The sdk connects to an api. The api will store the encrypted user and group keys and will also manage the key rotation and group member.


You can choose docker to run the api. To get started, download the sentc/hostingopen in new window repo. It contains basic docker-compose to get the server running.

git clone
cd hosting

Next copy and rename .env.sample to .env and sentc.env.sample to sentc.env

The .env file contains config about the used container. You can change the version of each container.

Optional but recommended: Change the mysql env too.

Next you have to create a root key with the sentc key gen tool and paste it into ROOT_KEY in the sentc.env file.

Root key generation

You can use the docker image to generate a key:

docker-compose -f key_gen/docker-compose.yml up

Without the -d flag to get the key output. Copy your key, and then you can down the container:

docker-compose -f key_gen/docker-compose.yml down -v

And delete the image

docker image rm sentc/key_gen


The default is mariadb with redis server.

docker-compose -f mysql/docker-compose.yml up -d

Now everything is running and you can start.

Non default

If you are using an external Database, or a Database which is running native, then use the mysql/docker-compose.stand_alone.yml file.

Before starting set also the both Env: MYSQL_HOST (your host where the db is running), MYSQL_DB (the database name).

docker-compose -f mysql/docker-compose.external_db.yml up -d

Keep in mind that this will use the array cache as default not redis. If you have redis also running, set the Env CACHE to 2 and the Env REDIS_URL to your running redis url instance.

To use the sqlite container use this compose file:

docker-compose -f sqlite/docker-compose.yml up -d

This will start the sqlite version of the api. Make sure to place in the sqlite database in the folder: db/sqlite. You can get it from the api repoopen in new window.


This hosting approach not be directly access from the outside. Use a reverse proxy like nginx to handle tls. Sentc itself will use http.

server {
    client_max_body_size 6m;    # to make sure the file upload works
    server_name <your_server_name>
    location / {
        proxy_pass http://localhost:3002; # redirect to your running docker container. Sentc uses port 3002 as default.
        proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

SDK change

Set the base_url option in your SDK init to your hosted version to make sure that the sentc backend is not used.

import Sentc from "@sentclose/sentc";

//init the javascript client
await Sentc.init({
    app_token: "5zMb6zs3dEM62n+FxjBilFPp+j9e7YUFA+7pi6Hi",  // <-- your app token
    base_url: "<your_api_url>"

Register a self-hosted app

You can access your dashboard by going to your address where your instance running. Then simply follow the register an app guide for creating an app.

Use your public and secret token from this app.

Disable app creation

Now the registration is still open for everyone. Set the Env CUSTOMER_REGISTER to 0 in your sentc.env file and restart your docker container. Now none can create a new account and register apps except your account.

docker-compose -f mysql/docker-compose.yml stop

And then start again.

Last Updated: