Configuration
PulseDB can be configured using environment variables and runtime settings.
Environment variables
| Variable | Required | Default | Description |
|---|---|---|---|
ENCRYPTION_KEY | No | Auto-generated | 32-byte hex key for AES-256-GCM |
Encryption key
The encryption key is generated automatically on first launch. To use your own:
yaml
services:
pulsedb:
environment:
- ENCRYPTION_KEY=your-64-char-hex-key
The key should be a 64-character hex string (32 bytes).
Encryption details
Connection passwords are encrypted at rest using AES-256-GCM:
- Key derived via SHA-256 from
ENCRYPTION_KEYor the auto-generated key - Unique random initialization vector (IV) per encryption
- Passwords never sent to the frontend — API returns
"••••••••" - Legacy plaintext passwords automatically migrated on read
Docker volume
PulseDB stores data in /data inside the container:
/data
├── connections.json # Encrypted connection configurations
└── encryption.key # Auto-generated AES-256 key
Custom encryption key
To provide your own encryption key in Docker:
yaml
services:
pulsedb:
environment:
- ENCRYPTION_KEY=your-64-char-hex-key
volumes:
- pulsedb-data:/data
SSL configuration
To connect to PostgreSQL over SSL, enable SSL in your connection settings:
- Set
ssl: truewhen creating or editing a connection - PulseDB supports SSL-enabled PostgreSQL instances for secure remote connections