Configuration

PulseDB can be configured using environment variables and runtime settings.

Environment variables

VariableRequiredDefaultDescription
ENCRYPTION_KEYNoAuto-generated32-byte hex key for AES-256-GCM

Encryption key

The encryption key is generated automatically on first launch. To use your own:

yaml
services: pulsedb: environment: - ENCRYPTION_KEY=your-64-char-hex-key

The key should be a 64-character hex string (32 bytes).

Encryption details

Connection passwords are encrypted at rest using AES-256-GCM:

  • Key derived via SHA-256 from ENCRYPTION_KEY or the auto-generated key
  • Unique random initialization vector (IV) per encryption
  • Passwords never sent to the frontend — API returns "••••••••"
  • Legacy plaintext passwords automatically migrated on read

Docker volume

PulseDB stores data in /data inside the container:

/data ├── connections.json # Encrypted connection configurations └── encryption.key # Auto-generated AES-256 key

Custom encryption key

To provide your own encryption key in Docker:

yaml
services: pulsedb: environment: - ENCRYPTION_KEY=your-64-char-hex-key volumes: - pulsedb-data:/data

SSL configuration

To connect to PostgreSQL over SSL, enable SSL in your connection settings:

  • Set ssl: true when creating or editing a connection
  • PulseDB supports SSL-enabled PostgreSQL instances for secure remote connections