For a production setup, avoid using the default user. Create restricted users for Dylaris components.

1. Create "dylaris" User (Full Access to Dylaris Keys) This user can read/write all keys related to Dylaris (sys:*, route:*, agent:*). Perfect for Hub and Gate.

# Connect to your Redis
redis-cli

# Create User
ACL SETUSER dylaris on >secure-password ~sys:* ~route:* ~agent:* +@all

2. Create "gate_ro" User (Read-Only) If you want extra security for Gates (they only need to read routes), create a Read-Only user.

ACL SETUSER gate_ro on >gate-password ~sys:* ~route:* +get +smembers +ping

3. Configure Dylaris Set the environment variables accordingly:

• REDIS_USER=dylaris
• REDIS_PASS=secure-password

---

CLI Tools (Docker Only)

Use these commands to generate long-lived API tokens (1 year) for automation/CI without manually logging into the dashboard.

Option 1: Standard Setup (SQLite)

Use this if you are using the default database file. You must mount the volume so the tool can find your users.

docker run --rm \
  -v ./hub-data:/data \
  -e DB_FILE=/data/hub.db \
  ghcr.io/callmebartis/dylaris-hub:latest \
  -gen-token hub_admin

Option 2: Enterprise Setup (PostgreSQL)

Use this for stateless deployments. You must pass the same JWT_SECRET and Database credentials as your running server, otherwise the token will be invalid.

docker run --rm \
  -e DB_TYPE=postgres \
  -e DB_DSN="host=10.0.0.5 user=dylaris password=secret dbname=hub port=5432 sslmode=disable" \
  -e JWT_SECRET="your-static-jwt-secret-hex-string" \
  ghcr.io/callmebartis/dylaris-hub:latest \
  -gen-token hub_admin

Example Output:

✅ API Token Generated Successfully:
---------------------------------------------------
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...
---------------------------------------------------
This token is valid for 1 year. Keep it safe!