Installation

Install and configure Secryn on your own server.

Installation

This guide walks you through purchasing, installing, and configuring Secryn on your own server.

Secryn is distributed via Self-Host Pro and installed using a secure, time-limited installation script.

1. Purchase and Access

Visit the Secryn website and purchase a license.

After checkout, you will be redirected to the post-purchase flow.

Open your email and look for a message from Self-Host Pro related to Secryn.

Click Install Secryn in that email to open the Self-Host Pro portal.

In My Products, you will see Secryn listed under purchased products.

If prompted, enter your email to receive a sign-in link and access the portal.

2. Minimum Server Requirements

Your server must meet the following minimum requirements:

  • 1 CPU Core
  • 1 GB RAM
  • 10 GB Disk Space
  • Publicly reachable IP address
  • Ports 80 and 443 open
  • Root access to the server

If using a domain (recommended), point your DNS A record to the server's public IP before installation.

3. Install Secryn on Your Server

In Self-Host Pro -> My Products -> Secryn, copy your generated installation command.

SSH into your server as root:

ssh root@yourdomain

Paste and run the installation script.

Important Notes About the Install Script

  • The script is single-use.
  • It expires after a limited time (shown in the portal).
  • If it expires or you need to reinstall, use Regenerate Installation Script in Self-Host Pro.

4. Configure Application URL

During installation, the script will prompt you to enter your Application URL.

If you have a domain ready, enter:

https://vault.yourdomain.com

If you do not have a domain yet, you may temporarily use the detected server IP (not recommended for production use).

The application URL is used for:

  • Routing
  • Link generation
  • TLS/HTTPS configuration via Traefik

5. Required Configuration During Installation

During installation, the setup process will automatically open configuration files for editing in the nano editor.

You must update the values when prompted.

These steps are mandatory.

5.1 Update Database Credentials (.env)

When prompted, the installer will open:

/srv/secryn/.env

Update the following values:

DB_USERNAME=your_secure_username
DB_PASSWORD=your_secure_password

After making changes in nano:

  • Press CTRL + X
  • Press Y
  • Press Enter

Important:

  • These credentials are used when the database container is created.
  • Once the database container is initialized, these values cannot be changed.
  • If incorrect credentials are set, you must recreate the database container.
  • Ensure the values are correct before saving and continuing.

5.2 Update SSL Email (traefik.yml)

The installer will then open:

/srv/secryn/traefik.yml

At the bottom of the file, update the Let's Encrypt email:

This email must be valid.

If not configured correctly:

  • SSL certificate issuance will fail.
  • HTTPS will not work.
  • Your application may only be accessible over HTTP.

After updating:

  • Press CTRL + X
  • Press Y
  • Press Enter

Once both files are saved, the installation will continue and services will start.

6. Installation Location

Secryn is installed under:

/srv/secryn

This directory contains:

  • Application services
  • Docker configuration
  • Environment configuration
  • Reverse proxy configuration

7. Access Secryn

Once installation completes, the script will display:

Secryn is now running at:
https://yourdomain.com

Open this URL in your browser.

You will be taken to the Setup Wizard.

8. Complete the Setup Wizard

Inside Secryn, complete the Setup Wizard steps:

  • Welcome
  • App URL
  • Email
  • Branding
  • Admin
  • Finalize

When you click Finalize, you will be redirected to the Login page.

Public registration is automatically disabled after installation.

9. Troubleshooting

Cannot Access the Site

  • Ensure ports 80 and 443 are open.
  • Confirm DNS A record points to the correct server IP.

SSL Is Not Working

  • Verify the email in traefik.yml is valid.
  • Ensure ports 80 and 443 are publicly accessible.
  • Allow time for DNS propagation.

Installation Script Expired

Regenerate the script from:

Self-Host Pro -> My Products -> Secryn -> Regenerate Installation Script

Viewing Logs

To inspect logs:

cd /srv/secryn
docker compose logs

10. Security Recommendations

  • Do not share your installation script.
  • Do not share .env or traefik.yml.
  • Do not commit configuration files to version control.
  • Restrict SSH access to trusted administrators only.
  • Store backup encryption keys securely.
  • Rotate Vault Access Keys periodically.