Skip to main content

Passbolt Environment Variables

Notice

These are available for use with both the Docker installation and the Helm installation

Following there is a list of the environment variables supported in passbolt both PRO and CE editions with their default values.

Variable nameDescriptionDefault value
APP_BASEit allows people to specify the base subdir the application is running innull
APP_ENCODINGSet text encoding'UTF-8'
APP_FULL_BASE_URLPassbolt base url'false'
DATASOURCES_DEFAULT_DATABASEDatabase name''
DATASOURCES_DEFAULT_HOSTDatabase hostname'localhost'
DATASOURCES_DEFAULT_PORTDatabase port3306
DATASOURCES_DEFAULT_URLDatabase url''
DATASOURCES_DEFAULT_PASSWORDDatabase password''
DATASOURCES_DEFAULT_SSL_KEYDatabase SSL Key''
DATASOURCES_DEFAULT_SSL_CERTDatabase SSL Cert''
DATASOURCES_DEFAULT_SSL_CADatabase SSL CA''
DATASOURCES_DEFAULT_USERNAMEDatabase username''
DEBUGDebug mode'false'
EMAIL_TRANSPORT_DEFAULT_CLASS_NAMEEmail classname'Smtp'
EMAIL_DEFAULT_FROM_NAMEFrom email username'Passbolt'
EMAIL_DEFAULT_FROMFrom email address'you@localhost'
EMAIL_DEFAULT_TRANSPORTSets transport method'default'
EMAIL_TRANSPORT_DEFAULT_HOSTServer hostname'localhost'
EMAIL_TRANSPORT_DEFAULT_PORTServer port25
EMAIL_TRANSPORT_DEFAULT_TIMEOUTTimeout30
EMAIL_TRANSPORT_DEFAULT_USERNAMEUsername for email server authnull
EMAIL_TRANSPORT_DEFAULT_PASSWORDPassword for email server authnull
EMAIL_TRANSPORT_DEFAULT_CLIENTClientnull
EMAIL_TRANSPORT_DEFAULT_TLSSet tlsnull
EMAIL_TRANSPORT_DEFAULT_URLSet urlnull
GNUPGHOMEpath to gnupghome directory'/home/www-data/.gnupg'
PASSBOLT_AUTH_TOKEN_EXPIRYPassbolt authorization token expiration'3 days'
PASSBOLT_AUTH_REGISTER_TOKEN_EXPIRYPassbolt authorization registration token expiration'10 days'
PASSBOLT_AUTH_RECOVER_TOKEN_EXPIRYPassbolt authorization recover token expiration'1 day'
PASSBOLT_AUTH_LOGIN_TOKEN_EXPIRYPassbolt authorization token login expiration'5 minutes'
PASSBOLT_AUTH_MOBILE_TRANSFER_TOKEN_EXPIRYPassbolt mobile transfer token expiration'5 minutes'
PASSBOLT_AUTH_JWT_REFRESH_TOKENPassbolt authorization JWT refresh token'1 month'
PASSBOLT_AUTH_JWT_ACCESS_TOKENPassbolt authorization JWT access token'5 minutes'
PASSBOLT_AUTH_JWT_VERIFY_TOKENPassbolt authorization JWT verify token'1 hour'
PASSBOLT_GPG_SERVER_KEY_FINGERPRINTGnuPG fingerprintnull
PASSBOLT_GPG_SERVER_KEY_PUBLICPath to GnuPG public server key'/etc/passbolt/gpg/serverkey.asc'
PASSBOLT_GPG_SERVER_KEY_PRIVATEPath to GnuPG private server key'/etc/passbolt/gpg/serverkey_private.asc'
PASSBOLT_JS_BUILDpassbolt.js type of build 'development' or 'production''production'
PASSBOLT_LEGAL_PRIVACYPOLICYURLSet legal policy URL''
PASSBOLT_LEGAL_TERMSURLSet legal terms URL'https://www.passbolt.com/terms'
PASSBOLT_META_DESCRIPTIONSet html meta description for the site'Open source password manager for teams'
PASSBOLT_META_ROBOTSSearch engines indexing parameters'noindex, nofollow'
PASSBOLT_META_TITLESet html meta title for'Passbolt'
PASSBOLT_PLUGINS_EXPORT_ENABLEDEnable export plugintrue
PASSBOLT_PLUGINS_IMPORT_ENABLEDEnable import plugintrue
PASSBOLT_PLUGINS_IN_FORM_INTEGRATION_ENABLEDEnable Passbolt icon in web formstrue
PASSBOLT_PLUGINS_PASSWORD_GENERATOR_DEFAULT_GENERATORDefault password generator (can be password or passphrase)password
PASSBOLT_PLUGINS_PASSWORD_GENERATOR_ENABLEDEnable password generator plugintrue
PASSBOLT_PLUGINS_PREVIEW_PASSWORD_ENABLEDEnable password generator previewtrue
PASSBOLT_PLUGINS_MOBILE_ENABLEDEnable mobile plugintrue
PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLEDEnable jwt authentication plugintrue
PASSBOLT_REGISTRATION_PUBLICDefines if users can registerfalse
PASSBOLT_SECURITY_SET_HEADERSSend CSP Headerstrue
PASSBOLT_SECURITY_CSPCSP Headers (true, false or custom CSP string)true
PASSBOLT_SECURITY_COOKIE_SECURESet MFA cookie secure flagtrue
PASSBOLT_SSL_FORCERedirects http to httpstrue
SECURITY_SALTCakePHP security salt__SALT__
SESSION_DEFAULTSSession engine configuration'php'