H
Homarr2w ago
James O'Claire

Post Migration: Why is there a required SECRET_KEY in the docker compose?

I just completed the migration but got stuck when I tried to remove the SECRET_KEY from my docker-compose. Usually my docker-compose is git committed publicly. Why is there an environment secret here? I tried removing it and it failed to restart. Is there a way to get around this requirement?
Solution:
Hi, the secret encryption key is used to encrypt passwords, api tokens and other sensitive data. In case a malicious actor would gain access to the database, they would not be able to gain access to those credentials. Do not commit, share or publish this token anywhere! Loosing it will break all integrations in Homarr, that use some kind of secret. See https://docs.docker.com/engine/swarm/secrets/ on how to manage those secrets....
Docker Documentation
Manage sensitive data with Docker secrets
How to securely store, retrieve, and use sensitive data with Docker services
Jump to solution
3 Replies
Cakey Bot
Cakey Bot2w ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Solution
Manicraft1001
Manicraft10012w ago
Hi, the secret encryption key is used to encrypt passwords, api tokens and other sensitive data. In case a malicious actor would gain access to the database, they would not be able to gain access to those credentials. Do not commit, share or publish this token anywhere! Loosing it will break all integrations in Homarr, that use some kind of secret. See https://docs.docker.com/engine/swarm/secrets/ on how to manage those secrets. For example, you can inject using vault services or you can put them into a separate env file.
Docker Documentation
Manage sensitive data with Docker secrets
How to securely store, retrieve, and use sensitive data with Docker services
James O'Claire
James O'ClaireOP2w ago
Thanks!

Did you find this page helpful?