Newer
Older
redirect_from:
- /docs/latest/operations-guide/environment-variables
# Environment variables
Many settings in Metabase can be viewed and modified in the Admin Panel, or set via environment variables. The environment variables always take precedence. Note that the environment variables won't get written into the application database.
Setting environment variables can be done in various ways depending on how Metabase is being run.
# Mac, Linux and other Unix-based systems
# Windows Powershell
$env:MB_SITE_NAME="Awesome Company"
# Windows batch/cmd
set MB_SITE_NAME="Awesome Company"
Or set it as Java property, which works the same across all systems:
```
java -DMB_SITE_NAME="Awesome Company" -jar metabase.jar
```
Docker:
```
docker run -d -p 3000:3000 -e MB_SITE_NAME="Awesome Company" --name metabase metabase/metabase
Type: integer<br>
Default: `20160`
Session expiration, defined in minutes (default is 2 weeks), which will log out users after the defined period and require re-authentication.
Note: This setting is not an idle/inactivity timeout. If you set this to 15 minutes, your users have to login (or re-authenticate) again every 15 minutes. Use [MB_SESSION_TIMEOUT](#mb_session_timeout) to control timeout based on inactivity.
Use [MB_SESSION_COOKIES](#mb_session_cookies) to also expire sessions, when browser is closed.
Also see the [Changing session expiration](../people-and-groups/changing-session-expiration.md) documentation page.
Type: string<br>
Default: `null`
The email address users should be referred to if they encounter a problem.
Type: boolean<br>
Default: `true`
Enable the collection of anonymous usage data in order to help Metabase improve.
Type: string<br>
Default: `null`
Middleware that enforces validation of the client via the request header `X-Metabase-Apikey`. If the header is available, then it’s validated against `MB_API_KEY`. When it matches, the request continues; otherwise it’s blocked with a 403 Forbidden response.
![metabase-bot[bot]'s avatar](https://secure.gravatar.com/avatar/5a54b0ee1ad6bf1b2f5cc0cf8d899cd3472359c55cfa3b55c0f005eea7c06b71?s=72&d=identicon "metabase-bot[bot]")
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
JSON object of primary colors used in charts and throughout Metabase. Examples:
To change the user interface colors:
```
{
"brand":"#ff003b",
"filter":"#FF003B",
"summarize":"#FF003B"
}
```
To change the chart colors:
```
{
"accent0":"#FF0005",
"accent1":"#E6C367",
"accent2":"#B9E68A",
"accent3":"#8AE69F",
"accent4":"#8AE6E4",
"accent5":"#8AA2E6",
"accent6":"#B68AE6",
"accent7":"#E68AD0"
}
```
### `MB_APPLICATION_DB_MAX_CONNECTION_POOL_SIZE`
Type: integer<br>
Default: `15`<br>
Maximum number of connections to the Metabase application database.
Change this to a higher value if you notice that regular usage consumes all or close to all connections. When all connections are in use, Metabase might feel slow or unresponsive when clicking around the interface.
To see how many connections are being used, check the Metabase logs and look for lines that contains the following: `… App DB connections: 12/15 …`. In this example, 12 out of 15 available connections are being used.
See [MB_JDBC_DATA_WAREHOUSE_MAX_CONNECTION_POOL_SIZE](#mb_jdbc_data_warehouse_max_connection_pool_size) for setting maximum connections to the databases connected to Metabase.
### `MB_APPLICATION_FAVICON_URL`
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `"frontend_client/favicon.ico"`
Path or URL to favicon file.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `"Lato"`<br>
Since: v44.0
Change the font used in Metabase. See [fonts](../configuring-metabase/fonts.md).
