-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.dev.example
More file actions
51 lines (40 loc) · 1.58 KB
/
.env.dev.example
File metadata and controls
51 lines (40 loc) · 1.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# ─── Development mode ────────────────────────────────────────────────
DEBUG=true
# Database (ssl=require encrypts without cert verification — safe for self-signed dev certs)
DATABASE_URL=postgresql+asyncpg://identity:identity_dev@localhost:9001/identity?ssl=require
# Redis (rediss:// = TLS; password = sentinel_dev; CA cert trusts dev self-signed cert)
REDIS_URL=rediss://:sentinel_dev@localhost:9002/0
REDIS_TLS_CA_CERT=keys/tls/ca.crt
REDIS_TLS_VERIFY=none # "none" for self-signed dev certs, "required" in production
# JWT keys (auto-generated by `make setup`)
JWT_PRIVATE_KEY_PATH=keys/private.pem
JWT_PUBLIC_KEY_PATH=keys/public.pem
JWT_ALGORITHM=RS256
ACCESS_TOKEN_EXPIRE_MINUTES=15
REFRESH_TOKEN_EXPIRE_DAYS=7
# OAuth2 providers (fill in at least one to test login)
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
GITHUB_CLIENT_ID=
GITHUB_CLIENT_SECRET=
# Microsoft EntraID (optional)
ENTRA_CLIENT_ID=
ENTRA_CLIENT_SECRET=
ENTRA_TENANT_ID=
# Service
SERVICE_HOST=0.0.0.0
SERVICE_PORT=9003
# Public URL of the Sentinel auth service (used to build OAuth callback URLs)
BASE_URL=http://localhost:9003
# Public URL of the default frontend app
FRONTEND_URL=http://localhost:3000
# Session secret (auto-generated by `make setup`)
SESSION_SECRET_KEY=
# Base CORS origins (comma-separated)
# Client app redirect URIs are automatically added at runtime.
CORS_ORIGINS=http://localhost:3000,http://localhost:9004
# Security
COOKIE_SECURE=false
# Admin panel
ADMIN_URL=http://localhost:9004
ADMIN_EMAILS=