Dekart

Docker

Quick start

Start Dekart with zero configuration. This uses the built-in SQLite metadata database, local file storage, and file upload:

docker run -p 8080:8080 dekartxyz/dekart:latest

Open http://localhost:8080 and create a map.

To keep your maps and uploaded files between restarts, mount a host directory at /dekart/data:

docker run -p 8080:8080 \
  -v $(pwd)/dekart-data:/dekart/data \
  dekartxyz/dekart:latest

Amazon S3 backups

Back up the SQLite metadata database to an S3 bucket. Dekart uses the standard AWS SDK credential chain.

docker run -p 8080:8080 \
  -e DEKART_STORAGE=S3 \
  -e DEKART_CLOUD_STORAGE_BUCKET=your-s3-bucket \
  -e AWS_REGION=us-east-1 \
  -e AWS_ACCESS_KEY_ID=your-aws-access-key-id \
  -e AWS_SECRET_ACCESS_KEY=your-aws-secret-access-key \
  dekartxyz/dekart:latest

Google Cloud Storage backups

Back up the SQLite metadata database to a GCS bucket.

docker run -p 8080:8080 \
  -v /absolute/path/to/gcp-service-account.json:/run/secrets/gcp-service-account.json:ro \
  -e GOOGLE_APPLICATION_CREDENTIALS=/run/secrets/gcp-service-account.json \
  -e DEKART_STORAGE=GCS \
  -e DEKART_CLOUD_STORAGE_BUCKET=your-gcs-bucket \
  dekartxyz/dekart:latest

With Postgres metadata backend

The configurations below store metadata in Postgres instead of SQLite. Starting with version 0.23 a Postgres metadata backend requires a valid DEKART_LICENSE_KEY.

Get required SSO key

BigQuery

Use this when BigQuery is the datasource and GCS is the cache backend.

docker run --rm -p 8080:8080 \
  -v /absolute/path/to/gcp-service-account.json:/run/secrets/gcp-service-account.json:ro \
  -e GOOGLE_APPLICATION_CREDENTIALS=/run/secrets/gcp-service-account.json \
  -e DEKART_POSTGRES_DB=dekart \
  -e DEKART_POSTGRES_USER=postgres \
  -e DEKART_POSTGRES_PASSWORD=dekart \
  -e DEKART_POSTGRES_PORT=5432 \
  -e DEKART_POSTGRES_HOST=host.docker.internal \
  -e DEKART_LICENSE_KEY=your-license-key \
  -e DEKART_STORAGE=GCS \
  -e DEKART_DATASOURCE=BQ \
  -e DEKART_CLOUD_STORAGE_BUCKET=your-gcs-bucket \
  -e DEKART_BIGQUERY_PROJECT_ID=your-gcp-project-id \
  -e DEKART_BIGQUERY_MAX_BYTES_BILLED=53687091200 \
  -e DEKART_MAPBOX_TOKEN=your-mapbox-token \
  -e DEKART_CORS_ORIGIN=http://localhost:3000 \
  -e DEKART_ALLOW_FILE_UPLOAD=1 \
  dekartxyz/dekart:latest

Google OAuth configuration

Use this when users authenticate directly with Google OAuth in Dekart. A valid DEKART_LICENSE_KEY is required when SSO is enabled.

Get required SSO key

docker run --rm -p 8080:8080 \
  -e DEKART_POSTGRES_DB=dekart \
  -e DEKART_POSTGRES_USER=postgres \
  -e DEKART_POSTGRES_PASSWORD=dekart \
  -e DEKART_POSTGRES_PORT=5432 \
  -e DEKART_POSTGRES_HOST=host.docker.internal \
  -e DEKART_STORAGE=USER \
  -e DEKART_DATASOURCE=USER \
  -e DEKART_REQUIRE_GOOGLE_OAUTH=1 \
  -e DEKART_GOOGLE_OAUTH_CLIENT_ID=your-google-oauth-client-id \
  -e DEKART_GOOGLE_OAUTH_SECRET=your-google-oauth-client-secret \
  -e DEKART_LICENSE_KEY=your-license-key \
  -e DEKART_MAPBOX_TOKEN=your-mapbox-token \
  -e DEKART_CORS_ORIGIN=http://localhost:3000 \
  -e DEKART_ALLOW_FILE_UPLOAD=1 \
  dekartxyz/dekart:latest

Snowflake

Use this when Snowflake is the datasource.

