-
Notifications
You must be signed in to change notification settings - Fork 51
Expand file tree
/
Copy path.env.example
More file actions
128 lines (95 loc) · 5.93 KB
/
.env.example
File metadata and controls
128 lines (95 loc) · 5.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
# ── Stellar / Soroban ────────────────────────────────────────────────────────
# testnet | mainnet (default: testnet)
STELLAR_NETWORK=testnet
# Horizon REST API for the chosen network
HORIZON_URL=https://horizon-testnet.stellar.org
# Soroban RPC endpoint for contract simulation and submission
SOROBAN_RPC_URL=https://soroban-testnet.stellar.org
# Must exactly match the target network passphrase
STELLAR_NETWORK_PASSPHRASE=Test SDF Network ; September 2015
# ── Contract ─────────────────────────────────────────────────────────────────
# 56-char contract address starting with C — output of `make deploy`
VACCINATIONS_CONTRACT_ID=
# ── Backend auth ─────────────────────────────────────────────────────────────
# Secret key for admin contract invocations (starts with S)
ADMIN_SECRET_KEY=
# Public key matching ADMIN_SECRET_KEY (starts with G) — grants issuer role on login
ADMIN_PUBLIC_KEY=
# Dedicated secret key for signing SEP-10 challenges (starts with S)
SEP10_SERVER_KEY=
# SEP-10: home domain — used as the manage_data key prefix ('<HOME_DOMAIN> auth')
# Must match the domain in your stellar.toml (e.g. vaccichain.example.com)
HOME_DOMAIN=localhost
# SEP-10: domain of this auth server — included in the web_auth_domain manage_data operation
# May differ from HOME_DOMAIN when the auth server is on a subdomain
WEB_AUTH_DOMAIN=localhost
# Secret key for signing mint/revoke transactions (starts with S)
ISSUER_SECRET_KEY=
# JWT signing secret — min 32 chars recommended; rotate to invalidate sessions
JWT_SECRET=
# kid (key ID) for the current JWT signing key — increment on each rotation
JWT_KEY_ID=1
# Comma-separated list of previous JWT secrets still valid for verification
# during the transition window after a rotation. Remove entries once all
# tokens signed with those secrets have expired.
# Example: JWT_PREVIOUS_KEYS=oldSecret1,oldSecret2
JWT_PREVIOUS_KEYS=
# ── Backend server ────────────────────────────────────────────────────────────
# TCP port for the Express backend (default: 4000)
PORT=4000
# Maximum JSON request body size accepted by the API (default: 10kb)
BODY_LIMIT=10kb
# ── Rate limiting ─────────────────────────────────────────────────────────────
# Max SEP-10 challenge requests per IP per minute (default: 10)
RATE_LIMIT_SEP10=10
# Max public verify requests per IP per minute (default: 60)
RATE_LIMIT_VERIFY=60
# ── Brute-force protection ────────────────────────────────────────────────────
# Max failed /auth/verify attempts before blocking (default: 5)
BRUTE_FORCE_MAX_ATTEMPTS=5
# Sliding window for counting failures in milliseconds (default: 600000 = 10 min)
BRUTE_FORCE_WINDOW_MS=600000
# How long a blocked IP/wallet stays blocked in milliseconds (default: 900000 = 15 min)
BRUTE_FORCE_BLOCK_MS=900000
# ── Audit log ─────────────────────────────────────────────────────────────────
# Path to append-only NDJSON audit log (default: ./audit.log)
AUDIT_LOG_PATH=./audit.log
# ── Python analytics service ──────────────────────────────────────────────────
# TCP port for the FastAPI analytics service (default: 8001)
ANALYTICS_PORT=8001
# Base URL the analytics service uses to reach the backend (default set by Compose)
BACKEND_URL=http://backend:4000
# API key required to access protected analytics endpoints (rates, issuers, anomalies)
# Generate with: openssl rand -hex 32
ANALYTICS_API_KEY=
# ── Backup service ────────────────────────────────────────────────────────────
# S3 Bucket for analytics DB backup
S3_BUCKET_NAME=
# AWS Credentials for S3 access
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_REGION=us-east-1
# Number of days to retain backups
RETENTION_DAYS=30
DEMO_ISSUER_SECRET=
ADMIN_SECRET=
# ── Secrets Management (Production) ───────────────────────────────────────────
# Enable AWS Secrets Manager for production (default: false)
USE_AWS_SECRETS=false
# AWS Secrets Manager secret name/ARN containing all secrets
# Example: arn:aws:secretsmanager:us-east-1:123456789012:secret:vaccichain/prod/stellar
AWS_SECRET_NAME=
# AWS region for Secrets Manager (default: us-east-1)
AWS_REGION=us-east-1
# ── Admin multi-signature ─────────────────────────────────────────────────────
# Number of approvals required for critical admin operations (default: 2)
MULTISIG_THRESHOLD=2
# Comma-separated list of wallet addresses authorised to approve proposals.
# Leave empty to allow any admin-role JWT holder to approve.
# Example: MULTISIG_KEY_HOLDERS=GABC...,GDEF...,GHIJ...
MULTISIG_KEY_HOLDERS=
# How long a pending proposal stays valid in milliseconds (default: 3600000 = 1 hour)
MULTISIG_PROPOSAL_TTL_MS=3600000
# Set to 'false' to waive consent requirement (e.g. jurisdiction config).
# Default: true (consent required before minting)
REQUIRE_PATIENT_CONSENT=true