Environment variables

Location

  • Docker : in the .env file (referenced by docker-compose.yml).
  • Baremetal installation : .env.local file at the root of the app directory.

Docker environment variables

Variables to create (all required)Value
BETTER_AUTH_URLURL as https://borgwarehouse.com
BETTER_AUTH_SECRETSecret key : openssl rand -base64 32
UNIX_USERThe user of your server as borgwarehouse
FQDNFQDN as borgwarehouse.com
SSH_SERVER_PORTSSH port as 22
PUIDUID of the host user owning the volumes
PGIDGID of the host user owning the volumes

Optional variablesValue
FQDN_LANHostname or IP for backup through LAN repository
SSH_SERVER_PORT_LANSSH port for backup through LAN repository
SMTP variablesSee the documentation here
NEXT_TELEMETRY_DISABLEDValue 1 will disable NextJS telemetry
CRONJOB_KEYSecret key : openssl rand -base64 32
HOSTNAMEValue :: will force the app to start on IPv6 if needed
DISABLE_INTEGRATIONSValue true will disable the integrations (API tokens to CRUD repositories) (≥v2.4.0)
DISABLE_DELETE_REPOValue true will globally disable the possibility to delete a repository (≥v2.4.0)
HIDE_SSH_PORTValue true will hide the SSH port in the UI : quickcommands & wizard (≥v2.4.0)
SETUP_SECRETSecret passphrase required to complete the first-run setup wizard — protects /setup on exposed instances (≥v3.2.0)
SESSION_EXPIRY_SECONDSSession lifetime in seconds. Defaults to 3600 (1 hour). Example: 28800 for 8 hours (≥v3.2.0)
BETTER_AUTH_TRUSTED_ORIGINSComma-separated list of trusted origins for reverse-proxy / multi-domain setups. Example: https://bw.example.com,https://bw.local (≥v3.2.0)
OAuth / OIDC variablesSee the OAuth/OIDC documentation
DISABLE_PASSWORD_LOGINValue true disables username/password login — only valid if at least one OAuth/OIDC provider is configured (≥v3.2.0)

Important details about docker environment variables :

  • The SSH fingerprints are automatically injected in the container.
  • The CRONJOB_KEY is automatically generated if not provided. But, if you want to trigger a job from outside the container, you must provide it to know the key.
  • The SSH_SERVER_PORT is the port exposed by the container. It must match the port used in the docker-compose.yml file.
  • If the BETTER_AUTH_SECRET is not provided, it will be automatically generated. But, at each restart of your borgwarehouse container, a new secret will be generated and all users will be disconnected. So, it’s better to provide it.

Baremetal environment variables

Variables to create (all required)Value
BETTER_AUTH_URLURL as https://borgwarehouse.com
BETTER_AUTH_SECRETSecret key : openssl rand -base64 32
CRONJOB_KEYSecret key : openssl rand -base64 32
UNIX_USERThe user of your server as borgwarehouse
FQDNFQDN as borgwarehouse.com
SSH_SERVER_PORTSSH port as 22
SSH_SERVER_FINGERPRINT_RSAYour server SSH fingerprint for RSA
SSH_SERVER_FINGERPRINT_ED25519Your server SSH fingerprint for ED25519

Optional variablesValue
FQDN_LANHostname or IP for backup through LAN repository
SSH_SERVER_PORT_LANSSH port for backup through LAN repository
SMTP variablesSee the documentation here
NEXT_TELEMETRY_DISABLEDValue 1 will disable NextJS telemetry
DISABLE_INTEGRATIONSValue true will disable the integrations (API tokens to CRUD repositories) (≥v2.4.0)
DISABLE_DELETE_REPOValue true will globally disable the possibility to delete a repository (≥v2.4.0)
HIDE_SSH_PORTValue true will hide the SSH port in the UI : quickcommands & wizard (≥v2.4.0)
SETUP_SECRETSecret passphrase required to complete the first-run setup wizard (≥v3.2.0)
SESSION_EXPIRY_SECONDSSession lifetime in seconds. Defaults to 3600 (1 hour) (≥v3.2.0)
BETTER_AUTH_TRUSTED_ORIGINSComma-separated trusted origins for reverse-proxy setups (≥v3.2.0)
OAuth / OIDC variablesSee the OAuth/OIDC documentation
DISABLE_PASSWORD_LOGINValue true disables username/password login (OAuth-only mode) (≥v3.2.0)
← Debian deployment
External storage →