Configuration

There are following ways to configure Semaphore:

Configuration options

Full list of available configuration options:

Config file option / Environment variableDescription

bolt.host
SEMAPHORE_DB_HOST

Path to the BoltDB database file.

mysql.host
SEMAPHORE_DB_HOST

MySQL database host.

mysql.name
SEMAPHORE_DB_NAME

MySQL database (schema) name.

mysql.user
SEMAPHORE_DB_USER

MySQL user name.

mysql.pass
SEMAPHORE_DB_PASS

MySQL user's password.

postgres.host
SEMAPHORE_DB_HOST

Postgres database host.

postgres.name
SEMAPHORE_DB_NAME

Postgres database (schema) name.

postgres.user
SEMAPHORE_DB_USER

Postgres user name.

postgres.pass
SEMAPHORE_DB_PASS

Postgres user's password.

dialect
SEMAPHORE_DB_DIALECT

Can be mysql, postgres or bolt

git_client
SEMAPHORE_GIT_CLIENT


ssh_config_path
SEMAPHORE_SSH_PATH


port
SEMAPHORE_PORT

TCP port on which the web interface will be available. Default: 3000

interface
SEMAPHORE_INTERFACE

Useful if your server has multiple network interfaces

tmp_path
SEMAPHORE_TMP_PATH

Path to directory where cloned repositories and generated files are stored. Default: /tmp/semaphore

access_key_encryption
SEMAPHORE_ACCESS_KEY_ENCRYPTION

Secret key used for encrypting access keys in database. Read more in Database encryption reference.

web_host
SEMAPHORE_WEB_ROOT

Can be useful if you want to use Semaphore by the subpath, for example: http://yourdomain.com/semaphore. Do not add a trailing /.

tls.enabled
SEMAPHORE_TLS_ENABLED


tls.cert_file
SEMAPHORE_TLS_CERT_FILE


tls.key_file
SEMAPHORE_TLS_KEY_FILE


email_sender
SEMAPHORE_EMAIL_SENDER


email_host
SEMAPHORE_EMAIL_HOST


email_port
SEMAPHORE_EMAIL_PORT


email_secure
SEMAPHORE_EMAIL_SECURE


email_username
SEMAPHORE_EMAIL_USERNAME


email_password
SEMAPHORE_EMAIL_PASSWORD


email_alert
SEMAPHORE_EMAIL_ALERT


telegram_alert
SEMAPHORE_TELEGRAM_ALERT


telegram_chat
SEMAPHORE_TELEGRAM_CHAT


telegram_token
SEMAPHORE_TELEGRAM_TOKEN


slack_alert
SEMAPHORE_SLACK_ALERT

Set to True to enable pushing alerts to slack. It should be used in combination with slack_url

slack_url
SEMAPHORE_SLACK_URL

The slack webhook url. Semaphore will used it to POST Slack formatted json alerts to the provided url.

microsoft_teams_alert
SEMAPHORE_MICROSOFT_TEAMS_ALERT

Set to True to enable pushing alerts to teams. It should be used in combination with microsoft_teams_url.

microsoft_teams_url
SEMAPHORE_MICROSOFT_TEAMS_URL

The teams webhook url. Semaphore will used it to POST alerts.

rocketchat_alert
SEMAPHORE_ROCKETCHAT_ALERT

Set to True to enable pushing alerts to Rocket.Chat. It should be used in combination with rocketchat_url. Available since v2.9.56.

rocketchat_url
SEMAPHORE_ROCKETCHAT_URL

The rocketchat webhook url. Semaphore will used it to POST Rocket.Chat formatted json alerts to the provided url. Available since v2.9.56.

ldap_enable
SEMAPHORE_LDAP_ENABLE


ldap_needtls
SEMAPHORE_LDAP_NEEDTLS


ldap_binddn
SEMAPHORE_LDAP_BIND_DN


ldap_bindpassword
SEMAPHORE_LDAP_BIND_PASSWORD


ldap_server
SEMAPHORE_LDAP_SERVER


ldap_searchdn
SEMAPHORE_LDAP_SEARCH_DN


ldap_searchfilter
SEMAPHORE_LDAP_SEARCH_FILTER


max_parallel_tasks
SEMAPHORE_MAX_PARALLEL_TASKS

Max allowed parallel tasks for whole Semaphore instance.

max_task_duration_sec
SEMAPHORE_MAX_TASK_DURATION_SEC

Max allowed parallel tasks for whole Semaphore instance.

max_tasks_per_template
SEMAPHORE_MAX_TASKS_PER_TEMPLATE

Max allowed parallel tasks for whole Semaphore instance.

oidc_providers Static Badge
OpenID provider settings. You can provide multiple OpenID providers. More about OpenID configuration read in OpenID.


password_login_disable
SEMAPHORE_PASSWORD_LOGIN_DISABLED

Static Badge

Disable login with using password. Only LDAP and OpenID.

non_admin_can_create_project
SEMAPHORE_NON_ADMIN_CAN_CREATE_PROJECT


env_vars
SEMAPHORE_ENV_VARS


forwarded_env_vars
SEMAPHORE_FORWARDED_ENV_VARS


apps
SEMAPHORE_APPS


use_remote_runner
SEMAPHORE_USE_REMOTE_RUNNER


use_remote_runner
SEMAPHORE_USE_REMOTE_RUNNER


runner_registration_token
SEMAPHORE_RUNNER_REGISTRATION_TOKEN


auth.totp.enabled
SEMAPHORE_TOTP_ENABLED


auth.totp.allow_recovery
SEMAPHORE_TOTP_ALLOW_RECOVERY

Public URL

If you use nginx or other web server before Semaphore, you should provide configuration option web_host.

For example you configured NGINX on the server which proxies queries to Semaphore.

Server address https://exmaple.com and you proxies all queries https://exmaple.com/semaphore to Semaphore.

Your web_host will be https://exmaple.com/semaphore.