Security Setup

Configure bearer tokens and webhook authentication.

Generate a Strong Bearer Token

Replace the placeholder token in your .env with a securely generated one:

openssl rand -hex 32

openssl rand -hex 32

[System.Web.Security.Membership]::GeneratePassword(64, 8)

Update .env:

BEARER_TOKEN=your-generated-token-here

Configure HMAC Webhook Signing

To verify that webhook callbacks come from your agents and not an attacker:

WEBHOOK_SECRET=your-webhook-secret-here

Generate a separate secret with the same openssl rand -hex 32 command.

Restart to Apply

docker compose restart

Update Your Agent Configs

Update the Authorization header in each connected agent to use the new token.