Kimai should be configured for trustworthy time-tracking data, role boundaries, and accurate reporting.
APP_ENV=prod
APP_SECRET=replace-with-long-random-secret
DATABASE_URL=mysql://kimai:replace@127.0.0.1:3306/kimai
TRUSTED_HOSTS='^kimai\.example\.com$'
- Define project/activity structure before opening to all users.
- Restrict timesheet edit/delete rights.
- Configure lock periods for approved billing windows.
¶ Auth and integration
- Integrate LDAP/SSO where possible.
- Limit API token scopes for external billing tools.
- Audit admin changes regularly.
¶ Backup and recovery
Back up DB and custom configs/plugins. Validate restored timesheets and reports.
- Timer/session errors monitored.
- Billing report consistency checks scheduled.
- Backup restore tested.
Feel free to contact us. Find all contact information on our contact page.