All Concourse configuration can be set through environment variables. These override values in the YAML config file.
| Variable | Description | Required | Default |
|---|
CONCOURSE_JWT_SECRET | JWT signing secret. Must be at least 32 bytes. | Yes | — |
CONCOURSE_PUBLIC_URL | Public URL of this Concourse instance (for autodiscovery and callbacks). | No | — |
CONCOURSE_NAME | Organization name displayed in the inboard app. | No | My Company |
CONCOURSE_EXTENSIONS_URL | URL of the extension registry. | No | — |
DATABASE_URL | Primary database URL (sqlite://, file://, libsql://, or :memory:). | No | sqlite:///data/concourse.db |
CONCOURSE_ADMIN_EMAIL | Bootstrap admin email. Used on first startup only. | First run | — |
CONCOURSE_ADMIN_PASSWORD | Bootstrap admin password. Used on first startup only. | First run | — |
CONCOURSE_ADMIN_NAME | Bootstrap admin display name. | No | — |
CONCOURSE_AGENTS_API_KEY | Anthropic API key for AI agent functionality. | No | — |
OIDC_CLIENT_ID | OIDC client ID from your identity provider. | If OIDC enabled | — |
OIDC_CLIENT_SECRET | OIDC client secret. | If OIDC enabled | — |
OIDC_REDIRECT_URI | OIDC callback URL. | If OIDC enabled | http://localhost:8080/api/v1/auth/oidc/callback |
SAML_METADATA_URL | SAML IdP metadata URL. | If SAML enabled | — |
SAML_ENTITY_ID | SAML Service Provider entity ID. | If SAML enabled | https://concourse.example.com |
SAML_ACS_URL | SAML Assertion Consumer Service URL. | If SAML enabled | http://localhost:8080/api/v1/auth/saml/acs |
AUDIT_DATABASE_URL | Audit database URL. | No | file:///data/audit.db |
AUDIT_WEBHOOK_URL | SIEM webhook URL for audit event forwarding. | No | — |
AUDIT_WEBHOOK_TOKEN | Bearer token for SIEM webhook authentication. | No | — |
RUST_LOG | Log level filter. | No | info,hyper=warn |
| Variable | Description | Required | Default |
|---|
CONCOURSE_URL | URL of the Concourse server the relay connects to. | Yes | — |
RELAY_TOKEN | Authentication token issued when registering the relay. | Yes | — |
RELAY_NAME | Display name for this relay instance. | No | Office Relay |
DB_HOST | Database host (used in relay config interpolation). | Depends on config | — |
DB_PASSWORD | Database password (used in relay config interpolation). | Depends on config | — |
The RUST_LOG variable controls log verbosity. Common values:
| Value | Description |
|---|
error | Errors only. |
warn | Warnings and errors. |
info | General operational messages (default). |
debug | Detailed debugging output. |
info,hyper=warn | Info level with reduced noise from the HTTP library (recommended). |
docker run -d --name concourse \
-v concourse-data:/data \
-e CONCOURSE_JWT_SECRET=a-random-string-at-least-32-bytes \
-e CONCOURSE_ADMIN_EMAIL=admin@example.com \
-e CONCOURSE_ADMIN_PASSWORD=changeme \
-e CONCOURSE_PUBLIC_URL=https://concourse.example.com \
ghcr.io/inboard-ai/concourse:latest
docker run -d --name concourse \
-v concourse-data:/data \
-e CONCOURSE_JWT_SECRET=a-random-string-at-least-32-bytes \
-e CONCOURSE_ADMIN_EMAIL=admin@example.com \
-e CONCOURSE_ADMIN_PASSWORD=changeme \
-e CONCOURSE_PUBLIC_URL=https://concourse.example.com \
-e OIDC_CLIENT_ID=your-client-id \
-e OIDC_CLIENT_SECRET=your-client-secret \
-e OIDC_REDIRECT_URI=https://concourse.example.com/api/v1/auth/oidc/callback \
ghcr.io/inboard-ai/concourse:latest
