Local Quick Start
# 1. Clone the repo
git clone https://github.com/authsec-ai/onprem.git
cd onprem
# 2. Create your .env from the example
cp .env.example .env
# 3. Fill in required secrets (Linux / GNU sed)
sed -i "s/^JWT_DEF_SECRET=$/JWT_DEF_SECRET=$(openssl rand -hex 32)/" .env
sed -i "s/^JWT_SECRET=$/JWT_SECRET=$(openssl rand -hex 32)/" .env
sed -i "s/^JWT_SDK_SECRET=$/JWT_SDK_SECRET=$(openssl rand -hex 32)/" .env
sed -i "s/^TOTP_ENCRYPTION_KEY=$/TOTP_ENCRYPTION_KEY=$(openssl rand -hex 32)/" .env
sed -i "s/^SYNC_CONFIG_ENCRYPTION_KEY=$/SYNC_CONFIG_ENCRYPTION_KEY=$(openssl rand -hex 32)/" .env
sed -i "s/^SESSION_SECRET=$/SESSION_SECRET=$(openssl rand -hex 32)/" .env
sed -i "s/^DB_PASSWORD=changeme$/DB_PASSWORD=$(openssl rand -hex 16)/" .env
sed -i "s/^HYDRA_SECRETS_SYSTEM=$/HYDRA_SECRETS_SYSTEM=$(openssl rand -hex 32)/" .env
sed -i "s/^HYDRA_SECRETS_COOKIE=$/HYDRA_SECRETS_COOKIE=$(openssl rand -hex 32)/" .env
# 4. Ensure HYDRA_DSN uses the same DB_PASSWORD
# 5. Pull images and start
docker compose pull
docker compose up -d
# 6. Wait for services to become healthy
docker compose ps
# 7. Run master DB migration
curl -X POST http://localhost/authsec/migration/migrations/master/run
# 8. Register first admin
curl -X POST http://localhost/authsec/uflow/auth/admin/register \
-H "Content-Type: application/json" \
-d '{"email":"admin@example.com","password":"YourPassword123!"}'
Open http://localhost in your browser.
On first startup, AuthSec automatically runs master DB migrations and builds the tenant DB template in the background (around 30 to 60 seconds). The migration endpoint in step 7 is idempotent.
macOS note: If
sed -ifails, edit.envmanually or usesed -i '' ....
Next step: Environment Variables.