Copy Generated Envs to Production
⚠️ Common issue for production deployments
Headlockr automatically generates a number of environment variables for you when running locally.
This only works reliably in your local environment.
When you deploy to production, you must copy these generated environment variables into your real production setup, for example:
- Azure App Services
- AWS
- Heroku
- Render
- Railway
- Docker or Kubernetes secrets
- Any other hosting platform
Why this is important
If you do not copy these generated environment variables to production, Headlockr can start behaving unpredictably.
Common examples:
- TOTP codes becoming invalid after each deploy
- Existing MFA sessions no longer being valid
- Encrypted Headlockr data no longer being readable
- Users being forced to re-enroll or reconfigure authentication methods
This usually happens because the underlying secrets rotate between deployments when they are not explicitly persisted in your production environment.
What should I do?
After Headlockr generates the required env values locally, copy them to your production environment and keep them stable across deploys.
In practice, this means:
- Start Headlockr locally once so the required env values are generated.
- Copy the generated Headlockr-related env values into your production environment variables or secret manager.
- Reuse those same values for every deploy.
Do not let these values change on each deployment.
Important reminder
Treat these generated envs as persistent secrets, not temporary development values.
If they are different between deployments, you can run into issues such as invalid TOTP verification, broken sessions, and rotating encryption secrets.