Environment Variables
Ops Atlas is configured through a .env file at the project root. Docker Compose reads these variables and passes them to the backend and frontend containers.
Complete Reference
Database
| Variable | Default | Description |
|---|---|---|
POSTGRES_DB | opsdashboard | PostgreSQL database name |
POSTGRES_USER | postgres | PostgreSQL username |
POSTGRES_PASSWORD | — | PostgreSQL password |
POSTGRES_PORT | 5432 | PostgreSQL port |
Security
| Variable | Default | Description |
|---|---|---|
JWT_SECRET | — | Required. Secret key for signing JWT tokens |
ENCRYPTION_KEY | — | Required. Key for encrypting sensitive data at rest |
DANGER
Both JWT_SECRET and ENCRYPTION_KEY are required and must be set before starting the application. Generate them with:
openssl rand -base64 32Never commit these values to version control.
Networking
| Variable | Default | Description |
|---|---|---|
BACKEND_PORT | 8090 | Port the backend listens on |
FRONTEND_PORT | 3000 | Port the frontend listens on |
FRONTEND_URL | — | Public frontend URL (for reverse proxy setups) |
BACKEND_URL | — | Public backend URL (for reverse proxy setups) |
CORS_ALLOWED_ORIGINS | — | Comma-separated list of allowed CORS origins |
TIP
FRONTEND_URL and BACKEND_URL are optional for simple deployments. Set them when running behind a reverse proxy (e.g., Nginx, Traefik) so that internal redirects and CORS resolve correctly.
Java Runtime
| Variable | Default | Description |
|---|---|---|
JAVA_OPTS | -Xms256m -Xmx512m | JVM options passed to the Spring Boot backend |
Docker Registry
| Variable | Default | Description |
|---|---|---|
DOCKER_REGISTRY_URL | — | Docker registry endpoint (e.g., registry.example.com) |
DOCKER_REGISTRY_USERNAME | — | Registry authentication username |
DOCKER_REGISTRY_PASSWORD | — | Registry authentication password |
TIP
Registry variables are optional. If not set, registry features will prompt for configuration through the Settings UI.
Licensing
| Variable | Default | Description |
|---|---|---|
LICENSE_EDITION | COMMUNITY | Active edition: COMMUNITY, PRO, or ENTERPRISE |
LICENSE_PUBLIC_KEY | — | Public key for license validation (optional) |
Enterprise
| Variable | Default | Description |
|---|---|---|
TRIVY_PATH | — | Path to the Trivy binary for vulnerability scanning |
TRIVY_TIMEOUT | 300 | Timeout in seconds for Trivy scans |
BACKUP_DIRECTORY | /app/backups | Directory where backups are stored |
WARNING
Enterprise variables only take effect when running with an Enterprise license. SSO/OIDC configuration is managed through the Settings UI and stored in the database rather than environment variables.
Example .env File
# Database
POSTGRES_DB=opsdashboard
POSTGRES_USER=postgres
POSTGRES_PASSWORD=changeme
POSTGRES_PORT=5432
# Security (generate with: openssl rand -base64 32)
JWT_SECRET=your-jwt-secret-here
ENCRYPTION_KEY=your-encryption-key-here
# Ports
BACKEND_PORT=8090
FRONTEND_PORT=3000
# URLs (set for reverse proxy)
# FRONTEND_URL=https://ops.example.com
# BACKEND_URL=https://api.ops.example.com
# CORS_ALLOWED_ORIGINS=https://ops.example.com
# JVM
JAVA_OPTS=-Xms256m -Xmx512m
# Docker Registry (optional)
# DOCKER_REGISTRY_URL=registry.example.com
# DOCKER_REGISTRY_USERNAME=admin
# DOCKER_REGISTRY_PASSWORD=secret
# License
LICENSE_EDITION=COMMUNITY