Environment variables
This is a reference to all environment variables that can be used to configure a Lightdash deployment.
| Variable | Description | Required? | Default |
|---|---|---|---|
PGHOST | Hostname of postgres server to store Lightdash data | ✅ | |
PGPORT | Port of postgres server to store Lightdash data | ✅ | |
PGUSER | Username of postgres user to access postgres server to store Lightdash data | ✅ | |
PGPASSWORD | Password for PGUSER | ✅ | |
PGDATABASE | Database name inside postgres server to store Lightdash data | ✅ | |
PGCONNECTIONURI | Connection URI for postgres server to store Lightdash data in the format postgresql://user:password@host:port/db?params | This is an alternative to providing the previous PG variables | |
LIGHTDASH_SECRET | Secret key used to secure various tokens in Lightdash. This must be fixed between deployments. If the secret changes, you won't have access to Lightdash data. | ✅ | |
SECURE_COOKIES | Only allows cookies to be stored over a https connection. We use cookies to keep you logged in. This is recommended to be set to true in production. | false | |
COOKIES_MAX_AGE_HOURS | How many hours a user session exists before the user is automatically signed out. For example if 24, then the user will be automatically after 24 hours of inactivity. | ||
TRUST_PROXY | This tells the Lightdash server that it can trust the X-Forwarded-Proto header it receives in requests. This is useful if you use SECURE_COOKIES=true behind a HTTPS terminated proxy that you can trust. | false | |
SITE_URL | Site url where Lightdash is being hosted. It should include the protocol. E.g https://lightdash.mycompany.com | http://localhost:8080 | |
INTERNAL_LIGHTDASH_HOST | Internal Lightdash host for the Headless browser to send requests when your Lightdash instance is not accessible from the Internet. | Same as SITE_URL | |
STATIC_IP | Server static IP so users can add the IP to their warehouse allow-list. | http://localhost:8080 | |
LIGHTDASH_QUERY_MAX_LIMIT | Query max rows limit | 5000 | |
SCHEDULER_ENABLED | Enables/Disables the scheduler worker that triggers the scheduled deliveries. | true | |
SCHEDULER_CONCURRENCY | How many scheduled delivery jobs can be processed concurrently. | 1 | |
SCHEDULER_JOB_TIMEOUT | After how many milliseconds the job should be timeout so the scheduler worker can pick other jobs. | 600000 (10 minutes) | |
LIGHTDASH_CSV_CELLS_LIMIT | Max cells on CSV file exports | 100000 | |
LIGHTDASH_CHART_VERSION_HISTORY_DAYS_LIMIT | Configure how far back the chart versions history goes in days | 3 | |
LIGHTDASH_PIVOT_TABLE_MAX_COLUMN_LIMIT | Configure maximum number of columns in pivot table | 60 | |
GROUPS_ENABLED | Enables/Disables groups functionality | false | |
AUTH_ENABLE_OIDC_LINKING | Enables/Disables linking the new OIDC(aka SSO) identity to an existing user if they already have another OIDC with the same email | false |
Lightdash also accepts all standard postgres environment variables
SMTP environment variables
This is a reference to all the SMTP environment variables that can be used to configure a Lightdash email client.
| Variable | Description | Required? | Default |
|---|---|---|---|
EMAIL_SMTP_HOST | Hostname of email server | ✅ | |
EMAIL_SMTP_PORT | Port of email server | 587 | |
EMAIL_SMTP_SECURE | Secure connection | true | |
EMAIL_SMTP_USER | Auth user | ✅ | |
EMAIL_SMTP_PASSWORD | Auth password | [1] | |
EMAIL_SMTP_ACCESS_TOKEN | Auth access token for Oauth2 authentication | [1] | |
EMAIL_SMTP_ALLOW_INVALID_CERT | Allow connection to TLS server with self-signed or invalid TLS certificate | false | |
EMAIL_SMTP_SENDER_EMAIL | The email address that sends emails | ✅ | |
EMAIL_SMTP_SENDER_NAME | The name of the email address that sends emails | Lightdash |
[1] EMAIL_SMTP_PASSWORD or EMAIL_SMTP_ACCESS_TOKEN needs to be provided
SSO environment variables
These variables enable you to control Single Sign On (SSO) functionality.
