Skip to main content


Two things are needed to configure Corso:

  • Environment variables containing configuration information
  • A directory for Corso to store its configuration file

Environment variables

Three distinct pieces of configuration are required by Corso:

  • S3 object storage configuration to store backups. See AWS Credentials Setup for alternate ways to pass AWS credentials.

    • AWS_ACCESS_KEY_ID: Access key for an IAM user or role for accessing an S3 bucket
    • AWS_SECRET_ACCESS_KEY: Secret key associated with the access key
    • (Optional) AWS_SESSION_TOKEN: Session token required when using temporary credentials
  • Microsoft 365 Configuration

    • AZURE_CLIENT_ID: Client ID for your Azure AD application used to access your M365 tenant
    • AZURE_TENANT_ID: ID for the M365 tenant where the Azure AD application is registered
    • AZURE_CLIENT_SECRET: Azure secret for your Azure AD application used to access your M365 tenant
  • Corso Security Passphrase

    • CORSO_PASSPHRASE: Passphrase to protect encrypted repository contents

Ensure that all of the above environment variables are defined in your Powershell environment.

$Env:AWS_ACCESS_KEY_ID = "..."

$Env:AZURE_CLIENT_ID = "..."
$Env:AZURE_TENANT_ID = "..."


Configuration File

By default, Corso stores its configuration file (.corso.toml) in the user's home directory. The location of the configuration file can be specified using the --config-file option.

Log Files

Corso generates a unique log file named with its timestamp for every invocation. The default location of Corso's log file is shown below but the location can be overridden by using the --log-file flag. The log file will be appended to if multiple Corso invocations are pointed to the same file.

You can also use stdout or stderr as the --log-file location to redirect the logs to "stdout" and "stderr" respectively. This setting can cause logs to compete with progress bar displays in the terminal. We suggest using the --hide-progress option if you plan to log to stdout or stderr.

Log entries, by default, include user names and file names. The --mask-sensitive-data option can be used to replace this information with anonymized hashes.