-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
107 lines (94 loc) · 4.05 KB
/
.env.example
File metadata and controls
107 lines (94 loc) · 4.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# ShadowCheck Environment Configuration
# Copy this file to .env only when you need to override defaults.
# Local Docker development does not need a .env file unless you want to change
# ports, credentials source, or other non-secret settings.
# For host-based local overrides, prefer .env.local (see .env.local.example).
# Database Configuration
# Local Docker example:
# - docker compose uses DB_HOST=postgres by default
# - local compose PostgreSQL can use a shell-provided DB_PASSWORD / DB_ADMIN_PASSWORD
# or fetch them from AWS Secrets Manager
# Host-based local example:
# - if the backend runs on your host instead of Docker, override DB_HOST=localhost
# Production EC2 example:
# - DB_HOST=34.204.161.164
# - DB_PASSWORD / DB_ADMIN_PASSWORD come from AWS Secrets Manager in production
DB_USER=shadowcheck_user
DB_ADMIN_USER=shadowcheck_admin
# DB_HOST=postgres
# DB_HOST=localhost
# DB_HOST=34.204.161.164
DB_NAME=shadowcheck_db
DB_PORT=5432
# Server Configuration
PORT=3001
NODE_ENV=development
# API gate (set true to require auth on core API groups mounted in routeMounts)
API_GATE_ENABLED=true
# HTTPS (optional, for production)
FORCE_HTTPS=false
# SSL for PostgreSQL connections
# DB_SSL=true # Enable TLS for all DB pools
# DB_SSL_CA=/path/to/rds-ca-bundle.pem # PEM CA cert (recommended for RDS/production)
# DB_SSL_REJECT_UNAUTHORIZED=false # Set ONLY if using self-signed certs in a trusted environment
# CORS Origins (comma-separated)
CORS_ORIGINS=http://localhost:3001,http://127.0.0.1:3001
# Threat Detection
THREAT_THRESHOLD=40
MIN_OBSERVATIONS=2
# Admin Docker Controls (optional)
# ADMIN_ALLOW_DOCKER=true
# PGADMIN_COMPOSE_FILE=/absolute/path/to/docker/infrastructure/docker-compose.postgres.yml
# ============================================================================
# SECRETS MANAGEMENT
# ============================================================================
# Production source of truth: AWS Secrets Manager (`shadowcheck/config` by default)
# Local Docker options:
# 1. Preferred: mount your host ~/.aws into the API container read-only and set
# AWS_PROFILE / AWS_REGION in your shell before `docker compose up`
# 2. Alternative: pass AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY /
# AWS_SESSION_TOKEN directly into the API container environment
# 3. Local-only mocks: export DB_PASSWORD / DB_ADMIN_PASSWORD / MAPBOX_TOKEN /
# OPENCAGE_API_KEY in your shell before `docker compose up`
# Do not commit secrets to .env files.
# ============================================================================
# Required local mock/override secrets (only when not using AWS Secrets Manager)
# DB_PASSWORD=local_dev_db_password
# DB_ADMIN_PASSWORD=local_dev_admin_password
# MAPBOX_TOKEN=pk.your_mapbox_token_here
# OPENCAGE_API_KEY=your_opencage_api_key_here
# Optional secrets (for enhanced features)
# API_KEY=your_secret_api_key_here
# Mobile ingest API authentication key
SHADOWCHECK_API_KEY=
# WIGLE_API_KEY=your_wigle_api_key
# WIGLE_API_TOKEN=your_wigle_api_token
# LOCATIONIQ_API_KEY=your_locationiq_key
# OPENCAGE_API_KEY=your_opencage_key
# SMARTY_AUTH_ID=your_smarty_auth_id
# SMARTY_AUTH_TOKEN=your_smarty_auth_token
# Common secret keys in AWS Secrets Manager:
# - db_password
# - db_admin_password
# - mapbox_token
# - opencage_api_key
# - google_maps_api_key
# - locationiq_api_key
# - smarty_auth_id
# - smarty_auth_token
# ============================================================================
# VITE FRONTEND ENVIRONMENT VARIABLES
# ============================================================================
# These variables are used by the Vite frontend and must be prefixed with VITE_
# Copy these to .env.local for local development
#
# VITE_MAPBOX_TOKEN=your_mapbox_token_here
# VITE_API_BASE=http://localhost:3001
# VITE_DEV_MODE=true
# VITE_DEMO_MODE=true
# ============================================================================
# BACKGROUND JOBS
# ============================================================================
# ENABLE_BACKGROUND_JOBS=true
# BACKUP_CRON=0 3 * * *
# MV_REFRESH_CRON=30 4 * * *