|
| 1 | +# CUDly local development env template |
| 2 | +# |
| 3 | +# Copy this file to `.env.local` (already in .gitignore) and fill in |
| 4 | +# the placeholders. Loaded by: load-env.sh / your IDE / `direnv` — |
| 5 | +# CUDly itself reads these via os.Getenv at runtime. |
| 6 | +# |
| 7 | +# All values here are PLACEHOLDERS. Never commit real secrets to .env* |
| 8 | +# files; the .gitignore at the repo root already excludes everything |
| 9 | +# matching `.env*` except this template. |
| 10 | + |
| 11 | +# --------------------------------------------------------------------- |
| 12 | +# Required: secrets resolver |
| 13 | +# --------------------------------------------------------------------- |
| 14 | +# SECRET_PROVIDER selects which cloud secret store the resolver fetches |
| 15 | +# from. For local dev the default `env` provider returns env-var values |
| 16 | +# directly, which is fine because nothing is encrypted. |
| 17 | +# aws | gcp | azure | env |
| 18 | +SECRET_PROVIDER=env |
| 19 | + |
| 20 | +# --------------------------------------------------------------------- |
| 21 | +# Required: credential encryption key |
| 22 | +# --------------------------------------------------------------------- |
| 23 | +# In production exactly ONE of the per-cloud secret refs is set; the |
| 24 | +# Go side reads them in priority order (ARN → NAME → ID → raw KEY). |
| 25 | +# For local dev set CREDENTIAL_ENCRYPTION_ALLOW_DEV_KEY=1 to use the |
| 26 | +# all-zero dev key without touching a Secrets Manager / Key Vault. |
| 27 | +CREDENTIAL_ENCRYPTION_ALLOW_DEV_KEY=1 |
| 28 | + |
| 29 | +# CREDENTIAL_ENCRYPTION_KEY_SECRET_ARN=arn:aws:secretsmanager:us-east-1:000000000000:secret:cudly-cred-enc-key-PLACEHOLDER |
| 30 | +# CREDENTIAL_ENCRYPTION_KEY_SECRET_NAME=cudly-credential-encryption-key |
| 31 | +# CREDENTIAL_ENCRYPTION_KEY_SECRET_ID=cudly-credential-encryption-key |
| 32 | +# CREDENTIAL_ENCRYPTION_KEY=<64-hex-chars> |
| 33 | + |
| 34 | +# --------------------------------------------------------------------- |
| 35 | +# Required for production: admin auth + API |
| 36 | +# --------------------------------------------------------------------- |
| 37 | +ADMIN_EMAIL=admin@example.com |
| 38 | +# ADMIN_PASSWORD_SECRET=arn:aws:secretsmanager:us-east-1:000000000000:secret:cudly-admin-password-PLACEHOLDER |
| 39 | +# API_KEY_SECRET_ARN=arn:aws:secretsmanager:us-east-1:000000000000:secret:cudly-api-key-PLACEHOLDER |
| 40 | + |
| 41 | +# --------------------------------------------------------------------- |
| 42 | +# Optional: web frontend / CORS / dashboard |
| 43 | +# --------------------------------------------------------------------- |
| 44 | +DASHBOARD_URL=http://localhost:3000 |
| 45 | +CORS_ALLOWED_ORIGIN=http://localhost:3000 |
| 46 | +# ENABLE_DASHBOARD=true |
| 47 | +# DASHBOARD_BUCKET=cudly-dashboard-PLACEHOLDER |
| 48 | + |
| 49 | +# --------------------------------------------------------------------- |
| 50 | +# Optional: PostgreSQL (lazy — unset to skip) |
| 51 | +# --------------------------------------------------------------------- |
| 52 | +# DB_HOST=localhost |
| 53 | +# DB_PORT=5432 |
| 54 | +# DB_USER=cudly |
| 55 | +# DB_NAME=cudly |
| 56 | +# DB_PASSWORD_SECRET=arn:aws:secretsmanager:us-east-1:000000000000:secret:cudly-db-PLACEHOLDER |
| 57 | +# CUDLY_MIGRATION_TIMEOUT=2m |
| 58 | + |
| 59 | +# --------------------------------------------------------------------- |
| 60 | +# Optional: cloud-provider profiles for multi-cloud onboarding |
| 61 | +# --------------------------------------------------------------------- |
| 62 | +# AWS_CONFIG_FILE=$HOME/.aws/config |
| 63 | +# AZURE_TENANT_ID=00000000-0000-0000-0000-000000000000 |
| 64 | +# AZURE_CLIENT_ID=00000000-0000-0000-0000-000000000000 |
| 65 | +# AZURE_SUBSCRIPTION_ID=00000000-0000-0000-0000-000000000000 |
| 66 | +# AZURE_KEY_VAULT_URL=https://cudly-vault-placeholder.vault.azure.net/ |
| 67 | +# GCP_PROJECT_ID=cudly-placeholder |
| 68 | +# AWS_REGION=us-east-1 |
| 69 | + |
| 70 | +# --------------------------------------------------------------------- |
| 71 | +# Optional: SES / Azure ACS / SendGrid email config |
| 72 | +# --------------------------------------------------------------------- |
| 73 | +# EMAIL_ADDRESS=noreply@cudly.example |
| 74 | +# AZURE_SMTP_HOST=smtp.azurecomm.net |
| 75 | +# AZURE_SMTP_USERNAME_SECRET=arn:aws:secretsmanager:us-east-1:000000000000:secret:cudly-smtp-user-PLACEHOLDER |
| 76 | +# AZURE_SMTP_PASSWORD_SECRET=arn:aws:secretsmanager:us-east-1:000000000000:secret:cudly-smtp-pass-PLACEHOLDER |
| 77 | + |
| 78 | +# --------------------------------------------------------------------- |
| 79 | +# Optional: tunables |
| 80 | +# --------------------------------------------------------------------- |
| 81 | +# CUDLY_RECOMMENDATION_CACHE_TTL=15m |
| 82 | +# CUDLY_MAX_ACCOUNT_PARALLELISM=8 |
| 83 | +# DEFAULT_PAYMENT_OPTION=no-upfront |
| 84 | +# DEFAULT_RAMP_SCHEDULE=quarterly |
| 85 | +# ENVIRONMENT=local |
0 commit comments