Strom supports two authentication methods to protect your installation.
Perfect for web UI access with username/password login.
# Generate a password hash
cargo run -- hash-password
# Or with Docker:
docker run eyevinntechnology/strom:latest hash-password
# Enter your desired password when prompted
# Copy the generated hashexport STROM_ADMIN_USER="admin"
export STROM_ADMIN_PASSWORD_HASH='$2b$12$...' # Use single quotes to preserve special characters
# Run Strom
cargo run --release- Navigate to
http://localhost:8080 - Login with your configured username and password
- Session persists for 24 hours of inactivity
- Click "Logout" button in the top-right to end session
Perfect for programmatic access, scripts, and CI/CD.
export STROM_API_KEY="your-secret-api-key-here"
# Run Strom
cargo run --release# All API requests must include the Authorization header
curl -H "Authorization: Bearer your-secret-api-key-here" \
http://localhost:8080/api/flowsYou can enable both authentication methods simultaneously:
# Enable both session and API key authentication
export STROM_ADMIN_USER="admin"
export STROM_ADMIN_PASSWORD_HASH='$2b$12$...'
export STROM_API_KEY="your-secret-api-key-here"
cargo run --releaseUsers can then:
- Login via web UI with username/password
- Access API with Bearer token
docker run -p 8080:8080 \
-e STROM_ADMIN_USER="admin" \
-e STROM_ADMIN_PASSWORD_HASH='$2b$12$...' \
-e STROM_API_KEY="your-api-key" \
-v $(pwd)/data:/data \
eyevinntechnology/strom:latestAuthentication is disabled by default if no credentials are configured. To run without authentication (development only):
# Simply run without setting auth environment variables
cargo run --releaseWarning: Never expose an unauthenticated Strom instance to the internet or untrusted networks.
When authentication is enabled, all API endpoints except the following require authentication:
GET /health- Health checkPOST /api/login- Login endpointPOST /api/logout- Logout endpointGET /api/auth/status- Check auth status- Static assets (frontend files)