Configuration¶
SentriKat is configured through environment variables defined in your .env file, created from the annotated .env.example shipped in the release bundle.
The bundle's .env.example is the authoritative reference
Every variable your release supports is documented inline in the .env.example that ships with it. This page covers the variables every installation must set, plus the most common optional ones.
Required Settings¶
These variables must be set or the application will refuse to start:
| Variable | Description | How to set |
|---|---|---|
SECRET_KEY | Application signing key | openssl rand -hex 32 |
ENCRYPTION_KEY | Key used to encrypt stored credentials at rest | python3 -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())" |
DB_PASSWORD | PostgreSQL password | Choose a strong password (32+ random characters) |
DATABASE_URL | PostgreSQL connection string | Pre-wired in .env.example to the bundled database service; only change it for an external PostgreSQL |
SERVER_NAME | Hostname SentriKat is served on | e.g. sentrikat.example.com |
SENTRIKAT_URL | Full public base URL, used in emails and share links | e.g. https://sentrikat.example.com |
SENTRIKAT_INSTALLATION_ID | Unique identifier of this installation (format SK-INST-…) | See the instructions in .env.example |
Keep these secret
Never commit .env to version control. Treat SECRET_KEY and ENCRYPTION_KEY like passwords, and back them up with your database backups — data encrypted with a lost ENCRYPTION_KEY cannot be recovered.
SENTRIKAT_INSTALLATION_ID is part of your license
Your license key is bound to the Installation ID. Keep it stable across updates and server migrations — if it changes, you'll need to rebind your license in the Customer Portal.
Licensing¶
| Variable | Description | Required |
|---|---|---|
SENTRIKAT_LICENSE | Signed license key, for offline / air-gapped activation | Only for offline activation — online activation needs no env var |
Application Server¶
The application is served by Gunicorn inside the container, configured by the bundled gunicorn.conf.py.
| Variable | Description | Default |
|---|---|---|
GUNICORN_BIND | Address and port the app listens on inside the container | 0.0.0.0:5000 |
You normally don't need to touch this — to expose SentriKat on a different host port, change the port mapping in docker-compose.yml instead.
Email Alerts (SMTP)¶
Email notifications are configured via SMTP_* variables — see Email & Webhooks for the variable list and setup walkthrough.
LDAP / Active Directory (Pro)¶
LDAP authentication is configured via LDAP_* variables — see LDAP/SSO & 2FA for the variable list and setup walkthrough.
Storage Paths¶
By default all persistent data lives in Docker named volumes. The bundle's .env.example and docker-compose.yml document how to redirect data to specific paths or drives if your release supports it.
Applying Changes¶
After editing .env, restart the application:
docker compose up -d # picks up .env changes, recreates what changed
# or
docker compose restart sentrikat
Validating Configuration¶
# Check that all services start correctly
docker compose up -d
docker compose ps
# The app answers (200, or a redirect to the wizard/login)
curl -s -o /dev/null -w "%{http_code}\n" http://localhost:5000/
# View application logs for warnings
docker compose logs sentrikat | head -50
If a required variable is missing, the application refuses to start and the log says which one.