-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
72 lines (54 loc) · 2.34 KB
/
.env.example
File metadata and controls
72 lines (54 loc) · 2.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
# Environment Configuration
# ----------------- Common Settings ------------------ #
# Possible values: development, production, testing
APP_ENVIRONMENT=development
PRODUCTION_BASE_URL=http://localhost:8000
DEVELOPMENT_BASE_URL=http://localhost:8000
### ----------------- Database Settings ----------------- ###
PRODUCTION_DATABASE_URL=postgresql://postgres:5432?sslmode=require
DEVELOPMENT_DATABASE_URL=postgresql://appuser:devpass@localhost:5433/appdb
PG_SUPERUSER=postgres
PG_DB=postgres
APP_DB=appdb
APP_DB_OWNER=appowner
APP_DB_USER=appuser
APP_DB_RO_USER=backupuser
### ----------------- Redis Settings ------------------ ###
DEVELOPMENT_REDIS_URL=redis://localhost:6380/0
PRODUCTION_REDIS_URL=redis://redis:6379/0
### ----------------- Temporal Settings ------------------ ###
DEVELOPMENT_TEMPORAL_URL=localhost:7234
PRODUCTION_TEMPORAL_URL=temporal:7233
TEMPORAL_DB_USER=temporaluser
TEMPORAL_DB_OWNER=temporalowner
TEMPORAL_DB=temporal
TEMPORAL_VIS_DB=temporal_visibility
### ----------------- OIDC Configuration ----------------- ###
# Global OIDC redirect URI (shared by all providers unless overridden)
OIDC_REDIRECT_URI=http://localhost:8000/auth/web/callback
# OIDC Provider Secrets
# ⚠️ NOTE: OIDC client secrets are NOT stored in .env files for security
# They will be prompted for during `secrets generate` command and stored in:
# - infra/secrets/keys/oidc_google_client_secret.txt
# - infra/secrets/keys/oidc_microsoft_client_secret.txt
# - infra/secrets/keys/oidc_keycloak_client_secret.txt
#
# Get credentials from:
# Google: https://console.cloud.google.com/apis/credentials
# Microsoft: https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps
# Keycloak (dev): use "test-client-secret" (matches docker-compose.dev.yml)
### ----------------- JWT Configuration ----------------- ###
# JWT Audiences (who the tokens are intended for)
JWT_AUDIENCE=api://default
JWT_AUDIENCE_SECONDARY=http://localhost:8000
# JWT Session Configuration
SESSION_SIGNING_SECRET=your-session-signing-secret-CHANGE_ME!
SESSION_MAX_AGE=3600 # Session max age in seconds
# CSRF Configuration
CSRF_SIGNING_SECRET=your-csrf-signing-secret-CHANGE_ME!
### ----------------- DEPLOYMENT CONFIGURATION ----------------- ###
# Deployment Configuration
FLY_IO_API_KEY=your-fly-io-api-key
FLY_APP_NAME=your-fly-app-name
FLY_ORG=your-fly-organization
FLY_REGION=iad