Server Setup
Binary
sh
keyhole serve --listen :2222 --data ~/.keyhole --admin aliceDocker Compose
yaml
services:
keyhole:
image: ghcr.io/davidolrik/keyhole:latest
ports:
- "2222:2222"
volumes:
- ./data:/data
environment:
- KEYHOLE_LISTEN=:2222
- KEYHOLE_DATA_DIR=/data
- KEYHOLE_ADMINS=aliceWARNING
Do not pass the server secret via KEYHOLE_SERVER_SECRET. This environment variable is deprecated — environment variables are visible through /proc, ps, and are inherited by child processes. Let keyhole auto-generate the secret file on first run, or mount an HCL config file with server_secret set.
First run
On first start keyhole generates and persists:
host_key— Ed25519 SSH host key (fingerprint logged on startup)server_secret— 64-character alphanumeric string (minimum 64 characters required; the server will refuse to start with a shorter secret)
WARNING
Back up server_secret. Losing it makes all stored secrets permanently unrecoverable.
Bootstrap the first admin
After starting the server, add your public key manually (one-time setup):
sh
mkdir -p ~/.keyhole/alice/.ssh
cp ~/.ssh/id_ed25519.pub ~/.keyhole/alice/.ssh/authorized_keysFrom then on, new users self-register with an invite code.