unkeyed · Flo4604 · Oct 6, 2025 · Oct 3, 2025 · Oct 3, 2025 · Oct 3, 2025
@@ -10,7 +10,7 @@ unkey run ctrl [flags]
 ```
 
 <Banner type="warn">
-Some flags are required for this command to work properly.
+  Some flags are required for this command to work properly.
 </Banner>
 
 ## Flags
@@ -21,6 +21,7 @@ HTTP port for the control plane server to listen on. Default: 8080
 - **Type:** integer
 - **Default:** `8080`
 - **Environment:** `UNKEY_HTTP_PORT`
+
 </Callout>
 
 <Callout type="info" title="--color">
@@ -29,20 +30,23 @@ Enable colored log output. Default: true
 - **Type:** boolean
 - **Default:** `true`
 - **Environment:** `UNKEY_LOGS_COLOR`
+
 </Callout>
 
 <Callout type="info" title="--platform">
 Cloud platform identifier for this node. Used for logging and metrics.
 
 - **Type:** string
 - **Environment:** `UNKEY_PLATFORM`
+
 </Callout>
 
 <Callout type="info" title="--image">
 Container image identifier. Used for logging and metrics.
 
 - **Type:** string
 - **Environment:** `UNKEY_IMAGE`
+
 </Callout>
 
 <Callout type="info" title="--region">
@@ -51,6 +55,7 @@ Geographic region identifier. Used for logging and routing. Default: unknown
 - **Type:** string
 - **Default:** `"unknown"`
 - **Environment:** `AWS_REGION`
+
 </Callout>
 
 <Callout type="info" title="--instance-id">
@@ -59,27 +64,23 @@ Unique identifier for this instance. Auto-generated if not provided.
 - **Type:** string
 - **Default:** `"ins_5PkxT8"`
 - **Environment:** `UNKEY_INSTANCE_ID`
+
 </Callout>
 
 <Callout type="info" title="--database-primary (required)">
 MySQL connection string for primary database. Required for all deployments. Example: user:pass@host:3306/unkey?parseTime=true
 
 - **Type:** string
 - **Environment:** `UNKEY_DATABASE_PRIMARY`
+
 </Callout>
 
 <Callout type="info" title="--database-partition (required)">
 MySQL connection string for partition database. Required for all deployments. Example: user:pass@host:3306/partition_002?parseTime=true
 
 - **Type:** string
 - **Environment:** `UNKEY_DATABASE_PARTITION`
-</Callout>
-
-<Callout type="info" title="--database-hydra (required)">
-MySQL connection string for hydra database. Required for all deployments. Example: user:pass@host:3306/hydra?parseTime=true
 
-- **Type:** string
-- **Environment:** `UNKEY_DATABASE_HYDRA`
 </Callout>
 
 <Callout type="info" title="--otel">
@@ -88,6 +89,7 @@ Enable OpenTelemetry tracing and metrics
 - **Type:** boolean
 - **Default:** `false`
 - **Environment:** `UNKEY_OTEL`
+
 </Callout>
 
 <Callout type="info" title="--otel-trace-sampling-rate">
@@ -96,41 +98,47 @@ Sampling rate for OpenTelemetry traces (0.0-1.0). Only used when --otel is provi
 - **Type:** float
 - **Default:** `0.25`
 - **Environment:** `UNKEY_OTEL_TRACE_SAMPLING_RATE`
+
 </Callout>
 
 <Callout type="info" title="--tls-cert-file">
 Path to TLS certificate file for HTTPS. Both cert and key must be provided to enable HTTPS.
 
 - **Type:** string
 - **Environment:** `UNKEY_TLS_CERT_FILE`
+
 </Callout>
 
 <Callout type="info" title="--tls-key-file">
 Path to TLS key file for HTTPS. Both cert and key must be provided to enable HTTPS.
 
 - **Type:** string
 - **Environment:** `UNKEY_TLS_KEY_FILE`
+
 </Callout>
 
 <Callout type="info" title="--auth-token">
 Authentication token for control plane API access. Required for secure deployments.
 
 - **Type:** string
 - **Environment:** `UNKEY_AUTH_TOKEN`
+
 </Callout>
 
 <Callout type="info" title="--krane-address (required)">
 Full URL of the krane service for VM operations. Required for deployments. Example: https://krane.example.com:8080
 
 - **Type:** string
 - **Environment:** `UNKEY_KRANE_ADDRESS`
+
 </Callout>
 
 <Callout type="info" title="--api-key (required)">
 API key for simple authentication (demo purposes only). Will be replaced with JWT authentication.
