Read on newly released AI assisted Insights
flxbl docs
Ctrlk
Learn CD Concepts using LabsslackGitHub

Init

Initialize a new SFP server instance

Secrets Management: This command supports multiple options for secrets management:

  • infisical: Use Infisical as a dedicated secrets manager

  • aws-secretsmanager: Use AWS Secrets Manager

  • custom: Use environment variables (recommended when using tools like "infisical run" or AWS CLI)

For custom secrets provider, inject secrets as environment variables before running the command. Example: infisical run -- sfp server init --tenant my-app --secrets-provider custom

sfp server init

Initialize a new SFP server instance

USAGE
  $ sfp server init -t <value> [--json] [--compose-file <value>] [-f] [-i] [-w <value>] [--config-file
    ./server-config.json] [--base-dir <value>] [--image ghcr.io/flxbl-io/sfp-server-rc:development] [-d <value> -m
    dev|prod] [--no-caddy] [--tls-mode cloudflare|letsencrypt|custom|none] [--supabase-mode self-hosted|cloud]
    [--supabase-url <value>] [--print-credentials] [--passphrase <value> [--identity-file <value> --ssh-connection
    <value>]] [--infisical-token <value> --secrets-provider infisical|aws-secretsmanager|custom] [--aws-region <value> ]
    [--aws-access-key-id <value> ] [--aws-secret-access-key <value> ] [-g <value>...] [--loglevel
    trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -d, --domain=<value>
      Domain name for the server (required in prod mode)

  -f, --force
      Force create the tenant even if it already exists

  -g, --logsgroupsymbol=<value>...
      Symbol used by CICD platform to group/collapse logs in the console. Provide an opening group, and an optional
      closing group symbol.

  -i, --[no-]interactive
      Run in interactive mode to prompt for secrets

  -m, --mode=<option>
      [default: prod] Mode of the server (development, production)
      <options: dev|prod>

  -t, --tenant=<value>
      (required) Name of the tenant to be used for initialization

  -w, --workers=<value>
      [default: 1] Number of background workers (default: 1)

  --aws-access-key-id=<value>
      AWS access key ID. Optional when secrets-provider is "aws-secretsmanager" (can use instance profile).

  --aws-region=<value>
      AWS region for Secrets Manager. Required only when secrets-provider is "aws-secretsmanager".

  --aws-secret-access-key=<value>
      AWS secret access key. Optional when secrets-provider is "aws-secretsmanager" (can use instance profile).

  --base-dir=<value>
      [default: ./sfp-server] Base directory which contains the sfp-server

  --compose-file=<value>
      Custom docker-compose file to use for the server setup

  --config-file=./server-config.json
      Path to JSON config file containing server configuration values

  --identity-file=<value>
      Path to SSH private key file

  --image=ghcr.io/flxbl-io/sfp-server-rc:development
      Docker image reference for the server (e.g., ghcr.io/org/image:tag). Overrides default image source.

  --infisical-token=<value>
      Infisical API token. Required only when secrets-provider is "infisical".

  --loglevel=<option>
      [default: info] logging level for this command invocation
      <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>

  --no-caddy
      Disable Caddy reverse proxy (app will be accessible directly on port 3029)

  --passphrase=<value>
      Passphrase for the SSH private key if required

  --print-credentials
      Print admin credentials to console and include in JSON output. WARNING: insecure in CI/CD — credentials will appear
      in logs. By default, credentials are written to a secure file on the server.

  --secrets-provider=<option>
      [default: custom] Secret provider to use for managing secrets. Available options:
      - infisical: Use Infisical as secrets provider
      - aws-secretsmanager: Use AWS Secrets Manager
      - custom: Use environment variables (suitable when using external tools like "infisical run" or AWS CLI)
      <options: infisical|aws-secretsmanager|custom>

  --ssh-connection=<value>
      SSH connection string in the format user@host[:port]

  --supabase-mode=<option>
      [default: self-hosted] Supabase deployment mode: self-hosted (default, auto-generates credentials) or cloud
      <options: self-hosted|cloud>

  --supabase-url=<value>
      Cloud Supabase URL (only used when --supabase-mode=cloud)

  --tls-mode=<option>
      [default: cloudflare] TLS certificate mode: cloudflare (Cloudflare origin certs with trusted_proxies), letsencrypt
      (Caddy auto-obtains certs via ACME), custom (user-provided cert files), none (HTTP only — use when an external
      reverse proxy handles TLS)
      <options: cloudflare|letsencrypt|custom|none>

GLOBAL FLAGS
  --json  Format output as json.

DESCRIPTION
  Initialize a new SFP server instance

  Secrets Management:
  This command supports multiple options for secrets management:
  - infisical: Use Infisical as a dedicated secrets manager
  - aws-secretsmanager: Use AWS Secrets Manager
  - custom: Use environment variables (recommended when using tools like "infisical run" or AWS CLI)

  For custom secrets provider, inject secrets as environment variables before running the command.
  Example: infisical run -- sfp server init --tenant my-app --secrets-provider custom

EXAMPLES
  $ sfp server init --tenant my-app

  $ sfp server init --tenant my-app --supabase-mode=cloud --supabase-url=https://xxx.supabase.co

  $ sfp server init --tenant my-app --mode prod --secrets-provider infisical

  $ sfp server init --tenant my-app --mode prod --secrets-provider custom

  $ sfp server init --tenant my-app --mode prod --secrets-provider aws-secretsmanager --aws-region us-east-1

  $ sfp server init --tenant my-app --force

  $ sfp server init --tenant my-app --ssh-host remote-server --ssh-username admin

  $ sfp server init --tenant my-app --config-file ./server-config.json

See code: src/commands/server/init.ts

Last updated

Was this helpful?