Docker Deployment

Quick Start

Run Expunct with SQLite for development or evaluation:


docker run -p 8000:8000 \
  -e DATABASE_URL=sqlite+aiosqlite:///./data/db.sqlite \
  -e API_KEY_SECRET=your-secret-key \
  -v pii-data:/app/data \
  ghcr.io/uni-qingzhuo-zhen/pii-redactor:latest

The API will be available at http://localhost:8000. PaddleOCR models are downloaded automatically on first run.

Docker Compose

For a production-like setup with PostgreSQL:


version: "3.8"
services:
  api:
    image: ghcr.io/uni-qingzhuo-zhen/pii-redactor:latest
    ports:
      - "8000:8000"
    environment:
      DATABASE_URL: postgresql+asyncpg://pii:secret@db:5432/pii_redactor
      API_KEY_SECRET: ${API_KEY_SECRET}
      ENCRYPTION_KEY: ${ENCRYPTION_KEY}
    depends_on:
      - db
    volumes:
      - pii-data:/app/data
 
  db:
    image: postgres:15-alpine
    environment:
      POSTGRES_USER: pii
      POSTGRES_PASSWORD: secret
      POSTGRES_DB: pii_redactor
    volumes:
      - pg-data:/var/lib/postgresql/data
 
volumes:
  pii-data:
  pg-data:

Start the stack:


# Set required secrets
export API_KEY_SECRET=$(openssl rand -hex 32)
export ENCRYPTION_KEY=$(python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())")
 
# Start services
docker compose up -d

Building from Source


docker build -t pii-redactor .

The Dockerfile uses a Chainguard Python 3.12 base image for a minimal attack surface. The build process installs all dependencies and downloads PaddleOCR models at build time for faster cold starts.

Health Check

Verify the service is running:


curl http://localhost:8000/health

Volumes

Mount Point	Purpose
`/app/data`	SQLite database, temporary file storage, OCR model cache

For PostgreSQL deployments, /app/data is only used for temporary file storage and can be an ephemeral volume if files are stored in cloud storage.