Deployment Modes
| Mode | Auth | Best For |
|---|---|---|
local_trusted | No login required | Single-operator local machine |
authenticated + private | Login required | Private network (Tailscale, VPN, LAN) |
authenticated + public | Login required | Internet-facing cloud deployment |
Quick Comparison
Local Trusted (Default)
- Loopback-only host binding (localhost)
- No human login flow
- Fastest local startup
- Best for: solo development and experimentation
Authenticated + Private
- Login required via Better Auth
- Binds to all interfaces for network access
- Auto base URL mode (lower friction)
- Best for: team access over Tailscale or local network
Authenticated + Public
- Login required
- Explicit public URL required
- Stricter security checks
- Best for: cloud hosting, internet-facing deployment
Choosing a Mode
| Scenario | Recommended Mode |
|---|---|
| Just trying DarkDuck | local_trusted (default) |
| Sharing with a team on private network | authenticated + private |
| Deploying to the cloud | authenticated + public |
Infrastructure Options
| Component | Options |
|---|---|
| Database | Embedded PGlite (default), Docker PostgreSQL, Hosted PostgreSQL |
| Storage | Local disk (default), S3-compatible object storage |
| Secrets | Local encrypted (default), environment variable override |
| Runtime | Node.js direct, Docker container |
Local Development
Run DarkDuck locally with zero external dependencies
Docker
Run DarkDuck in Docker without installing Node or pnpm
Deployment Modes
Detailed configuration for each deployment mode