Environment Variables Reference
Complete list of environment variables supported by Gatwy.
| Variable | Default | Description |
|---|---|---|
PORT | 7443 | HTTPS listen port |
GATWY_ENCRYPTION_KEY | (auto-generated file) | 64-char hex AES-256 key for encrypting credentials and recordings. Generate with openssl rand -hex 32. Set this in production. |
ADMIN_PASSWORD | (none) | Pre-set admin password on first launch (skips setup screen). Only used once on first boot. |
TLS_CERT_PATH | (auto) | Path to a custom TLS certificate file inside the container |
TLS_KEY_PATH | (auto) | Path to a custom TLS private key file inside the container |
DATA_DIR | /app/data | Directory for database, TLS certs, session recordings, and logs |
Notes
GATWY_ENCRYPTION_KEY
Gatwy uses AES-256 to encrypt all credentials, MFA secrets, and session recordings. The key must be exactly 64 hexadecimal characters (= 32 bytes).
# Generate a secure key
openssl rand -hex 32
If not set, Gatwy auto-generates a key at $DATA_DIR/encryption.key and shows a red warning banner on the login page and in server logs.
ADMIN_PASSWORD
Only takes effect on the very first launch (when no admin account exists yet). After the initial setup, this variable has no effect — change the password through the UI instead.
PORT
If you change the port, update both the Docker port mapping and the env var:
ports:
- '8443:8443'
environment:
- PORT=8443
DATA_DIR
Gatwy stores everything here:
gatwy.db— SQLite databasecerts/— auto-generated TLS certificaterecordings/— session recordingsencryption.key— fallback encryption key (if env var not set)
Always mount this to a persistent volume or bind mount.