Configuration

Server secrets and rotation

deeploy generates secure server secrets automatically on first install.

Server Secrets

  • JWT_SECRET
  • ENCRYPTION_KEY

The install script generates both automatically on first install and writes them to /opt/deeploy/.env.

You normally do not need to touch them.

Important

  • Change ENCRYPTION_KEY only before you store real data.
  • If you change ENCRYPTION_KEY later, previously encrypted values in the database cannot be decrypted.
  • Changing JWT_SECRET logs out existing sessions (users must log in again).

If You Must Change Secrets

  1. SSH to your server.
  2. Open /opt/deeploy/.env.
  3. Replace the secret(s).
  4. Restart the stack: 
    cd /opt/deeploy
docker compose up -d --force-recreate
  5. Verify login and app behavior.
← Getting StartedDeploying →
© 2026 Axel Adrian