Production Best Practices
When properly configured, a self-hosted GrowthBook deployment can scale to billions of requests per month.
The default settings in the docker-compose
file are meant to get you up and running quickly on a local dev machine. There are a few things to keep in mind when deploying GrowthBook securely at scale in production.
Security
There are a number of best practices to keep your GrowthBook deployment secure.
Encryption Keys and Secrets
First, make sure you pick long, random strings for your encryption keys and secrets. Specifically, there are 3 environment variables that need to be configured:
- NODE_ENV - Set to
production
to turn on additional security checks and logging - JWT_SECRET - Auth signing key (use a long random string)
- ENCRYPTION_KEY - Data source credential encryption key (use a long random string)
If you change the ENCRYPTION_KEY
, you will need to migrate any existing data sources using the following script:
# If you didn't have an ENCRYPTION_KEY before, leave OLD_KEY blank below
docker-compose run growthbook yarn migrate-encryption-key OLD_KEY