Settings
Platform configuration
Current Session
Domain Management
Lab subdomains are resolved against these base domains (e.g. abc.ceylab.com). The Primary domain is shown in lab URLs. Changes take effect within 60 seconds.
No domains configured yet.
Credential Encryption
Each lab database password is encrypted with AES-256-GCM before storage. The key is derived from MASTER_ENCRYPTION_KEY via scrypt. The GCM auth tag ensures any tampered record is rejected on decryption.
Algorithm: AES-256-GCM (authenticated encryption)
KDF: scrypt — memory-hard, brute-force resistant
Per-record IV: 16 random bytes — same password encrypts differently each time
Warning: changing or losing MASTER_ENCRYPTION_KEY requires re-entering all lab DB passwords.
Required Environment Variables
MASTER_DB_HOSTHostname of the master MySQL DB (stores lab registry and super admin accounts)
MASTER_DB_NAMEMaster database name (e.g. ceylab_master)
MASTER_ENCRYPTION_KEYAES-256-GCM key for encrypting lab DB credentials. Generate: openssl rand -base64 32
SUPER_ADMIN_JWT_SECRETJWT secret for /admin/* routes. Separate from lab staff JWT.
JWT_SECRETJWT secret for lab staff login tokens
TENANT_BASE_DOMAINFallback base domain used if no domains are configured in the database (default: ceylab.com)
CORS_ORIGINComma-separated allowed origins — include both lab frontend and admin dashboard URL
SMTP_HOST / SMTP_USER / SMTP_PASSSMTP credentials for staff invite and password reset emails