-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
178 lines (141 loc) · 6.86 KB
/
.env.example
File metadata and controls
178 lines (141 loc) · 6.86 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
# CryptoFunk Environment Variables
# Copy this file to .env and fill in your values
# =============================================================================
# POSTGRESQL / TIMESCALEDB (REQUIRED)
# =============================================================================
# REQUIRED: Strong password for PostgreSQL (minimum 20 characters)
# Generate with: openssl rand -base64 32
POSTGRES_PASSWORD=CHANGE_ME_TO_SECURE_PASSWORD
# =============================================================================
# LLM API KEYS (REQUIRED)
# =============================================================================
# Anthropic Claude API Key (Primary)
# Get your key at: https://console.anthropic.com/
# REQUIRED: Replace with your actual API key before starting
ANTHROPIC_API_KEY=
# OpenAI API Key (Fallback)
# Get your key at: https://platform.openai.com/api-keys
# REQUIRED: Replace with your actual API key before starting
OPENAI_API_KEY=
# Google Gemini API Key (Optional Backup)
# Get your key at: https://makersuite.google.com/app/apikey
GEMINI_API_KEY=
# =============================================================================
# EXCHANGE API KEYS
# =============================================================================
# Binance API Keys
# Get testnet keys at: https://testnet.binance.vision/
# Get production keys at: https://www.binance.com/en/my/settings/api-management
BINANCE_API_KEY=your_binance_api_key
BINANCE_API_SECRET=your_binance_api_secret
# CoinGecko API Key (Optional - for market data)
# Get your key at: https://www.coingecko.com/en/api/pricing
COINGECKO_API_KEY=your_coingecko_api_key
# Other exchanges (if needed)
# COINBASE_API_KEY=your_coinbase_api_key
# COINBASE_SECRET_KEY=your_coinbase_secret
# KRAKEN_API_KEY=your_kraken_api_key
# KRAKEN_SECRET_KEY=your_kraken_secret
# =============================================================================
# GRAFANA (REQUIRED)
# =============================================================================
GRAFANA_ADMIN_USER=admin
# REQUIRED: Strong password for Grafana admin (minimum 20 characters)
# Generate with: openssl rand -base64 32
GRAFANA_ADMIN_PASSWORD=CHANGE_ME_TO_SECURE_PASSWORD
# =============================================================================
# ALERTMANAGER NOTIFICATION CHANNELS
# =============================================================================
# Slack webhook URL for alerts
# Create webhook at: https://api.slack.com/messaging/webhooks
# Example: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXX
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/WEBHOOK/URL
# SMTP configuration for email alerts
# For Gmail: smtp.gmail.com:587 (requires app password)
# For SendGrid: smtp.sendgrid.net:587
# For AWS SES: email-smtp.us-east-1.amazonaws.com:587
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_FROM=cryptofunk-alerts@example.com
SMTP_USERNAME=your-email@example.com
SMTP_PASSWORD=your-smtp-password
# Alert recipient emails
ALERT_EMAIL_TO=team@example.com
CRITICAL_ALERT_EMAIL_TO=oncall@example.com
# Telegram Bot (Optional)
# Create bot via @BotFather on Telegram: https://t.me/BotFather
# Enable with: TELEGRAM_ENABLED=true
TELEGRAM_BOT_TOKEN=your_telegram_bot_token
TELEGRAM_ENABLED=false
# =============================================================================
# APPLICATION CONFIGURATION
# =============================================================================
# Trading mode: PAPER (simulated) or LIVE (real money)
# ALWAYS start with PAPER mode for testing
TRADING_MODE=PAPER
# Log level: debug, info, warn, error
LOG_LEVEL=info
# REQUIRED: JWT secret for API authentication (minimum 32 characters)
# Generate with: openssl rand -base64 32
JWT_SECRET=CHANGE_ME_TO_SECURE_JWT_SECRET
# CORS origins for API (comma-separated or *)
CORS_ORIGINS=*
# Override trading symbols
# CRYPTOFUNK_TRADING_SYMBOLS=BTCUSDT,ETHUSDT,BNBUSDT
# Override initial capital
# CRYPTOFUNK_TRADING_INITIAL_CAPITAL=10000.0
# Override LLM model
# CRYPTOFUNK_LLM_PRIMARY_MODEL=claude-sonnet-4-20250514
# Override max positions
# CRYPTOFUNK_TRADING_MAX_POSITIONS=3
# =============================================================================
# MCP SERVER CONFIGURATION (m3)
# =============================================================================
# Bearer token required for all MCP HTTP transport requests.
# Leave unset only if MCP_ALLOW_NO_AUTH=1 is also set (for trusted networks).
# MCP_AUTH_TOKEN=your_secure_mcp_token_here
# Allowed CORS origin for browser-based MCP clients.
# Defaults to '*' (all origins) with a warning if unset.
# For production, restrict to your frontend domain: https://app.example.com
# MCP_CORS_ORIGIN=https://app.example.com
# Rate limit configuration for the MCP HTTP server (format: "rps,burst").
# Defaults to "100,200" (100 requests/sec, burst of 200).
# The limiter is global per-process — use a reverse proxy for per-IP limiting.
# MCP_RATE_LIMIT=100,200
# Set to any non-empty value to include server name and version in /health response.
# MCP_HEALTH_VERBOSE=1
# Set to "true" or "1" to allow MCP servers to start without MCP_AUTH_TOKEN.
# IMPORTANT: must be a valid boolean true value — "false" or empty string will NOT suppress
# the fatal error. Only use this on trusted internal networks (e.g. docker-compose, K8s
# cluster-internal) where authentication is handled by the network layer.
# MCP_ALLOW_NO_AUTH=true
# =============================================================================
# DEVELOPMENT ONLY
# =============================================================================
# Enable debug logging
# DEBUG=true
# Disable LLM calls (use cached responses)
# DISABLE_LLM=false
# =============================================================================
# PRODUCTION SETTINGS (IMPORTANT!)
# =============================================================================
# For production deployment:
# 1. Set CRYPTOFUNK_APP_ENVIRONMENT=production
# 2. Set strong POSTGRES_PASSWORD (use openssl rand -base64 32)
# 3. Set strong GRAFANA_ADMIN_PASSWORD (use openssl rand -base64 32)
# 4. Set strong JWT_SECRET (use openssl rand -base64 32)
# 5. Use production API keys (not testnet)
# 6. Set CRYPTOFUNK_DATABASE_SSL_MODE=require
# 7. Enable HashiCorp Vault (VAULT_ENABLED=true)
# 8. Enable rate limiting and monitoring
# 9. Set CRYPTOFUNK_TRADING_MODE=paper first (then live after testing)
# 10. NEVER use default credentials or placeholder values
# =============================================================================
# NOTES
# =============================================================================
# - All CRYPTOFUNK_* variables override values in configs/config.yaml
# - Keep this file SECRET - never commit it to version control
# - Use strong, unique passwords for all services
# - Start with TESTNET keys before using production
# - Always test in PAPER trading mode first
# - Monitor costs when using LLM APIs (enable caching!)