Skip to main content

Environment variables

This is a reference to all environment variables that can be used to configure a Lightdash deployment.

VariableDescriptionRequired?Default
PGHOSTHostname of postgres server to store Lightdash data
PGPORTPort of postgres server to store Lightdash data
PGUSERUsername of postgres user to access postgres server to store Lightdash data
PGPASSWORDPassword for PGUSER
PGDATABASEDatabase name inside postgres server to store Lightdash data
PGCONNECTIONURIConnection URI for postgres server to store Lightdash data in the format postgresql://user:password@host:port/db?paramsThis is an alternative to providing the previous PG variables
LIGHTDASH_SECRETSecret key used to secure various tokens in Lightdash. This must be fixed between deployments. If the secret changes, you won't have access to Lightdash data.
SECURE_COOKIESOnly allows cookies to be stored over a https connection. We use cookies to keep you logged in. This is recommended to be set to true in production.false
COOKIES_MAX_AGE_HOURSHow many hours a user session exists before the user is automatically signed out. For example if 24, then the user will be automatically after 24 hours of inactivity.
TRUST_PROXYThis tells the Lightdash server that it can trust the X-Forwarded-Proto header it receives in requests. This is useful if you use SECURE_COOKIES=true behind a HTTPS terminated proxy that you can trust.false
LIGHTDASH_CONFIG_FILEPath to a lightdash.yml file to configure Lightdash. This is set by default and if you're using docker you shouldn't change it.
SITE_URLSite url where Lightdash is being hosted. It should include the protocol. E.g https://lightdash.mycompany.comhttp://localhost:8080
STATIC_IPServer static IP so users can add the IP to their warehouse allow-list.http://localhost:8080
LIGHTDASH_QUERY_MAX_LIMITQuery max rows limit5000
SCHEDULER_ENABLEDEnables/Disables the scheduler worker that triggers the scheduled deliveries.true
SCHEDULER_CONCURRENCYHow many scheduled delivery jobs can be processed concurrently.1
SCHEDULER_JOB_TIMEOUTAfter how many milliseconds the job should be timeout so the scheduler worker can pick other jobs.600000 (10 minutes)
LIGHTDASH_CSV_CELLS_LIMITMax cells on CSV file exports100000
LIGHTDASH_CHART_VERSION_HISTORY_DAYS_LIMITConfigure how far back the chart versions history goes in days3
LIGHTDASH_PIVOT_TABLE_MAX_COLUMN_LIMITConfigure maximum number of columns in pivot table60
GROUPS_ENABLEDEnables/Disables groups functionalityfalse
AUTH_ENABLE_OIDC_LINKINGEnables/Disables linking the new OIDC(aka SSO) identity to an existing user if they already have another OIDC with the same emailfalse

Lightdash also accepts all standard postgres environment variables

SMTP environment variables

This is a reference to all the SMTP environment variables that can be used to configure a Lightdash email client.

VariableDescriptionRequired?Default
EMAIL_SMTP_HOSTHostname of email server
EMAIL_SMTP_PORTPort of email server587
EMAIL_SMTP_SECURESecure connectiontrue
EMAIL_SMTP_USERAuth user
EMAIL_SMTP_PASSWORDAuth password[1]
EMAIL_SMTP_ACCESS_TOKENAuth access token for Oauth2 authentication[1]
EMAIL_SMTP_ALLOW_INVALID_CERTAllow connection to TLS server with self-signed or invalid TLS certificatefalse
EMAIL_SMTP_SENDER_EMAILThe email address that sends emails
EMAIL_SMTP_SENDER_NAMEThe name of the email address that sends emailsLightdash

[1] EMAIL_SMTP_PASSWORD or EMAIL_SMTP_ACCESS_TOKEN needs to be provided

SSO environment variables

These variables enable you to control Single Sign On (SSO) functionality.

