Getting Started
Roster ships as a single deployable platform image and exposes four integration surfaces from the same runtime:
- web platform
- REST API
- CLI access through MCP
- MCP server for agent runtimes
Prerequisites
Section titled “Prerequisites”- Docker or a container platform that can run the
advantys/rosterimage - a persistent
/datavolume - a generated
ROSTER_AUTH_SECRET - an explicit MCP auth mode for production
- provider-secret encryption keys when using directory connectors
Production Defaults
Section titled “Production Defaults”Use a persistent data directory for SQLite, worker journals, connector files, and runtime state:
ROSTER_DATA_DIR=/dataNODE_ENV=productionWith ROSTER_DATA_DIR=/data and no ROSTER_DATABASE_URL, SQLite defaults to
/data/roster.db.
Configure MCP authentication before exposing the server:
ROSTER_MCP_AUTH_MODE=oauthUse api_key,oauth only when production automation also needs API-key MCP
access alongside OAuth-based end-user MCP clients.
First Production Checklist
Section titled “First Production Checklist”- Mount
/dataon durable storage. - Set
ROSTER_AUTH_SECRETto a high-entropy secret. - Set
ROSTER_MCP_AUTH_MODEtooauthfor end-user MCP clients, orapi_key,oauthwhen automation also needs API-key access. - Set
ROSTER_MCP_RESOURCE_URIwhen using OAuth. - Set
ROSTER_PROVIDER_SECRET_ENCRYPTION_KEYbefore storing connector secrets. - Configure identity providers for human login.
- Create API keys with only the scopes each integration needs.
Next Steps
Section titled “Next Steps”- Use Production Deployment for container hosting on AWS, Google Cloud, Azure, Fly.io, and Kubernetes.
- Use Directory Connectors to connect enterprise directory data.
- Use Authentication to configure login and API access.
- Use MCP to expose Roster to agent runtimes.