Signchain Docs

Home>Vault>Installation & Setup>Environment Variables

Environment Variables

To configure your Signchain Self-hosted Vault, set the following environment variables in your .env file. These variables control storage, networking, and security settings for your deployment.

Storage Configuration

VAULT_STORAGE_BACKEND

  • Description: Specifies the storage backend for the vault.
  • Options: Currently, only mongo is supported.
  • Example: 
    VAULT_STORAGE_BACKEND=mongo

VAULT_MONGO_URL

  • Description: The MongoDB connection URL, including any necessary authentication details.
  • Example: 
    mongodb://username:password@mongo:27017/signchain-vault?replicaSet=rs0

Networking and Security

PORT

  • Description: The port on which the Vault will listen.
  • Default: 443 (TLS). If insecure HTTP is preferred, set to 80.
  • Example: 
    PORT=80

VAULT_INSECURE_HTTP

  • Description: Set to true to enable insecure HTTP (only recommended if running behind an SSL front end).
  • Example: 
    VAULT_INSECURE_HTTP=true

VAULT_KEY

  • Description: Comma-separated list of vault keys for accessing the self-hosted vault, retrieved from the Signchain dashboard.
  • Example: 
    VAULT_KEY=vault-key-1,vault-key-2,vault-key-3

VAULT_AUTH_SECRET_KEY

  • Description: A secure key used to prevent MITM attacks. The shared secret between your backend and self-hosted vault instance, used for signing requests with the X-Vault-Auth-Signature header.
  • Example: 
    VAULT_AUTH_SECRET_KEY=your_secure_key
  • Note: Generate a secure key, e.g., using ps aux | shasum.

Example .env File

VAULT_STORAGE_BACKEND=mongo
VAULT_MONGO_URL=mongodb://username:password@localhost:27017/signchain-vault
PORT=80
VAULT_INSECURE_HTTP=true
VAULT_KEY=vault-key-1,vault-key-2,vault-key-3
VAULT_AUTH_SECRET_KEY=your_secure_key

Next Steps

With your environment variables configured, you can now proceed to Docker Setup to launch your Self-hosted Vault. Be sure to review Security Best Practices to keep your deployment secure.