Vestyn runs as a Docker stack with Postgres behind your HTTPS reverse proxy. Put it on a VPS, home server, or NAS — wherever you want your vault data to live.
Docker & Compose, a domain with HTTPS, and enough disk for Postgres backups.
The first account registered on a new instance becomes the admin.
Pin image tags, apply updates deliberately, and back up Postgres plus the API data volume.
Grab the repo and create your environment file. Set a strong POSTGRES_PASSWORD and the public URL clients will use.
Compose starts Postgres, the API, and the web proxy. The API runs database migrations on first boot.
Put the published web port behind a reverse proxy. Caddy gets you automatic certificates in two lines:
Open https://vault.example.com in a browser. The first account you register becomes the admin — it can invite others and manage vaults. Then open the Mac app and point it at the same host on first launch.
Pin to a version tag in production. To update, bump the tag and recreate the stack during a maintenance window:
Vault contents are encrypted, but backups still matter: losing the database loses the vault records, and losing the API data volume invalidates active sessions. Back up Postgres and keep restore drills boring.