The behavior of EdgeDB can be configured with environment variables. The
variables documented on this page are supported when using the
edgedb-server tool and the official Docker image.
Some environment variables (noted below) support *_FILE and *_ENV
variants.
The *_FILE variant expects its value to be a file name. The file’s
contents will be read and used as the value.
The *_ENV variant expects its value to be the name of another
environment variable. The value of the other environment variable is then
used as the final value. This is convenient in deployment scenarios where
relevant values are auto populated into fixed environment variables.
Useful to fine-tune initial user and database creation, and other initial setup.
Maps directly to the edgedb-server flag --default-auth-method. The
*_FILE and *_ENV variants are also supported.
Optionally specifies the authentication method used by the server instance.
Supported values are SCRAM (the default) and Trust. When set to
Trust, the database will allow complete unauthenticated access
for all who have access to the database port.
This is often useful when setting an admin password on an instance that lacks one.
Use at your own risk and only for development and testing.
The *_FILE and *_ENV variants are also supported.
Specifies what to do when the TLS certificate and key are either not specified
or are missing. When set to require_file, the TLS certificate and key must
be specified in the EDGEDB_SERVER_TLS_CERT and EDGEDB_SERVER_TLS_KEY
variables and both must exist. When set to generate_self_signed a new
self-signed certificate and private key will be generated and placed in the
path specified by EDGEDB_SERVER_TLS_CERT and EDGEDB_SERVER_TLS_KEY, if
those are set, otherwise the generated certificate and key are stored as
edbtlscert.pem and edbprivkey.pem in EDGEDB_SERVER_DATADIR, or, if
EDGEDB_SERVER_DATADIR is not set then they will be placed in
/etc/ssl/edgedb.
The default is generate_self_signed when
EDGEDB_SERVER_SECURITY=insecure_dev_mode. Otherwise the default is
require_file.
Maps directly to the edgedb-server flag --tls-cert-mode. The *_FILE
and *_ENV variants are also supported.
The TLS certificate and private key files, exclusive with
EDGEDB_SERVER_TLS_CERT_MODE=generate_self_signed.
Maps directly to the edgedb-server flags --tls-cert-file and
--tls-key-file.
When set to insecure_dev_mode, sets EDGEDB_SERVER_DEFAULT_AUTH_METHOD
to Trust (see above), and EDGEDB_SERVER_TLS_CERT_MODE to
generate_self_signed (unless an explicit TLS certificate is specified).
Finally, if this option is set, the server will accept plaintext HTTP
connections.
Use at your own risk and only for development and testing.
Maps directly to the edgedb-server flag --security.
Specifies the network port on which EdgeDB will listen. The default is
5656.
Maps directly to the edgedb-server flag --port. The *_FILE and
*_ENV variants are also supported.
Specifies the network interface on which EdgeDB will listen.
Maps directly to the edgedb-server flag --bind-address. The *_FILE
and *_ENV variants are also supported.
Specifies a path where the database files are located. Defaults to
/var/lib/edgedb/data. Cannot be specified at the same time with
EDGEDB_SERVER_BACKEND_DSN.
Maps directly to the edgedb-server flag --data-dir.
Specifies a PostgreSQL connection string in the URI format. If set, the
PostgreSQL cluster specified by the URI is used instead of the builtin
PostgreSQL server. Cannot be specified at the same time with
EDGEDB_SERVER_DATADIR.
Maps directly to the edgedb-server flag --backend-dsn. The *_FILE
and *_ENV variants are also supported.
Specifies a path where EdgeDB will place its Unix socket and other transient files.
Maps directly to the edgedb-server flag --runstate-dir.
