Installation

Quick Start with Docker (recommended)

Run the published Docker image — no need to clone the repository.

1. Create a project directory

mkdir sentinel && cd sentinel

2. Generate RSA keys

The service signs access tokens with RS256. Generate a 2048-bit key pair:

mkdir -p keys
openssl genrsa -out keys/private.pem 2048
openssl rsa -in keys/private.pem -pubout -out keys/public.pem

Keep your private key safe

Never commit private.pem to version control. In production, inject the key via a secrets manager or mount it as a volume.

3. Create an environment file

Download the template and fill in the required values:

curl -fsSL https://raw.githubusercontent.com/sidxz/daikon-sentinel/main/.env.prod.example -o .env

Then generate and fill in the secrets:

# Generate passwords and secrets
echo "POSTGRES_PASSWORD=$(openssl rand -base64 24)"
echo "REDIS_PASSWORD=$(openssl rand -base64 24)"
echo "SESSION_SECRET_KEY=$(openssl rand -base64 32)"

Paste the generated values into your .env file. For local development, set:

BASE_URL=http://localhost:9003
ADMIN_URL=http://localhost:9003
CORS_ORIGINS=http://localhost:9003
ADMIN_EMAILS=you@example.com

Uncomment and configure at least one OAuth provider (see Quickstart for details).

4. Download the Compose file

curl -fsSL https://raw.githubusercontent.com/sidxz/daikon-sentinel/main/docker-compose.prod.yml -o docker-compose.prod.yml

5. Start the stack

docker compose -f docker-compose.prod.yml up -d

This starts PostgreSQL, Redis, and the Sentinel service. Database migrations run automatically on first boot.

6. Verify

docker compose -f docker-compose.prod.yml ps
curl http://localhost:9003/health

You should see all three containers healthy and a 200 OK from the health endpoint.

---

Building from Source (contributors)

Use this path if you want to develop the service itself or run the admin panel locally.

Quick path

git clone <repo-url> identity-service
cd identity-service
cp .env.example .env
make setup

make setup generates RSA keys, installs all dependencies (service + SDK + admin UI), and starts PostgreSQL and Redis in Docker. Once it finishes, jump to the Quickstart.

Manual step-by-step

#### 1. Clone the repository

git clone <repo-url> identity-service
cd identity-service

#### 2. Install dependencies The project uses a **uv workspace** with two members (`service/` and `sdk/`):

uv sync

This creates a virtual environment and installs both the FastAPI service and the `sentinel-auth-sdk` package in editable mode. #### 3. Generate RSA keys

mkdir -p keys
openssl genrsa -out keys/private.pem 2048
openssl rsa -in keys/private.pem -pubout -out keys/public.pem

#### 4. Create your `.env` file

cp .env.example .env

The defaults work for local development. You will configure OAuth credentials and the session secret in the [Quickstart](quickstart.md). #### 5. Start infrastructure

docker compose up -d identity-postgres identity-redis

Default ports: | Service | Port | |---------|------| | PostgreSQL | `9001` | | Redis | `9002` | Wait for PostgreSQL to report healthy:

docker compose ps

#### 6. Database migrations No manual step required — the service runs Alembic migrations automatically on startup.

---

Verify the installation

DockerFrom Source

• All three containers running (docker compose -f docker-compose.prod.yml ps)
• RSA key pair in keys/
• Health check passes (curl http://localhost:9003/health)
• .env file with secrets and OAuth credentials filled in

• Python dependencies installed (uv run python -c "import sentinel_auth")
• RSA key pair in keys/
• PostgreSQL and Redis running in Docker
• .env file based on .env.example

Next: Quickstart -- configure an OAuth provider, register your apps, and start the service.