Installation

The PowerAuth Cloud is packaged as a single Docker image that you can easily deploy in your local environment or any cloud provider, such as Azure by Microsoft or Amazon’s AWS.

Pull the Docker Image

To deploy the Docker image, you need to log in to our Artifactory repository and pull the Docker image:

docker login wultra.jfrog.io
docker pull wultra.jfrog.io/wultra-docker/powerauth-cloud:${VERSION}

Configure the Docker Image

After you pull the Docker image in your own container repository, you need to prepare the env.list file with all the environment variables that are required for the container launch. You can use Configuration Properties to bootstrap the configuration.

Edit the properties that configure database connectivity. See the Database Setup chapter for information on how to make database work, and then edit the following properties according to your actual setup.

POWERAUTH_CLOUD_DATASOURCE_URL=jdbc:postgresql://host.docker.internal:5432/powerauth
POWERAUTH_CLOUD_DATASOURCE_USERNAME=$USERNAME$
POWERAUTH_CLOUD_DATASOURCE_PASSWORD=$PASSWORD$

If the database connectivity is set up correctly, the applications will automatically create the right database schema thanks to Liquibase.

The default database encryption algorithm is AEAD_KMAC. You must configure the following property with a valid base64-encoded key:

POWERAUTH_SERVER_DB_MASTER_ENCRYPTION_AEAD_KMAC_KEY=$BASE64_ENCODED_KEY$

For more details on generating a valid 256-bit encryption key, see Database Encryption Configuration.

Start the Docker Container

After you prepare the configuration file, you can run the image using docker run:

docker run --env-file env.list -d -it -p 8080:8000 \
    --name=powerauth-cloud wultra.jfrog.io/wultra-docker/powerauth-cloud:${VERSION}

This will launch the Docker container with the properties you specified and create database schema on the way.

You can now open http://localhost:8080/powerauth-cloud/. The basic HTTP authentication will pop up. You can close it for now - there are no users configured in the database. We will fix this in the Configuration chapter.

Using the Initialization Container

PowerAuth Cloud provides a separate initialization container (init container) image (powerauth-cloud-init) that runs only the Liquibase database migrations. Using the init container is optional but recommended because it:

• Ensures database schema is fully migrated before the application starts.
• Allows you to use a separate database user with elevated privileges for schema changes, while the application runtime user has only read/write access.

Pull the Init Container Image

docker login wultra.jfrog.io
docker pull wultra.jfrog.io/wultra-docker/powerauth-cloud-init:${VERSION}

Configure the Init Container

The init container uses the same database environment variables as the main container:

POWERAUTH_CLOUD_DATASOURCE_URL=jdbc:postgresql://host.docker.internal:5432/powerauth
POWERAUTH_CLOUD_DATASOURCE_USERNAME=$USERNAME$
POWERAUTH_CLOUD_DATASOURCE_PASSWORD=$PASSWORD$

Optionally, you can keep the init container running after the migration completes by setting:

KEEP_RUNNING=true
KEEP_RUNNING_PORT=666

This is useful in cloud environments where a completed init container that exits with code 0 may be restarted by the platform. When KEEP_RUNNING=true, the container stays alive by listening on the configured port after the migration finishes, preventing unwanted restarts. The port can also be used as a health check endpoint — a successful TCP connection or HTTP response indicates the migration has completed.

Disable Liquibase in the Main Container

When using the init container for migrations, disable Liquibase in the main container to avoid running migrations twice:

LQ_ENABLED=false

Read Next

• Configuration