_EE_GITHUB_CLIENT_ID |
- |
The client ID for GitHub Enterprise SSO authentication. |
AUTH_EE_GITHUB_CLIENT_SECRET |
- |
The client secret for GitHub Enterprise SSO authentication. |
AUTH_EE_GITLAB_BASE_URL |
https://gitlab.com |
The base URL for GitLab Enterprise SSO authentication. |
AUTH_EE_GITLAB_CLIENT_ID |
- |
The client ID for GitLab Enterprise SSO authentication. |
AUTH_EE_GITLAB_CLIENT_SECRET |
- |
The client secret for GitLab Enterprise SSO authentication. |
AUTH_EE_GOOGLE_CLIENT_ID |
- |
The client ID for Google SSO authentication. |
AUTH_EE_GOOGLE_CLIENT_SECRET |
- |
The client secret for Google SSO authentication. |
AUTH_EE_KEYCLOAK_CLIENT_ID |
- |
The client ID for Keycloak SSO authentication. |
AUTH_EE_KEYCLOAK_CLIENT_SECRET |
- |
The client secret for Keycloak SSO authentication. |
AUTH_EE_KEYCLOAK_ISSUER |
- |
The issuer URL for Keycloak SSO authentication. |
AUTH_EE_OKTA_CLIENT_ID |
- |
The client ID for Okta SSO authentication. |
AUTH_EE_OKTA_CLIENT_SECRET |
- |
The client secret for Okta SSO authentication. |
AUTH_EE_OKTA_ISSUER |
- |
The issuer URL for Okta SSO authentication. |
AUTH_EE_GCP_IAP_ENABLED |
false |
When enabled, allows Sourcebot to automatically register/login from a successful GCP IAP redirect |
AUTH_EE_GCP_IAP_AUDIENCE |
- | The GCP IAP audience to use when verifying JWT tokens. Must be set to enable GCP IAP JIT provisioning |
| Variable | Default | Description |
|---|---|---|
GITHUB_APP_ID |
- |
The GitHub App ID used for review agent authentication. |
GITHUB_APP_PRIVATE_KEY_PATH |
- |
The container relative path to the private key file for the GitHub App used by the review agent. |
GITHUB_APP_WEBHOOK_SECRET |
- |
The webhook secret for the GitHub App used by the review agent. |
OPENAI_API_KEY |
- |
The OpenAI API key used by the review agent. |
REVIEW_AGENT_API_KEY |
- |
The Sourcebot API key used by the review agent. |
REVIEW_AGENT_AUTO_REVIEW_ENABLED |
false |
Enables/disables automatic code reviews by the review agent. |
REVIEW_AGENT_LOGGING_ENABLED |
true |
Enables/disables logging for the review agent. Logs are saved in |
REVIEW_AGENT_REVIEW_COMMAND |
review |
The command used to trigger a code review by the review agent. |