Nokwatch docs
Star Fork

Auth & Security

Auth credentials in monitors

Monitor auth settings (Basic Auth username/password, custom headers, cookies) and notification channel config (webhook URLs, email addresses) are stored in the database.

Encryption at rest (optional)

Set ENCRYPTION_KEY in .env to encrypt these values using Fernet. Without the key, they are stored as plain text for backward compatibility. Existing plain-text data continues to work; new and updated values are encrypted when the key is set.

Generate a key:

python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"

Best practices

  • Do not commit .env or your database to version control.
  • Use a strong SECRET_KEY in production.
  • Run the app as a non-root user with minimal permissions.
  • Use HTTPS in production (e.g. nginx reverse proxy).
  • Restrict filesystem and database access so only the app can read/write.

See the main repository’s SECURITY.md for details and how to report security issues.