VariableDescriptionRequired?Default
AUTH_DISABLE_PASSWORD_AUTHENTICATIONIf "true" disables signing in with plain passwordsfalse
AUTH_ENABLE_GROUP_SYNCIf "true" enables assigning SSO groups to Lightdash groupsfalse
AUTH_GOOGLE_OAUTH2_CLIENT_IDRequired for Google SSO
AUTH_GOOGLE_OAUTH2_CLIENT_SECRETRequired for Google SSO
AUTH_OKTA_OAUTH_CLIENT_IDRequired for Okta SSO
AUTH_OKTA_OAUTH_CLIENT_SECRETRequired for Okta SSO
AUTH_OKTA_OAUTH_ISSUERRequired for Okta SSO
AUTH_OKTA_DOMAINRequired for Okta SSO
AUTH_OKTA_AUTHORIZATION_SERVER_IDOptional for Okta SSO with a custom authorization server
AUTH_OKTA_EXTRA_SCOPESOptional for Okta SSO scopes (e.g. groups) without a custom authorization server
AUTH_ONE_LOGIN_OAUTH_CLIENT_IDRequired for One Login SSO
AUTH_ONE_LOGIN_OAUTH_CLIENT_SECRETRequired for One Login SSO
AUTH_ONE_LOGIN_OAUTH_ISSUERRequired for One Login SSO
AUTH_AZURE_AD_OAUTH_CLIENT_IDRequired for Azure AD
AUTH_AZURE_AD_OAUTH_CLIENT_SECRETRequired for Azure AD
AUTH_AZURE_AD_OAUTH_TENANT_IDRequired for Azure AD
AUTH_AZURE_AD_OIDC_METADATA_ENDPOINTOptional for Azure AD
AUTH_AZURE_AD_X509_CERT_PATHOptional for Azure AD
AUTH_AZURE_AD_X509_CERTOptional for Azure AD
AUTH_AZURE_AD_PRIVATE_KEY_PATHOptional for Azure AD
AUTH_AZURE_AD_PRIVATE_KEYOptional for Azure AD

Logging environment variables

VariableDescriptionRequired?Default
LIGHTDASH_LOG_LEVELThe minimum level of log messages to displayINFO
LIGHTDASH_LOG_FORMATThe format of log messagespretty
LIGHTDASH_LOG_OUTPUTSThe outputs to send log messages toconsole
LIGHTDASH_LOG_CONSOLE_LEVELThe minimum level of log messages to display on the consoleLIGHTDASH_LOG_LEVEL
LIGHTDASH_LOG_CONSOLE_FORMATThe format of log messages on the consoleLIGHTDASH_LOG_FORMAT
LIGHTDASH_LOG_FILE_LEVELThe minimum level of log messages to write to the log fileLIGHTDASH_LOG_LEVEL
LIGHTDASH_LOG_FILE_FORMATThe format of log messages in the log fileLIGHTDASH_LOG_FORMAT
LIGHTDASH_LOG_FILE_PATHThe path to the log file./logs/all.log

dbt semantic layer environment variables

VariableDescriptionRequired?Default
DBT_CLOUD_DOMAINdbt cloud Semantic Layer API domainOnly required if your dbt cloud URL is similar to this client123.us1.dbt.com. If so, you should set the value https://client123.semantic-layer.us1.dbt.comhttps://semantic-layer.cloud.getdbt.com
DBT_CLOUD_ENVIRONMENT_IDdbt environment ID
DBT_CLOUD_BEARER_TOKENdbt cloud bearer token

Prometheus environment variables

VariableDescriptionRequired?Default
LIGHTDASH_PROMETHEUS_ENABLEDEnables/Disables Prometheus metrics endpointfalse
LIGHTDASH_PROMETHEUS_PORTPort for Prometheus metrics endpoint9090
LIGHTDASH_PROMETHEUS_PATHPath for Prometheus metrics endpoint/metrics
LIGHTDASH_PROMETHEUS_PREFIXPrefix for metric names.
LIGHTDASH_GC_DURATION_BUCKETSBuckets for duration histogram in seconds.0.001, 0.01, 0.1, 1, 2, 5
LIGHTDASH_EVENT_LOOP_MONITORING_PRECISIONPrecision for event loop monitoring in milliseconds. Must be greater than zero.10
LIGHTDASH_PROMETHEUS_LABELSLabels to add to all metrics. Must be valid JSON

Security

VariableDescriptionRequired?Default
LIGHTDASH_CSP_REPORT_ONLYEnables Content Security Policy (CSP) reporting only mode. This is recommended to be set to false in production.true
LIGHTDASH_CSP_ALLOWED_DOMAINSList of domains that are allowed to load resources from. Values must be separated by commas.
LIGHTDASH_CSP_REPORT_URIURI to send CSP violation reports to.