Overview

Wealthfolio is a beautiful, open-source, local-first personal finance and investment tracker that keeps all of your data in your own SQLite database with no cloud dependency.

Runtime arguments

Web UI: http://[IP]:[PORT:8088]/
Network: bridge
Shell: sh
Privileged: false
Extra Params: --user=99:100 --health-cmd="wget --quiet --tries=1 --spider http://127.0.0.1:8088/api/v1/healthz || exit 1" --health-interval=30s --health-timeout=10s --health-retries=3 --health-start-period=15s

Template configuration

WebUI PortPorttcp

Host port to expose. Change if 8088 clashes with another container.

Target: 8088
Default: 8088
Value: 8088

AppdataPathrw

Holds the SQLite database (wealthfolio.db) and the encrypted secrets file. BACK THIS UP.

Target: /data
Default: /mnt/user/appdata/wealthfolio
Value: /mnt/user/appdata/wealthfolio

WF_SECRET_KEYVariable

REQUIRED. 32-byte key used to encrypt secrets at rest and sign session tokens. Generate ONCE with: openssl rand -base64 32 -- then save it somewhere safe. Losing it means losing all stored API keys and broker credentials.

WF_AUTH_PASSWORD_HASHVariable

REQUIRED unless WF_AUTH_REQUIRED=false. Argon2id PHC hash of your login password. Generate with: printf '%s' 'your-password' | argon2 yoursalt16chars -id -e -- then paste the full argon2id PHC string here.

WF_CORS_ALLOW_ORIGINSVariable

REQUIRED when auth is enabled. Comma-separated list of origins allowed to call the API. Must EXACTLY match the URL in your browser address bar (scheme, host, and port). Example: http://192.168.1.10:8088 or https://wealthfolio.example.com

WF_AUTH_REQUIREDVariable

Set to false if a reverse proxy handles authentication (in which case leave WF_AUTH_PASSWORD_HASH empty).

Default: true
Value: true

WF_AUTH_TOKEN_TTL_MINUTESVariable

Session access token lifetime in minutes.

Default: 60
Value: 60

WF_REQUEST_TIMEOUT_MSVariable

HTTP request timeout in milliseconds. Default is 5 minutes -- generous to accommodate large broker syncs.

Default: 300000
Value: 300000

WF_LISTEN_ADDRVariable

Bind address inside the container. Leave at 0.0.0.0:8088 unless you know what you are doing.

Default: 0.0.0.0:8088
Value: 0.0.0.0:8088

WF_DB_PATHVariable

SQLite database path inside the container. Must live under /data so it persists.

Default: /data/wealthfolio.db
Value: /data/wealthfolio.db

WF_LOG_FORMATVariable

Log format: text (human-readable) or json (structured).

Default: text
Value: text

Links

Template Support Docker Hub Project

Details

Repository

wealthfolio/wealthfolio:latest

Registry

https://hub.docker.com/r/wealthfolio/wealthfolio

Last Updated2026-05-15

First Seen2026-05-16

Run Wealthfolio on Unraid.

Wealthfolio is listed in Community Apps for Unraid OS. Explore Unraid to build a flexible home server, NAS, or homelab.

Explore Unraid OS

Wealthfolio