Post Migration: Why is there a required SECRET_KEY in the docker compose?
I just completed the migration but got stuck when I tried to remove the SECRET_KEY from my docker-compose. Usually my docker-compose is git committed publicly. Why is there an environment secret here? I tried removing it and it failed to restart. Is there a way to get around this requirement?
Solution
Hi, the secret encryption key is used to encrypt passwords, api tokens and other sensitive data. In case a malicious actor would gain access to the database, they would not be able to gain access to those credentials.
Do not commit, share or publish this token anywhere! Loosing it will break all integrations in Homarr, that use some kind of secret.
See https://docs.docker.com/engine/swarm/secrets/ on how to manage those secrets.
For example, you can inject using vault services or you can put them into a separate env file.
Do not commit, share or publish this token anywhere! Loosing it will break all integrations in Homarr, that use some kind of secret.
See https://docs.docker.com/engine/swarm/secrets/ on how to manage those secrets.
For example, you can inject using vault services or you can put them into a separate env file.
Docker Documentation
How to securely store, retrieve, and use sensitive data with Docker services
