Configuration
Sprout is configured using environment variables passed to the Docker container at startup.
For a complete list of all available options, please see the Advanced Configuration guide.
| Variable | Required | Default | Description |
|---|---|---|---|
sprout_encryptionKey |
Yes | A 64-character hex string used to encrypt sensitive database fields. See generating an encryption key below. | |
TZ |
No | TZ/New_York |
Sets the timezone for the container. A list of valid TZ values is available on Wikipedia. |
| Auth | |||
sprout_server_auth_type |
Yes | local |
Set to oidc to enable OpenID Connect authentication |
sprout_server_auth_oidc_issuer |
No | The base URL of your OIDC provider (e.g., https://auth.example.com) | |
sprout_server_auth_oidc_clientId |
No | The Client ID configured in your OIDC provider. | |
sprout_server_auth_oidc_secret |
No | The secret string used to generate the private client hash. See auth for more info | |
sprout_server_auth_local_jwtExpirationTime |
No | 30m |
The duration for which a login session remains valid for the local authentication strategy. Examples: 24h, 30d. |
sprout_server_email_enabled |
No | Set to true to enable the mailing service. |
|
sprout_server_email_from |
No | The email address or name that appears in the "From" field. You must verify your SMTP provider supports this. | |
sprout_server_email_host |
No | The SMTP server host (e.g., smtp.gmail.com). |
|
sprout_server_email_user |
No | The username for your SMTP server. | |
sprout_server_email_pass |
No | The password or App Password for your SMTP server. | |
| BrandFetch | |||
sprout_server_brandFetch_clientId |
No | We utilize Brandfetch in our frontend's to display nice looking icons. See more here. | |
| Provider - Plaid | |||
sprout_providers_plaid_clientId |
No | Your unique Plaid Client ID found in the dashboard. | |
sprout_providers_plaid_secret |
No | Your Plaid Secret key (Sandbox, Development, or Production). |
Generating an Encryption Key
Sprout uses AES-256-GCM encryption to protect various fields within the database, as well as cookie encryption. You must provide a valid 32-byte key represented as a 64-character hexadecimal string.
One complete, you can either place it in your configuration.yml file or use the environment variable listed above.
You can generate this key using one of the methods below.
Option 1: Automatic Generation (Easiest)
If you start Sprout without providing an encryption key, the application will generate a secure random key for you, print it to the logs, and then exit (or fail to start).
Check the logs of the container and look for the following info:
Error: An encryption key must be specified for Sprout to start and must be exactly 32 characters. See the configuration guide for more info.
Here is a randomly generated key you might want to use: RANDOM_KEY_HERE
Option 2: Linux / macOS
Option 3: Windows (PowerShell)
Brand Assets with Brandfetch
We use the Brandfetch API to keep have deep integration with most brand logos. Instead of storing hundreds of logos manually, we fetch them on the fly based on the domain (e.g., bankofamerica.com).
How to Get Your API Client ID
To use this service to provide brand logos, and not just he default basic logos, you need a Client ID from Brandfetch. This authenticates your requests for their API's.
- Create an Account: Go to the developers webpage and sign up.
- Locate your client ID for your Starter Client by navigating here.
- Add this client ID to the sprout configuration by providing it in the environment variable
sprout_server_brandFetch_clientId.- For other ways to load this key, please review the in-depth configuration.