# ============================================================================= # MPC-System Production Central Configuration # ============================================================================= # Copy to .env.prod and configure for your environment # # Usage: # cp .env.prod.example .env.prod # # Edit .env.prod with your values # ./deploy.sh prod up # ============================================================================= # Environment ENVIRONMENT=production # ============================================================================= # Database Configuration # ============================================================================= POSTGRES_USER=mpc_user POSTGRES_PASSWORD=your_secure_postgres_password_here # ============================================================================= # Security Keys (IMPORTANT: Generate unique values!) # ============================================================================= # Generate with: openssl rand -base64 32 JWT_SECRET_KEY=your_jwt_secret_key_here_min_32_chars # API Key for backend integration (shared with mpc-service) # Generate with: openssl rand -base64 32 MPC_API_KEY=your_api_key_here # Master key for encrypting key shares (64 hex characters = 256-bit) # Generate with: openssl rand -hex 32 CRYPTO_MASTER_KEY=your_64_character_hex_master_key_here # ============================================================================= # Public Ports (must be accessible from server-parties) # ============================================================================= # Message Router gRPC - parties connect here MESSAGE_ROUTER_GRPC_PORT=50051 MESSAGE_ROUTER_HTTP_PORT=8082 # Session Coordinator gRPC - parties connect here SESSION_COORDINATOR_GRPC_PORT=50052 SESSION_COORDINATOR_HTTP_PORT=8081 # Account Service HTTP - backend API ACCOUNT_SERVICE_PORT=4000 # Server Party API (optional) SERVER_PARTY_API_PORT=8083 # ============================================================================= # IP Whitelist (optional) # ============================================================================= # Comma-separated list of IPs allowed to access Account Service API # Leave empty to allow all (protected by API_KEY) ALLOWED_IPS=