config.env¶
The config.env file contains any custom environment changes for all Enterprise services. It is created initially by manage_server install and maintained manually by an Enterprise server administrator. If any required values are missing, manage_server will fill them in with their defaults. If no default is value is available, many commands like manage_server start will fail to run.
If you need a complete config.env file with all options specified (useful, for example, when invoking Docker or Podman directly), manage_server env will print a full copy of all populated environment variables. Just save that to a file instead.
The following file is provided both as documentation of expected default values from a fresh install and a reference in case you need to manually change anything. It is not recommended to manually create your initial config.env file.
Note
Treat any value with a _FILE suffix as a path to a secret written during installation. If you change the location or rotate the secret, update the corresponding file on disk and the value of the environment variable before restarting the stack.
####
## Binary Ninja Enterprise Server default configuration (config.env.example)
## Intended for use as reference ONLY
## Initial production config should be generated by manage_server install
####
## Container engine to use (docker or podman)
ENTERPRISE_CONTAINER_ENGINE=docker
## Swarm stack name (only set when using docker swarm)
# ENTERPRISE_STACK_NAME=binaryninja-enterprise
## Registry settings (username/password optional unless using a custom registry)
ENTERPRISE_REGISTRY_HOST=registry.enterprise.binary.ninja
# ENTERPRISE_REGISTRY_USERNAME=
# ENTERPRISE_REGISTRY_PASSWORD=
## Server identity (defaults to current user/group if unset)
# ENTERPRISE_SERVER_UID=
# ENTERPRISE_SERVER_GID=
## TLS and license assets
ENTERPRISE_SERVER_CERT_FILE=./server.pem
ENTERPRISE_SERVER_KEY_FILE=./server.key
ENTERPRISE_SERVER_LICENSE_FILE=./license.dat
ENTERPRISE_SERVER_LICENSE_BUNDLE_FILE=./license-bundle.b64
ENTERPRISE_INITIAL_ADMIN_PASSWORD_FILE=./secrets/initial_admin_password
## Enterprise server configuration
DEBUG=false
ENTERPRISE_SERVER_ALLOWED_HOSTS=*
ENTERPRISE_SERVER_DOMAIN=https://localhost:3535
ENTERPRISE_SERVER_BIND_IP=0.0.0.0
ENTERPRISE_SERVER_PORT=3535
ENTERPRISE_SERVER_VALIDATE_TLS=true
## Proxy configuration
ENTERPRISE_PROXY_NO_TLS=false
ENTERPRISE_SERVER_BACKEND_HOST=backend
# The following needs to be true if hosting with Azure Container Instances (ACI)
ENTERPRISE_PROXY_DISABLE_DIRECTIO=false
## Database configuration
ENTERPRISE_DATABASE_NAME=binaryninja_enterprise
ENTERPRISE_DATABASE_HOST=database
ENTERPRISE_DATABASE_PORT=5432
ENTERPRISE_DATABASE_USER=binaryninja_enterprise
ENTERPRISE_DATABASE_PASSWORD_FILE=./secrets/db_password
## Key-value store configuration
ENTERPRISE_KV_STORE_URL=redis://redis:6379
## Object store configuration
ENTERPRISE_OBJECT_STORE_BUCKET_NAME=binaryninja-enterprise
ENTERPRISE_OBJECT_STORE_URL=https://object-store:8333
ENTERPRISE_OBJECT_STORE_ACCESS_KEY_FILE=./secrets/object_store_access_key_id
ENTERPRISE_OBJECT_STORE_SECRET_KEY_FILE=./secrets/object_store_secret_access_key
# Multiply these together to calculate maximum storage capacity (size in MB)
ENTERPRISE_OBJECT_STORE_VOLUME_SIZE=30000
ENTERPRISE_OBJECT_STORE_MAX_VOLUMES=32
## WARP server configuration
ENTERPRISE_INCLUDE_WARP=true
WARP_DATABASE_NAME=warp
WARP_DATABASE_HOST=warp-database
WARP_DATABASE_PORT=5432
WARP_DATABASE_USER=warp
WARP_DATABASE_PASSWORD_FILE=./secrets/warp_db_password
WARP_REDIS_URL=redis://redis:6379
WARP_WEB_ALLOWED_ORIGINS=https://localhost:3535
WARP_OAUTH_REDIRECT_URL=https://localhost:3535/warp/api/v1/auth/o/callback
WARP_OAUTH_PROVIDER=binaryninja
# The following need to match the values in the Enterprise Server database
# and are typically auto-generated by manage_server install and set on first run
WARP_OAUTH_CLIENT_ID=
WARP_OAUTH_CLIENT_SECRET=
## Force manage_server to use images pulled for a specific platform
# DOCKER_DEFAULT_PLATFORM=
## Toggle on-demand permission fixes inside containers
# FORCE_PERMISSION_CHANGE=false