Provider

This page is auto-synced from apps/provider/README.md in the pokt-network/igniter repo. Edit it there — changes here are overwritten on every build.

The Provider app is the operator-facing web interface for Pocket Network supplier operations (Shannon protocol). It provides tooling to help operators manage supplier keys, configure stakes, organize address groups, and set up delegator revenue sharing.

This README covers configuration and usage for node operators. For local development with Tilt, see the Contributing guide.


Table of Contents


Deployment

For step-by-step deployment instructions (dependencies, configuration, and startup), see the Docker Compose guide.


Environment Variables

Provider reads its configuration from a single .env file at docker-compose/apps/provider/.env. Copy .env.sample as a starting point.

All variables below are sourced from docker-compose/apps/provider/.env.sample.

Compose

VariableRequiredDescriptionExample / Default
COMPOSE_PROJECT_NAMEOptionalDocker Compose project name — scopes container namesigniter-provider

Next.js

VariableRequiredDescriptionExample / Default
NODE_ENVOptionalNode runtime environmentproduction
LOG_LEVELOptionalLogging verbosity (error, warn, info, debug)info

Temporal

VariableRequiredDescriptionExample / Default
TEMPORAL_URLRequiredAddress of the Temporal server (from dependencies compose)temporal:7233
TEMPORAL_NAMESPACERequiredTemporal namespace for Provider workflowsprovider
TEMPORAL_TASK_QUEUERequiredTask queue name for dispatching workflow tasksprovider-operations
TEMPORAL_WORKFLOW_RETENTIONOptionalHow long to retain completed workflow history, in seconds604800 (7 days)

PostgreSQL

VariableRequiredDescriptionExample / Default
PGHOSTRequiredPostgreSQL hostname (service name from dependencies compose)postgresql
PGUSERRequiredPostgreSQL username — must match POSTGRES_USER in dependencies .envigniter
PGPASSWORDRequiredPostgreSQL password — must match POSTGRES_PASSWORD in dependencies .env(no default — set this)
DB_NAMERequiredDatabase name for Providerprovider
DATABASE_URLRequiredFull connection string — interpolated from the four vars abovepostgres://${PGUSER}:${PGPASSWORD}@${PGHOST}:5432/${DB_NAME}?sslmode=disable

Note: PGPASSWORD must exactly match POSTGRES_PASSWORD in docker-compose/dependencies/.env. If they don’t match, migrations and the app will fail to connect.

Pocket Network

VariableRequiredDescriptionExample / Default
POKT_RPC_URLRequiredCometBFT RPC endpoint. Seeded into the database on first boot if not already configured via the setup wizardhttps://sauron-rpc.beta.infra.pocket.network
CHAIN_IDRequiredBlockchain chain identifierpocket-beta
BLOCKCHAIN_PROTOCOLRequiredProtocol version (shannon)shannon
OWNER_IDENTITYRequiredPOKT bech32 wallet address of the Provider owner — must be a valid pokt1... address. Used to restrict pre-bootstrap login via SIWPpokt1abc123...
OWNER_EMAILRequiredEmail address for the owner accountoperator@example.com
APP_IDENTITYRequiredHex-encoded private key used by the Provider to sign governance responses sent to the Middleman(your private key hex)
MINIMUM_STAKE_BUFFEROptionalBuffer subtracted from minimum on-chain stake to allow nodes to operate after slashes, in uPOKT500000000
DELEGATORS_CDN_URLOptionalCDN URL template for fetching delegator configuration JSON. {chainId} is replaced at runtimehttps://raw.githubusercontent.com/.../middleman.json

Application

VariableRequiredDescriptionExample / Default
APP_URLRequiredPublic URL where Provider is accessible — used for redirect links and CORShttp://localhost:3001
AUTH_URLRequiredURL used by NextAuth for auth callbacks — typically same as APP_URLhttp://localhost:3001
AUTH_TRUST_HOSTOptionalSet true if running behind a reverse proxy (trusts X-Forwarded-* headers)false

Security / Encryption

VariableRequiredDescriptionHow to generate
ENCRYPTION_IVRequiredInitialization vector for database private key encryptionopenssl rand -hex 16
ENCRYPTION_KEYRequiredKey for database private key encryptionopenssl rand -hex 32
AUTH_SECRETRequiredSecret used to encrypt website session tokensopenssl rand -hex 24

Note: Generate unique values for ENCRYPTION_IV, ENCRYPTION_KEY, and AUTH_SECRET before deploying. Never reuse values across environments or share them publicly.


Database Migrations

Migrations run automatically via the provider-migration service every time you run docker compose up. The service uses Drizzle ORM to apply any pending schema changes, then exits with code 0. The web and workflows services will not start until migration completes successfully.

If you need to run migrations manually outside of Docker (e.g., in CI or during local development):

bash
pnpm provider:migration:migrate

Bootstrap Wizard

After deployment, the Provider app is running but not yet configured. The bootstrap wizard is a one-time setup flow that walks you through connecting to the blockchain, setting your identity, configuring regions, relay miners, services, address groups, and delegators.

For the detailed step-by-step walkthrough, see the Bootstrap guide.


Guides

Step-by-step tutorials for common Provider workflows.

GuideWhat it covers
Bootstrap WizardOne-time setup wizard — blockchain, identity, regions, miners, services
How to set up a relay miner with address groupsConfigure a miner, create groups, and assign services step by step
How to manage your key inventoryImport keys, track their lifecycle states, and export when needed
How to onboard a new delegatorEnd-to-end flow from receiving keys to enabling a delegator

Reference

Detailed feature documentation for each admin area.

DocWhat it covers
Relay MinersRegister and configure relay miner nodes
Address GroupsOrganize miners into groups with service and revenue share configuration
Key ManagementImport, track, and export supplier keys through their lifecycle
DelegatorsEnable delegators and manage revenue sharing, including CDN import