Self-hosted overview

Run SecureBuild on your own infrastructure: provision object storage, a container registry, and build capacity, then supply configuration to the Go worker and the Next.js app. No hosted secrets product is required—use a YAML file, environment variables, or your own secret store.

Guides

• Infrastructure— worker, securebuild-app (Next.js), S3-compatible storage, OCI registry, where builds run (local or static VMs), and the APK HTTP origin plus signing keys.
• Configuration reference— every Param YAML key / env override for Go services, and environment variables used by the Next.js app.

How configuration is loaded (Go services)

Set SECUREBUILD_CONFIG_SOURCE to a .yaml path (values can be overridden by environment variables with the same names in UPPER_SNAKE_CASE) or to env to load only from the environment. For self-hosted deployments, set this explicitly; do not rely on the default.

Example YAML in the repository

The SecureBuild repo ships securebuild-config.example.yaml as a starting point. Copy it to securebuild-config.yaml (or another path) and point SECUREBUILD_CONFIG_SOURCE at it.