InkStoneConfiguration Reference
Contents
InkStone is configured entirely through environment variables. Create a .env file in the project root:
VAULT_PATH=/path/to/your/obsidian/vault
SECRET_KEY=change-me-to-a-long-random-string
ACCESS_TOKEN=optional-master-unlock-key
HIDE_ATTRIBUTION=0
Environment variables
| Variable | Required | Default | Description |
|---|---|---|---|
VAULT_PATH |
Yes | ./BlogPages |
Absolute path to your Obsidian vault directory. Falls back to ./BlogPages if unset or missing. |
SECRET_KEY |
Recommended | inkstone-dev-secret |
Flask session signing key. Sessions are invalidated on restart if not set. |
ACCESS_TOKEN |
No | โ | Master key that unlocks all private notes. Set to a long random string. |
HIDE_ATTRIBUTION |
No | 0 |
Set to 1 or true to remove the "built with InkStone" footer line. |
GISCUS_REPO |
No* | โ | GitHub repo for Giscus comments (e.g. user/repo). All three Giscus vars required. |
GISCUS_REPO_ID |
No* | โ | Giscus repo ID from giscus.app. |
GISCUS_CATEGORY_ID |
No* | โ | Giscus discussion category ID. |
VAULT_REPO |
No | โ | Git URL to clone a private vault at Docker build time. |
WEBHOOK_SECRET |
No | โ | Secret for validating GitHub webhook payloads on /webhook. |
URL_PATH_PREFIX |
No | โ | Subpath prefix when serving under a subdirectory (e.g. /inkstone). Also accepted as APPLICATION_ROOT. |
*All three GISCUS_* variables must be set together to enable comments.
SECRET_KEY in production
Generate a secure key with:
python3 -c "import secrets; print(secrets.token_hex(32))"
Set it as an environment variable or in .env. Without it, sessions (theme, unlocked private notes) reset every time the server restarts.