# Init

Initialize a new SFP server instance

Secrets Management: This command supports multiple options for secrets management:

* infisical: Use Infisical as a dedicated secrets manager
* aws-secretsmanager: Use AWS Secrets Manager
* custom: Use environment variables (recommended when using tools like "infisical run" or AWS CLI)

For custom secrets provider, inject secrets as environment variables before running the command. Example: infisical run -- sfp server init --tenant my-app --secrets-provider custom

* [`sfp server init`](#sfp-server-init)

## `sfp server init`

Initialize a new SFP server instance

```
USAGE
  $ sfp server init -t <value> [--json] [--compose-file <value>] [-f] [-i] [-w <value>] [--config-file
    ./server-config.json] [--base-dir <value>] [--image ghcr.io/flxbl-io/sfp-server-rc:development] [-d <value> -m
    dev|prod] [--no-caddy] [--tls-mode cloudflare|letsencrypt|custom|none] [--supabase-mode self-hosted|cloud]
    [--supabase-url <value>] [--print-credentials] [--passphrase <value> [--identity-file <value> --ssh-connection
    <value>]] [--infisical-token <value> --secrets-provider infisical|aws-secretsmanager|custom] [--aws-region <value> ]
    [--aws-access-key-id <value> ] [--aws-secret-access-key <value> ] [-g <value>...] [--loglevel
    trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL]

FLAGS
  -d, --domain=<value>
      Domain name for the server (required in prod mode)

  -f, --force
      Force create the tenant even if it already exists

  -g, --logsgroupsymbol=<value>...
      Symbol used by CICD platform to group/collapse logs in the console. Provide an opening group, and an optional
      closing group symbol.

  -i, --[no-]interactive
      Run in interactive mode to prompt for secrets

  -m, --mode=<option>
      [default: prod] Mode of the server (development, production)
      <options: dev|prod>

  -t, --tenant=<value>
      (required) Name of the tenant to be used for initialization

  -w, --workers=<value>
      [default: 1] Number of background workers (default: 1)

  --aws-access-key-id=<value>
      AWS access key ID. Optional when secrets-provider is "aws-secretsmanager" (can use instance profile).

  --aws-region=<value>
      AWS region for Secrets Manager. Required only when secrets-provider is "aws-secretsmanager".

  --aws-secret-access-key=<value>
      AWS secret access key. Optional when secrets-provider is "aws-secretsmanager" (can use instance profile).

  --base-dir=<value>
      [default: ./sfp-server] Base directory which contains the sfp-server

  --compose-file=<value>
      Custom docker-compose file to use for the server setup

  --config-file=./server-config.json
      Path to JSON config file containing server configuration values

  --identity-file=<value>
      Path to SSH private key file

  --image=ghcr.io/flxbl-io/sfp-server-rc:development
      Docker image reference for the server (e.g., ghcr.io/org/image:tag). Overrides default image source.

  --infisical-token=<value>
      Infisical API token. Required only when secrets-provider is "infisical".

  --loglevel=<option>
      [default: info] logging level for this command invocation
      <options: trace|debug|info|warn|error|fatal|TRACE|DEBUG|INFO|WARN|ERROR|FATAL>

  --no-caddy
      Disable Caddy reverse proxy (app will be accessible directly on port 3029)

  --passphrase=<value>
      Passphrase for the SSH private key if required

  --print-credentials
      Print admin credentials to console and include in JSON output. WARNING: insecure in CI/CD — credentials will appear
      in logs. By default, credentials are written to a secure file on the server.

  --secrets-provider=<option>
      [default: custom] Secret provider to use for managing secrets. Available options:
      - infisical: Use Infisical as secrets provider
      - aws-secretsmanager: Use AWS Secrets Manager
      - custom: Use environment variables (suitable when using external tools like "infisical run" or AWS CLI)
      <options: infisical|aws-secretsmanager|custom>

  --ssh-connection=<value>
      SSH connection string in the format user@host[:port]

  --supabase-mode=<option>
      [default: self-hosted] Supabase deployment mode: self-hosted (default, auto-generates credentials) or cloud
      <options: self-hosted|cloud>

  --supabase-url=<value>
      Cloud Supabase URL (only used when --supabase-mode=cloud)

  --tls-mode=<option>
      [default: cloudflare] TLS certificate mode: cloudflare (Cloudflare origin certs with trusted_proxies), letsencrypt
      (Caddy auto-obtains certs via ACME), custom (user-provided cert files), none (HTTP only — use when an external
      reverse proxy handles TLS)
      <options: cloudflare|letsencrypt|custom|none>

GLOBAL FLAGS
  --json  Format output as json.

DESCRIPTION
  Initialize a new SFP server instance

  Secrets Management:
  This command supports multiple options for secrets management:
  - infisical: Use Infisical as a dedicated secrets manager
  - aws-secretsmanager: Use AWS Secrets Manager
  - custom: Use environment variables (recommended when using tools like "infisical run" or AWS CLI)

  For custom secrets provider, inject secrets as environment variables before running the command.
  Example: infisical run -- sfp server init --tenant my-app --secrets-provider custom

EXAMPLES
  $ sfp server init --tenant my-app

  $ sfp server init --tenant my-app --supabase-mode=cloud --supabase-url=https://xxx.supabase.co

  $ sfp server init --tenant my-app --mode prod --secrets-provider infisical

  $ sfp server init --tenant my-app --mode prod --secrets-provider custom

  $ sfp server init --tenant my-app --mode prod --secrets-provider aws-secretsmanager --aws-region us-east-1

  $ sfp server init --tenant my-app --force

  $ sfp server init --tenant my-app --ssh-host remote-server --ssh-username admin

  $ sfp server init --tenant my-app --config-file ./server-config.json
```

*See code:* [*src/commands/server/init.ts*](https://source.flxbl.io/flxbl/sfp-pro)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.flxbl.io/flxbl/sfp/sfp-community/cli-reference-v51-release-v3/server/init.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.