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Default: `"{}"`<br>
Since: v44.0
Tell Metabase which font files to use for different styles. Example value:
```
[
{
"src": "https://example.com/resources/font-400",
"fontFormat": "ttf",
"fontWeight": 400,
},
{
"src": "https://example.com/resources/font-700",
"fontFormat": "woff",
"fontWeight": 700,
}
]
```
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `"app/assets/img/logo.svg"`
Path or URL to logo file. For best results use SVG format.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `"Metabase"`
Replace the word `Metabase` wherever it appears with the defined string.
### `MB_ASYNC_QUERY_THREAD_POOL_SIZE`
Type: integer<br>
Default: `50`<br>
Maximum number of async Jetty threads. If not set, then [MB_JETTY_MAXTHREADS](#mb_jetty_maxthreads) will be used, otherwise it will use the default.
### `MB_AUDIT_MAX_RETENTION_DAYS`
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: integer<br>
Default: 0 (Metabase keeps all rows)<br>
Sets the maximum number of days Metabase preserves rows in the `query_execution` table in the application database.
Twice a day, Metabase will delete rows older than this threshold.
The minimum value is `30` days (Metabase will treat entered values of `1` to `29` the same as `30`). If set to `0`, Metabase will keep all rows.
Type: double<br>
Default: `10.0`
When using the default binning strategy for a field of type Coordinate (such as Latitude and Longitude), this number will be used as the default bin width (in degrees).
Type: integer<br>
Default: `8`
When using the default binning strategy and a number of bins is not provided, this number will be used as the default.
Type: boolean<br>
Default: `true`
Identify when new versions of Metabase are available.
Type: boolean<br>
Default: `true`
Color log lines. When set to `false` it will disable log line colors. This is disabled on Windows. Related to [MB_EMOJI_IN_LOGS](#mb_emoji_in_logs).
### `MB_CONFIG_FILE_PATH`
Type: string<br>
Default: `config.yml`
This feature requires the `advanced-config` feature flag on your token.
Type: string<br>
Default: `"{}"`
JSON object keyed by type, containing formatting settings.
Type: string<br>
Default: `"{}"`
JSON object containing information about custom GeoJSON files for use in map visualizations instead of the default US State or World GeoJSON.
### `MB_CUSTOM_GEOJSON_ENABLED`
Type: boolean<br>
Default: `true`
Whether or not the use of custom GeoJSON is enabled.
Type: boolean<br>
Default: `true`
When set to `false`, Metabase will print migrations needed to be done in the application database and exit. Those migrations need to be applied manually. When `true`, Metabase will automatically make changes to the application database. This is not related to migrating away from H2.
### `MB_DB_CONNECTION_TIMEOUT_MS`
Timeout in milliseconds for connecting to databases, both Metabase application database and data connections. In case you're connecting via an SSH tunnel and run into a timeout, you might consider increasing this value as the connections via tunnels have more overhead than connections without.
Type: string<br>
Default: `null`
A JDBC-style connection URI that can be used instead of most of `MB_DB_*` like [MB_DB_HOST](#mb_db_host). Also used when certain Connection String parameters are required for the connection. The connection type requirement is the same as [MB_DB_TYPE](#mb_db_type).
jdbc:postgresql://db.example.com:5432/mydb?user=dbuser&password=dbpassword
jdbc:postgresql://db.example.com:5432/mydb?user=dbuser&password=dbpassword&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory
jdbc:mysql://db.example.com:3306/mydb?user=dbuser&password=dbpassword
Type: string<br>
Default: `null`
The database name of the application database used with [MB_DB_HOST](#mb_db_host).
Type: string<br>
Default: `"metabase.db"`
Location of H2 database file. Should not include the `.mv.db` (or `.h2.db`) file extension. Used when [MB_DB_TYPE](#mb_db_type) is set to`"h2"`.
Can also be used when migrating away from H2 to specify where the existing data should be read from.
Type: string<br>
Default: `null`
The host name or IP address of the application database. Used when [MB_DB_TYPE](#mb_db_type) is different than `"h2"`.
Type: boolean<br>
Default: `null`
Used for testing with [MB_DB_FILE](#mb_db_file).