| Variable | Description | Required? | Default |
|---|---|---|---|
AUTH_DISABLE_PASSWORD_AUTHENTICATION | If "true" disables signing in with plain passwords | false | |
AUTH_ENABLE_GROUP_SYNC | If "true" enables assigning SSO groups to Lightdash groups | false | |
AUTH_GOOGLE_OAUTH2_CLIENT_ID | Required for Google SSO | ||
AUTH_GOOGLE_OAUTH2_CLIENT_SECRET | Required for Google SSO | ||
AUTH_OKTA_OAUTH_CLIENT_ID | Required for Okta SSO | ||
AUTH_OKTA_OAUTH_CLIENT_SECRET | Required for Okta SSO | ||
AUTH_OKTA_OAUTH_ISSUER | Required for Okta SSO | ||
AUTH_OKTA_DOMAIN | Required for Okta SSO | ||
AUTH_OKTA_AUTHORIZATION_SERVER_ID | Optional for Okta SSO with a custom authorization server | ||
AUTH_OKTA_EXTRA_SCOPES | Optional for Okta SSO scopes (e.g. groups) without a custom authorization server | ||
AUTH_ONE_LOGIN_OAUTH_CLIENT_ID | Required for One Login SSO | ||
AUTH_ONE_LOGIN_OAUTH_CLIENT_SECRET | Required for One Login SSO | ||
AUTH_ONE_LOGIN_OAUTH_ISSUER | Required for One Login SSO | ||
AUTH_AZURE_AD_OAUTH_CLIENT_ID | Required for Azure AD | ||
AUTH_AZURE_AD_OAUTH_CLIENT_SECRET | Required for Azure AD | ||
AUTH_AZURE_AD_OAUTH_TENANT_ID | Required for Azure AD | ||
AUTH_AZURE_AD_OIDC_METADATA_ENDPOINT | Optional for Azure AD | ||
AUTH_AZURE_AD_X509_CERT_PATH | Optional for Azure AD | ||
AUTH_AZURE_AD_X509_CERT | Optional for Azure AD | ||
AUTH_AZURE_AD_PRIVATE_KEY_PATH | Optional for Azure AD | ||
AUTH_AZURE_AD_PRIVATE_KEY | Optional for Azure AD |
Logging environment variables
| Variable | Description | Required? | Default |
|---|---|---|---|
LIGHTDASH_LOG_LEVEL | The minimum level of log messages to display | INFO | |
LIGHTDASH_LOG_FORMAT | The format of log messages | pretty | |
LIGHTDASH_LOG_OUTPUTS | The outputs to send log messages to | console | |
LIGHTDASH_LOG_CONSOLE_LEVEL | The minimum level of log messages to display on the console | LIGHTDASH_LOG_LEVEL | |
LIGHTDASH_LOG_CONSOLE_FORMAT | The format of log messages on the console | LIGHTDASH_LOG_FORMAT | |
LIGHTDASH_LOG_FILE_LEVEL | The minimum level of log messages to write to the log file | LIGHTDASH_LOG_LEVEL | |
LIGHTDASH_LOG_FILE_FORMAT | The format of log messages in the log file | LIGHTDASH_LOG_FORMAT | |
LIGHTDASH_LOG_FILE_PATH | The path to the log file | ./logs/all.log |
Prometheus environment variables
| Variable | Description | Required? | Default |
|---|---|---|---|
LIGHTDASH_PROMETHEUS_ENABLED | Enables/Disables Prometheus metrics endpoint | false | |
LIGHTDASH_PROMETHEUS_PORT | Port for Prometheus metrics endpoint | 9090 | |
LIGHTDASH_PROMETHEUS_PATH | Path for Prometheus metrics endpoint | /metrics | |
LIGHTDASH_PROMETHEUS_PREFIX | Prefix for metric names. | ||
LIGHTDASH_GC_DURATION_BUCKETS | Buckets for duration histogram in seconds. | 0.001, 0.01, 0.1, 1, 2, 5 | |
LIGHTDASH_EVENT_LOOP_MONITORING_PRECISION | Precision for event loop monitoring in milliseconds. Must be greater than zero. | 10 | |
LIGHTDASH_PROMETHEUS_LABELS | Labels to add to all metrics. Must be valid JSON |
Security
| Variable | Description | Required? | Default |
|---|---|---|---|
LIGHTDASH_CSP_REPORT_ONLY | Enables Content Security Policy (CSP) reporting only mode. This is recommended to be set to false in production. | true | |
LIGHTDASH_CSP_ALLOWED_DOMAINS | List of domains that are allowed to load resources from. Values must be separated by commas. | ||
LIGHTDASH_CSP_REPORT_URI | URI to send CSP violation reports to. |