Authentication
Configure user authentication and admin bootstrapping.
Authentication is enabled by default. yoink uses session cookies to manage user sessions.
Session Secret
AUTH_SESSION_SECRET is required when authentication is enabled. Without
it, yoink will fail to start.
Generate a secure random secret:
openssl rand -base64 32Then set it in your environment:
AUTH_SESSION_SECRET="your-generated-secret-here"Admin Bootstrap
On first boot — when no auth settings exist in the database yet — yoink reads two optional environment variables to create an initial admin account:
| Variable | Description |
|---|---|
AUTH_INIT_ADMIN_USERNAME | Admin username to create |
AUTH_INIT_ADMIN_PASSWORD | Admin password to set |
Both must be provided together. After the first boot, these variables are ignored — change credentials through the web UI at Settings > Security.
If you lose access to your account, you need to reset the auth state in the database.
Disabling Authentication
Set AUTH_DISABLED=true to skip authentication entirely. All API endpoints become accessible without login.
Only disable authentication on trusted local networks. Anyone with network access to yoink will have full control over your library.
Future: OIDC
External authentication via OIDC is planned for the beta release (0.2+). See the roadmap for details.