Skip to main content

Configure the plugin

Just like any other plugin in Strapi, Headlockr requires some default configuration in order to get it up and running. Most of the required environment variables are autogenerated by Headlockr the first time you start up Headlockr. The only required environment variable is HEADLOCKR_LICENSE_KEY. Please follow the tutorial at the next chapter on how to set this up.

Headlockr Config file

Headlockr comes with the default configuration file below which can be overwritten. However, we must warn you that doing so might break the plugin. So please use with caution!

If you'd like to overwrite the default configuration, create a new file or edit your existing plugins config file located at ./config/plugins.js|ts

danger

Please be aware that disabling headlockr and enabling it afterwards will wipe all your previous saved data from the database. This is something that we do not have control over since this is happening from within the Strapi Core.

  headlockr: {
    enabled: true, // ❗️ Caution: disabling the plugin will wipe previous data from the database.
    config: {
      // Optionally: Headlockr will cleanup any expired otp codes that were generated by it recurringly.
      cron: {
        enabled: true,
        schedule: "0 0 * * *", // This will run the cron job every day at midnight. Any Cron expression can we used here.
      },
      licenseKey: env("HEADLOCKR_LICENSE_KEY"), // Your license key that you received from us
      auth: {
        encryptionIv: env("ENCRYPTION_IV_HEADLOCKR"), // A random 32 bytes long base64 string *
        encryptionKey: env("ENCRYPTION_KEY_HEADLOCKR"), // A random 16 bytes long base64 string *
        backupEncryptionIv: env("ENCRYPTION_IV_HEADLOCKR_BACKUP"), // *
        backupEncryptionKey: env("ENCRYPTION_KEY_HEADLOCKR_BACKUP"), // *
        secret: env("MFA_SECRET"), // This is the secret used to sign the shortlived tokens
        phoneTokenSecret: env("PHONE_TOKEN_SECRET"), // This is the secret used to sign the phone tokens that are used during phone registration of a user
        // Any option that jwt supports
        options: {
          expiresIn: "5m",
          audience: "strapi-admin-panel",
          issuer: "headlockr-admin-auth",
        },
      },
       twilio: {
        accountSid: env("TWILIO_ACCOUNT_SID"),
        apiKeySid: env("TWILIO_API_KEY_SID"),
        apiKeySecret: env("TWILIO_API_KEY_SECRET"),
        from: env("TWILIO_PHONE_NUMBER"),
      },
      cookies: {
        httpOnly: false,
        secure: process.env.NODE_ENV === "production",
        sameSite: "Lax",
        //maxAge: 1000 * 60 * 5, // 5 minutes
        path: "/",
      },
    },
  },