planka
by mekoman
Overview
A self-hosted Kanban board application designed for project management and team collaboration, deployable on Kubernetes using Helm.
Installation
git clone https://github.com/plankanban/planka.git && cd planka/charts/planka && helm dependency build && export SECRETKEY=$(openssl rand -hex 64) && helm install planka . --set secretkey=$SECRETKEY --set admin_email="demo@demo.demo" --set admin_password="demo" --set admin_name="Demo Demo" --set admin_username="demo"Environment Variables
- SECRET_KEY
- DATABASE_URL
- SESSION_SECRET
- DEFAULT_ADMIN_EMAIL
- DEFAULT_ADMIN_PASSWORD
- DEFAULT_ADMIN_NAME
- DEFAULT_ADMIN_USERNAME
- BASE_URL
- LOG_LEVEL
- TRUST_PROXY
- TOKEN_EXPIRES_IN
- PGSSLMODE
- KNEX_REJECT_UNAUTHORIZED_SSL_CERTIFICATE
- DEFAULT_LANGUAGE
- ACTIVE_USERS_LIMIT
- SHOW_DETAILED_AUTH_ERRORS
- S3_ENABLED
- S3_ENDPOINT
- S3_REGION
- S3_ACCESS_KEY_ID
- S3_SECRET_ACCESS_KEY
- S3_BUCKET
- S3_FORCE_PATH_STYLE
- OIDC_ENABLED
- OIDC_ISSUER
- OIDC_CLIENT_ID
- OIDC_CLIENT_SECRET
- OIDC_ID_TOKEN_SIGNED_RESPONSE_ALG
- OIDC_USERINFO_SIGNED_RESPONSE_ALG
- OIDC_SCOPES
- OIDC_RESPONSE_MODE
- OIDC_USE_DEFAULT_RESPONSE_MODE
- OIDC_ADMIN_ROLES
- OIDC_CLAIMS_SOURCE
- OIDC_EMAIL_ATTRIBUTE
- OIDC_NAME_ATTRIBUTE
- OIDC_USERNAME_ATTRIBUTE
- OIDC_ROLES_ATTRIBUTE
- OIDC_IGNORE_USERNAME
- OIDC_IGNORE_ROLES
- OIDC_ENFORCED
- SMTP_ENABLED
- SMTP_HOST
- SMTP_PORT
- SMTP_SECURE
- SMTP_NAME
- SMTP_USER
- SMTP_PASSWORD
- SMTP_FROM
- SMTP_TLS_REJECT_UNAUTHORIZED
- WEBHOOKS
Security Notes
The application has several hardcoded default credentials ('notsecretkey' for SECRET_KEY, 'demo' for admin_password) in its Docker Compose and Helm values for development/testing, which are explicitly highlighted in the README as critical to change for production. However, a crucial `session.secret` used for JWT signing is hardcoded to a static value in `server/config/models.js` without explicit warning in the README or a default randomization mechanism. This vulnerability could allow an attacker to forge JWT tokens if they are aware of this default secret, compromising all default installations. SQL query methods generally use parameterized queries, mitigating direct SQL injection risks. External process calls are used for notification scripts with controlled inputs.
Similar Servers
kanboard-mcp
This server integrates AI assistants with Kanboard, allowing natural language management of projects, tasks, users, and workflows.
backlog
Manage project backlog and tasks using Markdown files in a Git repository, designed for frictionless collaboration between AI agents and human developers.
watercooler-cloud
Facilitates asynchronous collaboration and knowledge management for AI agents by managing markdown-based discussion threads and syncing them via Git, with advanced features for branch parity and knowledge graph generation.
Ideate
A collaborative web application for real-time idea formation and sharing.