← Back to Documentation
Security & Privacy
Best practices for securing your Limitless Budget instance.
Authentication
- Passwords are hashed using bcrypt before storage
- Never store plain text passwords
- Use strong, unique passwords for your admin account
- Consider enabling two-factor authentication if available
NEXTAUTH_SECRET
This is critical for session security. Always:
- Generate a strong random secret (minimum 32 characters)
- Never commit it to version control
- Use different secrets for different environments
- Rotate it periodically in production
# Generate a secure secret openssl rand -base64 32HTTPS
For production deployments, always use HTTPS:
- Use a reverse proxy (nginx, Traefik) with SSL certificates
- Set up Let's Encrypt for free SSL certificates
- Update
NEXTAUTH_URLto usehttps:// - Never expose financial data over unencrypted connections
Database Security
- Database files contain sensitive financial information
- Set proper file permissions (read/write for app user only)
- Regularly backup database files to secure locations
- Encrypt backups if storing off-server
- Never expose database files publicly
Server Security
- Keep your server and Docker updated
- Use a firewall to restrict access
- Only expose necessary ports
- Use SSH keys instead of passwords for server access
- Regularly review access logs
Network Security
- If exposing publicly, use a reverse proxy
- Consider VPN access for remote connections
- Use strong network passwords
- Monitor for suspicious activity
Backup Security
- Backup database files regularly
- Store backups in secure, encrypted locations
- Test backup restoration procedures
- Keep multiple backup copies
- Never store backups in publicly accessible locations
Privacy Considerations
- Your data stays on your server - you control it
- No data is sent to external services
- Review who has access to your instance
- Be cautious when sharing budgets with others
- Regularly audit user access and permissions