Guides
Self-hosting
Run Erasure on your infrastructure — app, Postgres, and worker.
Self-hosting
Source: app_docs/guide/self-hosting.md, app_docs/deployment.md.
Why self-host
Run Erasure on your infrastructure: console, APIs, Postgres, and worker share one codebase.
When to use this page
- Local production-like deploy
- Staging / single-tenant cloud
- First private environments
For the default evaluation path, use Access & setup and app.erasurehq.in.
Runtime architecture
┌─────────────┐ ┌──────────────┐ ┌────────────┐
│ Browser │────►│ Next.js app │────►│ PostgreSQL │
│ Console+SDK│ │ API routes │ │ │
└─────────────┘ └──────┬───────┘ └─────▲──────┘
│ │
┌──────▼───────┐ │
│ worker │───────────┘
│ rights.delete│
└──────────────┘Compose-oriented flow
- Postgres up (
bun run dev:upor your Compose file). bunx prisma migrate deploybunx prisma generate- Set env (below).
bun run build && bun run start(or platform Next start).bun run workeras a second process.- Optional:
bun run demo:reseedfor the Acme demo workspace.
Environment variables
Required (production)
| Variable | Purpose |
|---|---|
DATABASE_URL | PostgreSQL |
NODE_ENV=production | Safe defaults + TLS checks |
CONNECTOR_SECRETS_KEY | AES-256-GCM for connector and Anumati webhook secrets (openssl rand -hex 32) |
Strongly recommended
| Variable | Purpose |
|---|---|
RESEND_API_KEY + EMAIL_FROM | Rights OTP email |
TRUSTED_PROXY_COUNT=1 | Client IP for rate limits behind LB |
Optional / dangerous
| Variable | Notes |
|---|---|
RIGHTS_INTAKE_DEMO_OTP | Fatal if true in production |
ENABLE_LEGACY_DSAR | Fatal if true in production |
WEBHOOK_ALLOW_PRIVATE_URLS | Fatal if true in production |
SQL_ALLOW_INSECURE | Allows non-TLS SQL URLs (private networks only) |
MAIL_PROVIDER=log | Staging only—no real email |
| Razorpay vars | Billing — product billing docs |
Production startup refuses known-unsafe config.
Database
- Provider: PostgreSQL only for product data.
- Migrations:
bun run db:migrate:deploy. - Backups: use your host’s Postgres backup; restore = restore DB + same secrets key to decrypt connectors.
Workers
bun run worker| Concern | Guidance |
|---|---|
| Scaling | 1–2 workers early; claim uses SKIP LOCKED |
| Egress | Restrict to customer DBs/APIs |
| Stuck jobs | Operational Readiness surfaces pending/stuck |
Without a worker, Rights deletion jobs stay pending.
Secrets
- Never commit keys.
- Losing
CONNECTOR_SECRETS_KEYloses ability to decrypt connector/webhook secrets (re-enter secrets). - Publishable keys and session tokens are hashed—not recoverable.
Scaling (Beta guidance)
| Component | Guidance |
|---|---|
| App | Single instance OK; multi-instance needs shared rate limits later |
| Postgres | Pool app + worker connections |
| Worker | Scale horizontally carefully (customer DB pools) |