Type: string<br>
Default: `null`
The password for [MB_DB_HOST](#mb_db_host).
Type: integer<br>
Default: `null`
The port for [MB_DB_HOST](#mb_db_host).
Type: string (`"h2"`, `"postgres"`, `"mysql"`)<br>
Default: `"h2"`
When `"h2"`, the application database is loaded from [MB_DB_FILE](#mb_db_file), otherwise [MB_DB_HOST](#mb_db_host) will be used to define application database.
Type: string<br>
Default: `null`
The username for [MB_DB_HOST](#mb_db_host).
### `MB_DEV_ADDITIONAL_DRIVER_MANIFEST_PATHS`
Type: string<br>
Default: `null`
Used during development of third-party drivers. Set the value to have that plugin manifest get loaded during startup. Specify multiple plugin manifests by comma-separating them.
### `MB_DISABLE_SESSION_THROTTLE`
Type: boolean<br>
Default: `false`
When `true`, this will disable session throttling. **Warning:** It is not recommended to disable throttling, since it is a protective measure against brute-force attacks.
Use [MB_SOURCE_ADDRESS_HEADER](#mb_source_address_header) to set the IP address of the remote client from e.g. a reverse-proxy.
Type: string<br>
Default: `null`
Address you want to use as the sender of emails generated by Metabase, such as pulses or account invitations.
### `MB_EMAIL_FROM_NAME`
Type: string<br>
Default: `null`<br>
Since: v44.0
Use the defined name in emails. By default, no name is used, meaning it just displays the [MB_EMAIL_FROM_ADDRESS](#mb_email_from_address) email address.
### `MB_EMAIL_REPLY_TO`
Type: string<br>
Default: `null`<br>
Since: v44.0
Include a Reply-To address in emails. Has to be in the format `"['address@domain.example']"` (including the square brackets).
Type: string<br>
Default: `null`
The address of the SMTP server that handles your emails.
Type: string<br>
Default: `null`
SMTP password.
Type: integer<br>
Default: `null`
The port your SMTP server uses for outgoing emails.
Type: string (`"tls"`, `"ssl"`, `"starttls"`, `"none"`)<br>
Default: `"none"`
SMTP secure connection protocol.
Type: string<br>
Default: `null`
SMTP username.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `null`
URL of origin allowed to embed the full Metabase application.
Related to [MB_SESSION_COOKIE_SAMESITE](#mb_session_cookie_samesite). Read more about [FullApp Embedding](../embedding/full-app-embedding.md).
### `MB_EMBEDDING_SECRET_KEY`
Type: string<br>
Default: `null`<br>
Since: v44.0
Secret key used to sign JSON Web Tokens for requests to /api/embed endpoints.
The secret should be kept safe (treated like a password) and recommended to be a 64 character string.
This is for Signed Embedding, and has nothing to do with JWT SSO authentication, which is [MB_JWT_*](#mb_jwt_enabled).
Type: boolean<br>
Default: `true`
Emojis on log lines. When set to `false` it will disable log line emojis. This is disabled on Windows. Related to [MB_COLORIZE_LOGS](#mb_colorize_logs).
Type: boolean<br>
Default: `false`
Allow admins to securely embed questions and dashboards within other applications.
Type: boolean<br>
Default: `true`
Allow using a saved question as the source for other queries.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: boolean<br>
Default: `true`
Still allow logging in by email and password when SSO login options are enabled.
Type: boolean<br>
Default: `false`
Enable admins to create publicly viewable links (and embedded iframes) for questions and dashboards.
Type: boolean<br>
Default: `false`
Enabling caching will save the results of queries that take a long time to run.
Type: boolean<br>
Default: `null`
When `true`, this will enable `/api/testing` endpoint. **Warning:** This should never be enabled in production system.
Type: boolean<br>
Default: `true`
Allow users to explore data using X-rays.
Type: string<br>
Default: `null`
When set, this will encrypt database credentials stored in the application database. Requirement: minimum 16 characters base64-encoded string.
