forked from openwallet-foundation/eudiplo
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
74 lines (64 loc) · 2.93 KB
/
Copy path.env.example
File metadata and controls
74 lines (64 loc) · 2.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# EUDIPLO Configuration Example
#
# For quick demo setup, you can use this file with default values.
# The application will warn you when using demo credentials.
PUBLIC_URL=http://localhost:3000
# Logging configuration
LOG_LEVEL=info
# Enable specific logger contexts (comma-separated)
LOG_ENABLE_SESSION_LOGGER=false
# Store session logs in database: off | errors | all | verbose
LOG_SESSION_STORE=off
# Enable HTTP request/response logging
LOG_ENABLE_HTTP_LOGGER=false
# Database Migration Configuration
# Run migrations automatically on startup (default: true)
# Set to false if you want to run migrations manually
#DB_MIGRATIONS_RUN=true
# Enable schema synchronization (default: false)
# WARNING: Only use DB_SYNCHRONIZE=true for development or fresh installs
# For production upgrades, always use migrations instead
#DB_SYNCHRONIZE=false
# TLS/HTTPS Configuration
# Enable built-in TLS support (set to 'true' to enable)
# When enabled, the service will serve HTTPS directly without needing a reverse proxy
#TLS_ENABLED=false
# Path to the TLS certificate file (PEM format)
#TLS_CERT_PATH=/path/to/cert.pem
# Path to the TLS private key file (PEM format)
#TLS_KEY_PATH=/path/to/key.pem
# Optional: Path to CA certificate chain for client verification (PEM format)
#TLS_CA_PATH=/path/to/ca.pem
# Optional: Passphrase for encrypted private key files
#TLS_KEY_PASSPHRASE=your-key-passphrase
# Integrated OAuth2 server configuration
# ⚠️ REQUIRED - These have no defaults, application will fail without them!
# Generate MASTER_SECRET: openssl rand -base64 32
#
MASTER_SECRET=your-secret-key-here-minimum-32-characters
AUTH_CLIENT_ID=your-client-id
AUTH_CLIENT_SECRET=your-secure-secret
# Encryption at Rest: Key Source
# Default 'env' derives key from MASTER_SECRET (dev only)
# For production, use vault/aws/azure so key is only in RAM (not env vars)
# See docs: docs/architecture/database.md#encryption-key-sources
#ENCRYPTION_KEY_SOURCE=env
# External OIDC provider configuration (e.g., Keycloak)
# Uncomment and configure these to use external OIDC provider
#OIDC=true
#OIDC_INTERNAL_ISSUER_URL=https://your-keycloak.example.com/realms/your-realm
# OpenTelemetry Configuration
# OTLP endpoint for exporting traces, metrics, and logs.
# When running the monitor stack locally: http://localhost:4318
# When running inside Docker Compose: http://otel-collector:4318
#OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318
# Set to true to completely disable the OpenTelemetry SDK (e.g., local dev without collector)
#OTEL_SDK_DISABLED=true
# Grafana Deep Links (optional)
# Set GRAFANA_URL to enable deep links from the dashboard to Grafana for logs and traces.
# The datasource UIDs default to "tempo" and "loki" (matching the provisioned datasources).
#GRAFANA_URL=http://localhost:3001
#GRAFANA_DATASOURCE_TEMPO_UID=tempo
#GRAFANA_DATASOURCE_LOKI_UID=loki
# If set, HTML base href will be configured to this value (e.g., for reverse proxy setups).
# CLIENT_BASE_HREF=/your-base-path/