The Setup Wizard runs automatically the first time you start Secryn and guides you through the minimum required configuration to make the system secure, functional, and ready for use. It is a one-time process designed to be simple, safe, and fully recoverable if interrupted.

The wizard saves progress server-side after each step, so refreshing the page or reconnecting will not lose your state. Sensitive values such as passwords and secrets are never displayed in logs or echoed back to the browser.

What the Wizard Does

During setup, Secryn will:

• configure the base application URL and internal routing
• set up outbound email for notifications and system messages
• apply initial branding and theming
• create the first administrator account
• prime caches and lock the application for production use

Once completed, the wizard is permanently disabled and public registration is turned off.

Wizard Steps

Welcome

Verify that you are running the containerized Secryn build and that all required services are available. No configuration is applied at this stage. When ready, begin the setup to proceed.

App URL

Provide the full URL where this Secryn instance will be accessed (including protocol). This value is used to generate internal links, API responses, email notifications, and security callbacks. Changes are applied immediately and validated before continuing.

Email

Configure SMTP settings used by Secryn to send system and notification emails. You can send a test email to verify connectivity before proceeding. Authentication and encryption settings are supported, and credentials are stored securely.

Branding

Set the company name that will appear throughout the application and optionally apply a custom shadcn theme configuration. Theme changes are applied instantly and can be adjusted later in Admin Settings.

Admin

Create the first administrator account for this Secryn instance. This user will have full access to all projects, vaults, resources, and administrative settings. After setup is complete, all future users must be invited by an administrator.

Finalize

Seal the installation and prepare Secryn for normal operation. This step primes caches for performance, disables public sign-up routes, locks the setup wizard permanently, and finalizes security defaults. When complete, you will be redirected to the login page to sign in with the administrator account you just created.

After Setup

• The wizard cannot be accessed again through the UI.
• Public registration is disabled.
• All configuration is managed through Admin Settings.

If re-entry is ever required for recovery purposes, the wizard can only be unlocked via a server-side command by an administrator.