Also see documentation page [Encrypting database details at rest](../databases/encrypting-details-at-rest.md).
### `MB_GOOGLE_AUTH_AUTO_CREATE_ACCOUNTS_DOMAIN`
Type: string<br>
Default: `null`
When set, allows users to automatically create their Metabase account by logging in if their Google account email address is from this domain.
Since v40.0, the Pro and Enterprise plans supports inputting multiple domains separated by commas.
Type: string<br>
Default: `null`
Client ID for Google Auth SSO. If this is set, Google Auth is considered to be enabled.
### `MB_JDBC_DATA_WAREHOUSE_MAX_CONNECTION_POOL_SIZE`
Type: integer<br>
Default: `15`<br>
Maximum number of connections to the data source databases. The maximum is for each database setup in Admin Panel > Databases, not a total for all databases.
Change this to a higher value if you notice that regular usage consumes all or close to all connections. When all connections are in use then Metabase will be slower to return results for queries, since it would have to wait for an available connection before processing the next query in the queue.
See [MB_APPLICATION_DB_MAX_CONNECTION_POOL_SIZE](#mb_application_db_max_connection_pool_size) for setting maximum connections to the Metabase application database.
### `MB_JETTY_ASYNC_RESPONSE_TIMEOUT`
Type: integer<br>
Default: `600000`<br>
Timeout of Jetty async threads, defined in milliseconds. The default is 10 minutes. Very few things might reach that timeout, since they return some type of data before, but things like CSV downloads might.
Type: boolean<br>
Default: `false`
Use daemon threads.
Default: `localhost` for JAR, `0.0.0.0` for Docker
Configure a host either as a host name or IP address to identify a specific network interface on which to listen. If set to `"0.0.0.0"`, Metabase listens on all network interfaces. It will listen on the port specified in [MB_JETTY_PORT](#mb_jetty_port).
Type: boolean<br>
Default: `true`
Blocks the thread until server ends.
Type: integer<br>
Default: `200000`
Maximum idle time for a connection, in milliseconds.
Type: integer<br>
Default: _"FIX ME"_
Maximum number of requests to be queued when all threads are busy.
Type: integer<br>
Default: `50`
Maximum number of threads.
Change this to a higher value if you notice that regular usage consumes all or close to all threads. When all threads are in use Metabase might feel slow or unresponsive when clicking around the interface.
To see how many threads are being used, check the Metabase logs and look for lines that contain the following: `… Jetty threads: 45/50 …`, which in this case would indicate 45 out of 50 available threads are being used.
Related [MB_ASYNC_QUERY_THREAD_POOL_SIZE](#mb_async_query_thread_pool_size).
Type: integer<br>
Default: `8`
Minimum number of threads.
Type: integer<br>
Default: `3000`
Configure which port to use for HTTP. It will listen on the interface specified in [MB_JETTY_HOST](#mb_jetty_host).
### `MB_JETTY_REQUEST_HEADER_SIZE`
Maximum size of a request header, in bytes. Increase this value if you are experiencing errors like "Request Header Fields Too Large".
Type: boolean<br>
Default: `null`
When set to `true`, will enable HTTPS with the options configured in the `MB_JETTY_SSL_*` variables.
Also see the [Customizing Jetty web server](customizing-jetty-webserver.md) documentation page.
Type: boolean<br>
Default: `null`
Configure Java SSL client authentication. When set to `true`, client certificates are required and verified by the certificate authority in the TrustStore.
Type: string<br>
Default: `null`
Path to Java KeyStore file.
### `MB_JETTY_SSL_KEYSTORE_PASSWORD`
Type: string<br>
Default: `null`
Password for Java KeyStore file.
Type: integer<br>
Default: `null`
Configure which port to use for HTTPS. It will listen on the interface specified in [MB_JETTY_HOST](#mb_jetty_host).
