Skip to content

Environment variables

Some application features are configured using environment variables.

Configuration variables

Variable Name Description Default Example value
AEID_CLIENTID Azure Entra ID client ID. See Azure Authentication 2222-2222-222-2222
AEID_TENANTID Azure Entra ID tenant ID. See Azure Authentication 111-1111-1111-1111
AEID_SCOPE Azure Entra ID scope. See Azure Authentication https://graph.microsoft.com/.default
API_RETRY_LIMIT Number of API retries on error 5 10
ACCESS_TOKEN_SECRET Access token secret. See Authentication changeme
ACCESS_TOKEN_TTL Access token time to live. Use syntax 1h (1 hour), 1m (1 min) etc. 10m 5m
AUTHENTICATOR_IMPL Authentication implementation. See Authentication file cognito
AWS_REGION AWS region containing DynamoDB or Secrets Manager or CodePipeline eu-west-1
CACHE_PIPELINE_BUILDS Whether to cache the pipeline builds from the pipelines provider true
CACHE_REPO_LIST Whether to cache the repository list from the VCS provider true
CLIENT_SESSION_STORE The mechanism for storing the client-side session. Can be cookie or sessionStorage cookie sessionStorage
COGNITO_USER_POOL_ID Cognito authenticator settings
COGNITO_CLIENT_ID Cognito authenticator settings
CONFIG_DIR Path to directory containing configuration files. See Configuration. Note, this can be comma-delimited, to read from multiple directories. Current directory /path/to/config/dir
CONFIG_AUTO_RELOAD Whether to auto-reload config from file - useful for development false true
CONFIG_REFRESH_MS Requires CONFIG_AUTO_RELOAD - reload frequency in ms 5000 30000
CORS_ORIGIN The CORS origin of the web UI https://code-metrics.localhost:3001
COVERAGE_THRESHOLD_DANGER Lower coverage threshold 30 40
COVERAGE_THRESHOLD_WARNING Upper coverage threshold 80 90
DATABASE_NAME Prefix for DynamoDB tables or name of MongoDB database CodeMetrics
DATASTORE_IMPL Datastore implementation (one of: inmem, dynamodb, mongodb). See Datastores inmem dynamodb
DATASTORE_PATH Path to use to store code-metrics.db for DATASTORE_IMPL=nedb if left unset will use inmem version of database `` /some/writable/path/on/filesystem
DATABASE_URI MongoDB database URI mongodb://code-metrics:changeme@localhost:27017
DEBUG Whether to enable the debugger in the desktop app false true
EXPIRY_SECONDS Time to cache data if it is for the current day. 3600 7200
KEYCLOAK_AUTH_METHOD Keycloak auth method - currently always directgrant. See Keycloak Authentication
KEYCLOAK_URI Keycloak URI. See Keycloak Authentication
KEYCLOAK_REALM Keycloak realm. See Keycloak Authentication
KEYCLOAK_CLIENT_ID Keycloak client ID. See Keycloak Authentication
LDAP_ADMIN_AUTH LDAP authentication configuration. See LDAP Authentication
LDAP_URI LDAP authentication configuration. See LDAP Authentication
LDAP_BIND_DN LDAP authentication configuration. See LDAP Authentication
LDAP_BIND_PASSWORD LDAP authentication configuration. See LDAP Authentication
LDAP_USER_SEARCH_BASE LDAP authentication configuration. See LDAP Authentication
LDAP_ROOT_DN LDAP authentication configuration. See LDAP Authentication
LDAP_USERNAME_ATTRIBUTE LDAP authentication configuration. See LDAP Authentication
LDAP_TLS LDAP authentication configuration. See LDAP Authentication
LOG_FILE_PATH Path to file where logs should be written. If specified, logs will be written to this file in addition to the console. /var/log/code-metrics/app.log
LOG_LEVEL Logging level. Set to 0 (OFF), 1 (DEBUG) or 2 (VERBOSE) 1 2
LOG_RESPONSE_BODY Whether to log response bodies from external API calls false true
LOOKUP_CACHE_ENABLED Whether the cache is enabled (requires datastore) false true
OIDC_ISSUER_BASE_URL The base URL for the OIDC server. See OIDC Authentication https://accounts.google.com
OIDC_CLIENT_ID The client ID. See OIDC Authentication 000000000000-a1b2c3d4e5f6g7h8i9j10k11l12m13n14.apps.googleusercontent.com
OIDC_CLIENT_SECRET The client secret. See OIDC Authentication ABCDEF-ab12cd_aBcDeF12gH34-aB
OIDC_USER_CLAIM The name of ID token claim containing the user email address. See OIDC Authentication sub sub or email
OIDC_SCOPES The required scopes. See OIDC Authentication openid email openid email
OIDC_AUDIENCE The desired value of the audience claim. See OIDC Authentication 000000000000-a1b2c3d4e5f6g7h8i9j10k11l12m13n14.apps.googleusercontent.com
OIDC_USE_PKCE Whether to use PKCE. See OIDC Authentication false true
OIDC_REDIRECT_URI Override the OIDC redirect URI. See OIDC Authentication Derived from the UI base URL. https://example.com/login/callback
PRECACHE_REPO_LIST Whether to pre-cache the repository list from the VCS provider true false
PORT The port the backend listens on 3001 3030
REPO_LIST_EXPIRY_SECONDS If CACHE_REPO_LIST is enabled - for how long the list is cached 21600 10800
REFRESH_TOKEN_TTL Refresh token time to live. Controls the maximum authenticated session length. Use syntax 1h (1 hour), 1m (1 min) etc. 1h 30m
SERVICE_TOKEN_TTL Service Token time to live. Use syntax 1h (1 hour), 1d (1 day), 1y (1 year), etc. See API Authentication 1y 6m
SECRET_RESOLVER_IMPL Secret resolver implementation. See Secret management file file
SHOW_CONSOLE Whether to show the console window in the desktop app false true
STORED_QUERY_DIR Directory path for file-based stored queries. Uses CONFIG_DIR (last if multiple specified). /path/to/query/dir
STORED_QUERY_SERVICE The implementation for stored queries. See Custom queries union datastore, file
STRICT_CONFIG_LOAD In strict mode the backend will exit the process if the license or config are invalid or missing. Outside strict mode the backend will start without a license or config, but all authenticated routes will be unavailable. In this mode, the frontend will show a more helpful error message. boolean false
UI_BASE_URL The base URL for the UI Uses value of CORS_ORIGIN http://localhost:3000

The .env file

As well as setting environment variables in the typical fashion, Code Metrics allows you to use an .env file in the working directory for the backend component.

To get started, copy the .env.template file and name the copy .env.