← Back
FL

Self-Hosted Setup

Run Finlynq on your own infrastructure. App + PostgreSQL run in Docker, sensitive fields are encrypted at rest with a per-user key derived from the account password.

Quick Start with Docker Compose

curl -O https://raw.githubusercontent.com/finlynq/finlynq/main/pf-app/docker-compose.yml
docker compose up -d

Then open http://localhost:3000 and register your account. Remember to change the default PostgreSQL password and PF_JWT_SECRET before exposing the container to anything but localhost.

What You Get

  • ✓ Self-contained Docker Compose — app + PostgreSQL, nothing external
  • ✓ Envelope encryption on transaction text fields (payees, notes, tags, holdings)
  • ✓ MCP server for plugging in AI assistants (Claude, etc.)
  • ✓ Automatic schema migrations on container start

Environment Variables

  • DATABASE_URL — PostgreSQL connection string (required)
  • PF_JWT_SECRET — JWT signing secret, at least 32 chars of entropy (required)
  • PF_PEPPER — scrypt password peppering, at least 32 chars (required in production)
  • PF_STAGING_KEY — wraps email-staged transactions, at least 32 chars (required in production)
  • PORT — server port (default 3000)
Security note: the envelope-encryption DEK is derived from your account password via scrypt. If you forget it, the password-reset flow wipes your data and provisions a fresh DEK — there is no backdoor. Back up your data via the Settings → Privacy & Backup panel periodically.