Type: string<br>
Default: `null`
Path to Java TrustStore file.
### `MB_JETTY_SSL_TRUSTSTORE_PASSWORD`
Type: string<br>
Default: `null`
Password for Java TrustStore file.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `"email"`
Key to retrieve the JWT user's email address.
### `MB_JWT_ATTRIBUTE_FIRSTNAME`
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `"first_name"`
Key to retrieve the JWT user's first name.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `"groups"`
Key to retrieve the JWT user's groups.
### `MB_JWT_ATTRIBUTE_LASTNAME`
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Key to retrieve the JWT user's last name.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: boolean<br>
Default: `false`
When set to `true`, will enable JWT authentication with the options configured in the `MB_JWT_*` variables.
This is for JWT SSO authentication, and has nothing to do with Signed Embedding, which is [MB_EMBEDDING_SECRET_KEY](#mb_embedding_secret_key)
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `"{}"`
JSON object containing JWT to Metabase group mappings. Should be in the form: `'{"groupName": [1, 2, 3]}'` where keys are JWT groups and values are lists of Metabase groups IDs.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: boolean<br>
Default: `false`
Enable group membership synchronization with JWT.
### `MB_JWT_IDENTITY_PROVIDER_URI`
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `null`
URL of JWT based login page.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `null`
String used to seed the private key used to validate JWT messages.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Default page to show people when they log in.
Type: string<br>
Default: `"mail"`
Attribute to use for the user's email. Usually 'mail', 'email' or 'userPrincipalName'.
### `MB_LDAP_ATTRIBUTE_FIRSTNAME`
Type: string<br>
Default: `"givenName"`
Attribute to use for the user's first name. Usually 'givenName'.
### `MB_LDAP_ATTRIBUTE_LASTNAME`
Type: string<br>
Default: `"sn"`
Attribute to use for the user's last name. Usually 'sn'.
Type: string<br>
Default: `null`
The Distinguished Name to bind as (if any). This user will be used to lookup information about other users.
Type: boolean<br>
Default: `false`
When set to `true`, will enable LDAP authentication with the options configured in the `MB_LDAP_*` variables.
Type: string<br>
Default: `null`
Search base for groups. Not required if your LDAP directory provides a 'memberOf' overlay. (Will be searched recursively.)
Type: string<br>
Default: `"{}"`
JSON object containing LDAP to Metabase group mappings.
### `MB_LDAP_GROUP_MEMBERSHIP_FILTER`
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `"(member={dn})"`<br>
Since: v40.0
Group membership lookup filter. The placeholders `{dn}` and `{uid}` will be replaced by the user's Distinguished Name and UID, respectively.
Type: boolean<br>
Default: `false`
Enable group membership synchronization with LDAP.
Type: string<br>
Default: `null`
Server hostname.
Type: string<br>
Default: `null`
The password to bind with for the lookup user.
Type: string<br>
Default: `"389"`
Server port, usually 389 or 636 if SSL is used.
Type: string (`"none"`, `"ssl"`, `"starttls"`)<br>
Default: `"none"`
Use SSL, TLS or plain text.
### `MB_LDAP_SYNC_USER_ATTRIBUTES`
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: boolean<br>
Default: `true`
Sync user attributes when someone logs in via LDAP.
### `MB_LDAP_SYNC_USER_ATTRIBUTES_BLACKLIST`
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string<br>
Default: `"userPassword,dn,distinguishedName"`
Comma-separated list of user attributes to skip syncing for LDAP users.
Type: string<br>
Default: `null`
Search base for users. (Will be searched recursively.)
Type: string<br>
Default: `"(&(objectClass=inetOrgPerson)(|(uid={login})(mail={login})))"`
User lookup filter. The placeholder `{login}` will be replaced by the user supplied login.
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
Type: string (`"doing-science"`, `"running-query"`, `"loading-results"`)<br>
Default: `"doing-science."`<br>
Since: v44.0
Change the loading message, when waiting for results.
