Production Checklist
Things to verify before running Tzylo Auth CE in production.
Before deploying Tzylo Auth CE to production, review and verify the following checklist.
Environment configuration
NODE_ENVis set toproductionJWT_SECRETis strong and kept privateDATABASE_URLpoints to a production-ready database- Secrets are not committed to source control
Database readiness
- Database user has least-privilege access
- Automated backups are enabled
- Network access is restricted
Redis setup
- Redis is configured for production
- Redis is not shared with unrelated workloads
- Connection limits and memory policies are reviewed
Email and OTP
- SMTP credentials are production-grade
- Email delivery has been tested
- Spam filtering behavior is verified
Security settings
- HTTPS is enabled
- Cookies are configured correctly
- Rate limiting is enabled
Observability
- Startup and error logs are monitored
- Health checks are enabled
- Alerts are configured for failures
Final verification
POST /loginworksPOST /refreshworksGET /meworksPOST /logoutinvalidates sessions
Treat authentication infrastructure as critical. Test changes carefully before rolling them out.