agentKeys/scripts/broker.test.env at main · litentry/agentKeys · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# AgentKeys broker env file — TEST broker host.
#
# Parallel of scripts/broker.env (which targets the prod broker).
# Source on the TEST BROKER HOST (test EC2). Single-tenant: this is the
# only env the test broker process reads; never share state with prod.
#
# Usage on the test broker host:
#   set -a; source ./broker.test.env; set +a
#   agentkeys-broker-server --bind 127.0.0.1 --port 8091
#
# The systemd path (scripts/setup-broker-host.sh --issuer-url
# https://test-broker.${ZONE} ...) bakes equivalent Environment= lines
# into the unit. This file is the foreground / quickstart variant.

ACCOUNT_ID=429071895007
INSTANCE_ID=i-0135a8b2c53d14941
EIP=3.214.219.209

# Test data role — trust policy federated on the TEST OIDC provider
# (https://test-broker.litentry.org). Distinct ARN from prod's
# agentkeys-data-role.
BROKER_DATA_ROLE_ARN=arn:aws:iam::${ACCOUNT_ID}:role/agentkeys-data-role-test

BROKER_AWS_REGION=us-east-1

# Test OIDC issuer — registered as a separate IAM OIDC provider from
# prod's. AWS validates iss byte-for-byte against the provider URL.
BROKER_OIDC_ISSUER=https://test-broker.litentry.org

# ES256 keypair paths (generated on this test host; never copied off).
BROKER_OIDC_KEYPAIR_PATH=/home/ubuntu/.agentkeys/broker/oidc-keypair.json
BROKER_SESSION_KEYPAIR_PATH=/home/ubuntu/.agentkeys/broker/session-keypair.json

BROKER_AUTH_METHODS=wallet_sig,email_link
BROKER_AUDIT_ANCHORS=sqlite

# Email-link auth (SES test sender on the -test subdomain).
BROKER_EMAIL_SENDER=ses
BROKER_EMAIL_FROM_ADDRESS=noreply-test@bots-test.litentry.org

# DEV_KEY_SERVICE_MASTER_SECRET is NEVER set in this file — it lives in
# /etc/agentkeys/dev-key-service.env on the test broker, generated once
# by setup-broker-host.sh and preserved across re-runs.