Document environment for running in production mode

[jgadsden]

Describe what problem your feature request solves:
There was a recent bug report where it was unclear what environment is needed for running the Threat Dragon web application in production mode
This can be a cause of aggravation to the Threat Dragon community, so the docs should be updated

Describe the solution you'd like:
Expand the docs in page docs/configure/github.md to include environment for production, along the lines of

ENCRYPTION_JWT_REFRESH_SIGNING_KEY: xxxxxxx
ENCRYPTION_JWT_SIGNING_KEY: xxxxxxx
ENCRYPTION_KEYS: [{"isPrimary": true, "id": 0, "value": "xxxxxxx"}]
GITHUB_CLIENT_ID: xxxxxxx
GITHUB_CLIENT_SECRET: xxxxxxx
GITHUB_SCOPE: public_repo
NODE_ENV: production
PROTOCOL: https
SERVER_API_PROTOCOL: https

Additional context:
This was noted by @jblu42 in issue #1365

[jgadsden]

@jblu42 if you would like to work on this I can reserve it for you

[SuYaSh-PaThAk04]

hi @jgadsden

I'd like to take on this issue. The missing clarity around required environment variables for running Threat Dragon in production mode is definitely something we can improve in the docs, especially for docs/configure/github.md.

My plan to solve it:

Review the current production setup requirements in the codebase, focusing on environment variable usage for GitHub OAuth and encryption.

Confirm which variables are mandatory for production builds (e.g., ENCRYPTION_JWT_REFRESH_SIGNING_KEY, ENCRYPTION_JWT_SIGNING_KEY, ENCRYPTION_KEYS, GITHUB_CLIENT_ID, GITHUB_CLIENT_SECRET, NODE_ENV=production, PROTOCOL, SERVER_API_PROTOCOL, etc.).

Add a new section to the GitHub configuration page showing a sample production environment block, similar to what was suggested, with brief explanations of each key.

Ensure the addition aligns with existing documentation style and avoids exposing sensitive info.

Once done, I’ll open a PR for review.

Let me know if there are any extra detail

[jgadsden]

Hello @SuYaSh-PaThAk04 , clearly your comment is written by generative AI
Please see our contributing guide on the use of AI

[SuYaSh-PaThAk04]

Hello @SuYaSh-PaThAk04 , clearly your comment is written by generative AI Please see our contributing guide on the use of AI

Hi @jgadsden thanks for pointing that out — apologies for not following the contributing guide correctly.

I understand the project’s policy regarding AI usage, and I’ll make sure to comply with it going forward.

To restate in my own words: I’m interested in working on this issue. My approach would be to check how Threat Dragon reads production environment variables, verify which ones are required for GitHub auth and encryption, and then update docs/configure/github.md with a clear production example and brief explanations.

If that sounds reasonable, I’m happy to proceed or adjust based on your guidance.

[theanand108]

Hi @jgadsden - I have opened a PR that adds a short production environment section to docs/configure/github.md based on the variables listed here. Please let me know if you would like anything adjusted.

[jgadsden]

I have opened a PR that adds a short production environment section to docs/configure/github.md based on the variables listed here. Please let me know if you would like anything adjusted.

@theanand108 please follow the code of conduct and the contributing guidelines when submitting contributions