docker run --rm -p 8080:8080 \
  -e DEKART_POSTGRES_DB=dekart \
  -e DEKART_POSTGRES_USER=postgres \
  -e DEKART_POSTGRES_PASSWORD=dekart \
  -e DEKART_POSTGRES_PORT=5432 \
  -e DEKART_POSTGRES_HOST=host.docker.internal \
  -e DEKART_LICENSE_KEY=your-license-key \
  -e DEKART_STORAGE=S3 \
  -e DEKART_DATASOURCE=SNOWFLAKE \
  -e DEKART_CLOUD_STORAGE_BUCKET=your-s3-bucket \
  -e AWS_REGION=us-east-1 \
  -e AWS_ACCESS_KEY_ID=your-aws-access-key-id \
  -e AWS_SECRET_ACCESS_KEY=your-aws-secret-access-key \
  -e DEKART_SNOWFLAKE_ACCOUNT_ID=your-snowflake-account-id \
  -e DEKART_SNOWFLAKE_USER=your-snowflake-user \
  -e DEKART_SNOWFLAKE_PASSWORD=your-snowflake-password \
  -e DEKART_MAPBOX_TOKEN=your-mapbox-token \
  -e DEKART_CORS_ORIGIN=http://localhost:3000 \
  -e DEKART_ALLOW_FILE_UPLOAD=1 \
  dekartxyz/dekart:latest

S3 cache and AWS SSO configuration

Use this when Snowflake query results are cached in S3 and auth is delegated via AWS OIDC headers from your load balancer.

Get required SSO key

docker run --rm -p 8080:8080 \
  -e DEKART_POSTGRES_DB=dekart \
  -e DEKART_POSTGRES_USER=postgres \
  -e DEKART_POSTGRES_PASSWORD=dekart \
  -e DEKART_POSTGRES_PORT=5432 \
  -e DEKART_POSTGRES_HOST=host.docker.internal \
  -e DEKART_STORAGE=S3 \
  -e DEKART_DATASOURCE=SNOWFLAKE \
  -e DEKART_REQUIRE_AMAZON_OIDC=1 \
  -e DEKART_LICENSE_KEY=your-license-key \
  -e DEKART_CLOUD_STORAGE_BUCKET=your-s3-bucket \
  -e AWS_REGION=us-east-1 \
  -e AWS_ACCESS_KEY_ID=your-aws-access-key-id \
  -e AWS_SECRET_ACCESS_KEY=your-aws-secret-access-key \
  -e DEKART_SNOWFLAKE_ACCOUNT_ID=your-snowflake-account-id \
  -e DEKART_SNOWFLAKE_USER=your-snowflake-user \
  -e DEKART_SNOWFLAKE_PASSWORD=your-snowflake-password \
  -e DEKART_MAPBOX_TOKEN=your-mapbox-token \
  -e DEKART_CORS_ORIGIN=http://localhost:3000 \
  -e DEKART_ALLOW_FILE_UPLOAD=1 \
  dekartxyz/dekart:latest

Postgres

Use this when Postgres is the datasource and Dekart stores replayable query state in Postgres (DEKART_STORAGE=PG). File upload is not supported with DEKART_STORAGE=PG and is disabled automatically.

docker run --rm -p 8080:8080 \
  -e DEKART_POSTGRES_DB=dekart \
  -e DEKART_POSTGRES_USER=postgres \
  -e DEKART_POSTGRES_PASSWORD=dekart \
  -e DEKART_POSTGRES_PORT=5432 \
  -e DEKART_POSTGRES_HOST=host.docker.internal \
  -e DEKART_LICENSE_KEY=your-license-key \
  -e DEKART_STORAGE=PG \
  -e DEKART_DATASOURCE=PG \
  -e DEKART_POSTGRES_DATASOURCE_CONNECTION=postgres://postgres:dekart@host.docker.internal:5432/dekart_geo?sslmode=disable \
  -e DEKART_MAPBOX_TOKEN=your-mapbox-token \
  -e DEKART_CORS_ORIGIN=http://localhost:3000 \
  dekartxyz/dekart:latest

OIDC configuration

Use this when authentication is handled by a trusted reverse proxy forwarding OIDC JWT headers.

Get required SSO key

docker run --rm -p 8080:8080 \
  -e DEKART_POSTGRES_DB=dekart \
  -e DEKART_POSTGRES_USER=postgres \
  -e DEKART_POSTGRES_PASSWORD=dekart \
  -e DEKART_POSTGRES_PORT=5432 \
  -e DEKART_POSTGRES_HOST=host.docker.internal \
  -e DEKART_STORAGE=PG \
  -e DEKART_DATASOURCE=PG \
  -e DEKART_POSTGRES_DATASOURCE_CONNECTION=postgres://postgres:dekart@host.docker.internal:5432/dekart_geo?sslmode=disable \
  -e DEKART_REQUIRE_OIDC=1 \
  -e DEKART_OIDC_JWKS_URL=https://idp.example.com/realms/dekart/protocol/openid-connect/certs \
  -e DEKART_OIDC_ISSUER=https://idp.example.com/realms/dekart \
  -e DEKART_OIDC_AUDIENCE=oauth2-proxy \
  -e DEKART_LICENSE_KEY=your-license-key \
  -e DEKART_MAPBOX_TOKEN=your-mapbox-token \
  -e DEKART_CORS_ORIGIN=http://localhost:3000 \
  dekartxyz/dekart:latest

For full proxy wiring details, see Keycloak OIDC reverse proxy.

Edit this page on GitHub

← GIS Analytics Cost Comparison
Docker Compose →