Understanding and configuring the appropriate authentication method is essential for protecting your resources and data. Choose the one that aligns with your deployment strategy and security requirements.
To run Keep’s managed platform, we use multi tenant authentication, meaning that different tenants can work separately on Keep’s platform. As Keep is fully open source, you can also use it.
When to use?
For multi-tenant authentication, we currently use Auth0, but additional providers could be added (just submit a GitHub issue with the required provider).
To spin up Keep with Auth0 as a provider, set up the following environment variables:
AUTH_TYPE=MULTI_TENANT AUTH0_MANAGEMENT_DOMAIN= AUTH0_CLIENT_ID= AUTH0_CLIENT_SECRET= AUTH0_AUDIENCE=
AUTH_TYPE=MULTI_TENANT AUTH0_CLIENT_ID= AUTH0_CLIENT_SECRET= AUTH0_ISSUER=
Single tenant authentication
Deploy self-hosted Keep with users management and authentication.
When to use
When you self-deploy Keep but still need user management and authentication.
Username/Password, but additional providers could be added (just submit a GitHub issue with the required provider).
The easiest way would be to use docker-compose-with-auth.yml which populates the following environment variables:
- AUTH_TYPE=SINGLE_TENANT - KEEP_JWT_SECRET=keepjwtsecret # should be replaced - KEEP_DEFAULT_USERNAME=admin # should be replaced - KEEP_DEFAULT_PASSWORD=keep # should be replaced
Single tenant - no authentication
Deploy self-hosted Keep without authentication.
When to use
When you want to try Keep as quick as possible. For example spinning it up on your localhost. For production usages, you should use authentication.
The default docker-compose.yml file demonstrates how to start Keep without authentication.