Default: `"https://{s}.tile.openstreetmap.org/{z}/{x}/{y}.png"`
The map tile server URL template used in map visualizations, for example from OpenStreetMaps or MapBox.
### `MB_NATIVE_QUERY_AUTOCOMPLETE_MATCH_STYLE`
Type: string (`"substring"`, `"prefix"`, `"off"`)<br>
Default: `"substring"`<br>
Since: v44.1
Matching style for native query editor's autocomplete. Larger instances can have performance issues matching using `substring`, so can use `prefix` matching, or turn autocompletions `off`.
### `MB_NOTIFICATION_LINK_BASE_URL`
Only available on Metabase [Pro](https://www.metabase.com/product/pro) and [Enterprise](https://www.metabase.com/product/enterprise) plans.<br>
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
Default: `null`<br>
Since: v42.0
The base URL where dashboard notitification links will point to instead of the Metabase base URL. Only applicable for users who utilize FullApp embedding and subscriptions.
### `MB_NOTIFICATION_RETRY_INITIAL_INTERVAL`
Type: integer<br>
Default: `500`<br>
Since: v44.0
The initial retry delay in milliseconds when delivering notifications.
### `MB_NOTIFICATION_RETRY_MAX_ATTEMPTS`
Type: integer<br>
Default: `7`<br>
Since: v44.0
The maximum number of attempts for delivering a single notification.
### `MB_NOTIFICATION_RETRY_MAX_INTERVAL_MILLIS`
Type: integer<br>
Default: `30000`<br>
Since: v44.0
The maximum delay between attempts to deliver a single notification.
### `MB_NOTIFICATION_RETRY_MULTIPLIER`
Type: double<br>
Default: `2.0`<br>
Since: v44.0
The delay multiplier between attempts to deliver a single notification.
### `MB_NOTIFICATION_RETRY_RANDOMIZATION_FACTOR`
Type: double<br>
Default: `0.1`<br>
Since: v44.0
The randomization factor of the retry delay when delivering notifications.
### `MB_NS_TRACE`
Type: string<br>
Default: `""`
Comma-separated namespaces to trace. **WARNING:** Could log sensitive information like database passwords.
Type: string (`"weak"`, `"normal"`, `"strong"`)<br>
Default: `"normal"`
Enforce a password complexity rule to increase security for regular logins. This only applies to new users or users that are changing their password. Related [MB_PASSWORD_LENGTH](#mb_password_length)
- `weak` no character constraints
- `normal` at least 1 digit
- `strong` minimum 8 characters w/ 2 lowercase, 2 uppercase, 1 digit, and 1 special character
Type: integer<br>
Default: `6`
Set a minimum password length to increase security for regular logins. This only applies to new users or users that are changing their password. Uses the length of [MB_PASSWORD_COMPLEXITY](#mb_password_complexity) if not set.
### `MB_PERSISTED_MODEL_REFRESH_CRON_SCHEDULE`
Type: string<br>
Default: `"0 0 0/6 * * ? *"`<br>
Since: v44.0
Cron syntax string to schedule refreshing persisted models.
### `MB_PERSISTED_MODELS_ENABLED`
Type: boolean<br>
Default: `false`<br>
Since: v44.0
Allow persisting models into the source database.
Type: string<br>
Default: `"plugins"`
Path of the "plugins" directory, which is used to store the Metabase database drivers. The user who is running Metabase should have permission to write to the directory. When running the JAR, the default directory is `plugins`, created in the same location as the JAR file. When running Docker, the default directory is `/plugins`.
The location is where custom third-party drivers should be added. Then Metabase will load the driver on startup, which can be verified in the log.
### `MB_PREMIUM_EMBEDDING_TOKEN`
Type: string<br>
Default: `null`
The license token used for Pro and Enterprise to enable premium features on the Enterprise edition. It is also used for the deprecated "Premium Embedding" functionality on the OSS edition.