UI
Authentication
Sign in, manage accounts, and configure authentication providers.
Authentication
Piyaz uses Better Auth for authentication. In self-hosted mode, you control the auth configuration entirely through environment variables.
Screenshot coming soon.
Configuration
Authentication is configured via two environment variables:
| Variable | Description |
|---|---|
BETTER_AUTH_SECRET | A random secret (at least 32 characters). Generate with openssl rand -base64 32. |
BETTER_AUTH_URL | The base URL of your Piyaz instance (e.g., http://localhost:3000). |
See Environment Variables for the full list.
Database
Better Auth stores session and account data in the same PostgreSQL database as the rest of Piyaz. The docker/init-auth.sql script creates the required auth tables automatically when the database container starts for the first time.
Self-Hosted Considerations
When self-hosting Piyaz:
- The
BETTER_AUTH_SECRETmust be unique to your deployment. Never reuse secrets across environments. - Set
BETTER_AUTH_URLto the external URL where your instance is accessible. This affects redirect URLs during authentication flows. - All auth data stays in your database. Nothing is sent to external services.