 
 - **Type:** string
 - **Environment:** `UNKEY_API_KEY`
+
 </Callout>
 
 <Callout type="info" title="--spiffe-socket-path">
@@ -139,41 +147,47 @@ Path to SPIFFE agent socket for mTLS authentication. Default: /var/lib/spire/age
 - **Type:** string
 - **Default:** `"/var/lib/spire/agent/agent.sock"`
 - **Environment:** `UNKEY_SPIFFE_SOCKET_PATH`
+
 </Callout>
 
 <Callout type="info" title="--vault-master-keys (required)">
 Vault master keys for encryption
 
 - **Type:** string[]
 - **Environment:** `UNKEY_VAULT_MASTER_KEYS`
+
 </Callout>
 
 <Callout type="info" title="--vault-s3-url (required)">
 S3 Compatible Endpoint URL
 
 - **Type:** string
 - **Environment:** `UNKEY_VAULT_S3_URL`
+
 </Callout>
 
 <Callout type="info" title="--vault-s3-bucket (required)">
 S3 bucket name
 
 - **Type:** string
 - **Environment:** `UNKEY_VAULT_S3_BUCKET`
+
 </Callout>
 
 <Callout type="info" title="--vault-s3-access-key-id (required)">
 S3 access key ID
 
 - **Type:** string
 - **Environment:** `UNKEY_VAULT_S3_ACCESS_KEY_ID`
+
 </Callout>
 
 <Callout type="info" title="--vault-s3-access-key-secret (required)">
 S3 secret access key
 
 - **Type:** string
 - **Environment:** `UNKEY_VAULT_S3_ACCESS_KEY_SECRET`
+
 </Callout>
 
 <Callout type="info" title="--acme-enabled">
@@ -182,6 +196,7 @@ Enable Let's Encrypt for acme challenges
 - **Type:** boolean
 - **Default:** `false`
 - **Environment:** `UNKEY_ACME_ENABLED`
+
 </Callout>
 
 <Callout type="info" title="--acme-cloudflare-enabled">
@@ -190,13 +205,15 @@ Enable Cloudflare for wildcard certificates
 - **Type:** boolean
 - **Default:** `false`
 - **Environment:** `UNKEY_ACME_CLOUDFLARE_ENABLED`
+
 </Callout>
 
 <Callout type="info" title="--acme-cloudflare-api-token">
 Cloudflare API token for Let's Encrypt
 
 - **Type:** string
 - **Environment:** `UNKEY_ACME_CLOUDFLARE_API_TOKEN`
+
 </Callout>
 
 <Callout type="info" title="--default-domain">
@@ -205,4 +222,5 @@ Default domain for auto-generated hostnames
 - **Type:** string
 - **Default:** `"unkey.app"`
 - **Environment:** `UNKEY_DEFAULT_DOMAIN`
+
 </Callout>
@@ -8,7 +8,6 @@ description: "How database schemas are managed and applied in the Unkey platform
 Unkey uses multiple MySQL databases that are automatically created and initialized during development:
 
 - **unkey**: Main application database containing APIs, keys, workspaces, and related data
-- **hydra**: Workflow orchestration engine database for managing deployment workflows
 - **partition_00X**: Dataplane partition database
 
 ## Schema Files
@@ -17,6 +16,7 @@ Schema definitions are maintained in separate files:
 
 - `go/pkg/db/schema.sql` - Main Unkey application schema
 - `go/pkg/partition/schema.sql` - Dataplane schema
+
 ## Docker Development Setup
 
 During local development, schemas are automatically applied via Docker:

@@ -6,7 +6,6 @@ COPY deployment/init-databases.sql /docker-entrypoint-initdb.d/00-init-databases
 # Copy schemas from their respective packages
 COPY go/pkg/db/schema.sql /docker-entrypoint-initdb.d/01-main-schema.sql
 COPY go/pkg/partition/db/schema.sql /docker-entrypoint-initdb.d/02-partition-schema.sql
-COPY go/pkg/hydra/store/schema.sql /docker-entrypoint-initdb.d/03-hydra-schema.sql
 
 # Copy seed data for local development
 COPY deployment/04-seed-workspace.sql /docker-entrypoint-initdb.d/04-seed-workspace.sql
@@ -336,7 +336,6 @@ services:
       - /var/run/docker.sock:/var/run/docker.sock
     environment:
       UNKEY_DATABASE_PRIMARY: "unkey:password@tcp(mysql:3306)/unkey?parseTime=true&interpolateParams=true"
-      UNKEY_DATABASE_HYDRA: "unkey:password@tcp(mysql:3306)/hydra?parseTime=true&interpolateParams=true"
       UNKEY_DATABASE_PARTITION: "unkey:password@tcp(mysql:3306)/partition_001?parseTime=true&interpolateParams=true"
 
       # Control plane configuration

@@ -1,13 +1,11 @@
 -- Initialize multiple databases for the Unkey deployment platform
 CREATE DATABASE IF NOT EXISTS unkey;
-CREATE DATABASE IF NOT EXISTS hydra;
 CREATE DATABASE IF NOT EXISTS partition_001;
 
 -- Create the unkey user
 CREATE USER IF NOT EXISTS 'unkey'@'%' IDENTIFIED BY 'password';
 
 -- Grant permissions to unkey user for all databases
 GRANT ALL PRIVILEGES ON unkey.* TO 'unkey'@'%';
-GRANT ALL PRIVILEGES ON hydra.* TO 'unkey'@'%';
 GRANT ALL PRIVILEGES ON partition_001.* TO 'unkey'@'%';
 FLUSH PRIVILEGES;