# ============================================================================= # MPC System - Environment Configuration # ============================================================================= # This file contains all environment variables needed for MPC System deployment. # # Setup Instructions: # 1. Copy this file: cp .env.example .env # 2. Update ALL values according to your production environment # 3. Generate secure random keys for secrets (see instructions below) # 4. Start services: ./deploy.sh up # # IMPORTANT: This file contains examples only! # In production, you MUST: # - Change ALL passwords and keys to secure random values # - Update ALLOWED_IPS to match your actual backend server IP # - Keep the .env file secure and NEVER commit it to version control # ============================================================================= # ============================================================================= # Environment Identifier # ============================================================================= # Options: development, staging, production ENVIRONMENT=production # ============================================================================= # PostgreSQL Database Configuration # ============================================================================= # Database user (can keep default or customize) POSTGRES_USER=mpc_user # Database password # SECURITY: Generate a strong password in production! # Example command: openssl rand -base64 32 POSTGRES_PASSWORD=change_this_to_secure_postgres_password # ============================================================================= # Redis Cache Configuration # ============================================================================= # Redis password (leave empty if Redis is only accessible within Docker network) # For production, consider setting a password for defense in depth # Example command: openssl rand -base64 24 REDIS_PASSWORD= # ============================================================================= # RabbitMQ Message Broker Configuration # ============================================================================= # RabbitMQ user (can keep default or customize) RABBITMQ_USER=mpc_user # RabbitMQ password # SECURITY: Generate a strong password in production! # Example command: openssl rand -base64 32 RABBITMQ_PASSWORD=change_this_to_secure_rabbitmq_password # ============================================================================= # JWT Configuration # ============================================================================= # JWT signing secret key (minimum 32 characters) # SECURITY: Generate a strong random key in production! # Example command: openssl rand -base64 48 JWT_SECRET_KEY=change_this_jwt_secret_key_to_random_value_min_32_chars # ============================================================================= # Cryptography Configuration # ============================================================================= # Master encryption key for encrypting stored key shares # MUST be exactly 64 hexadecimal characters (256-bit key) # SECURITY: Generate a secure random key in production! # Example command: openssl rand -hex 32 # WARNING: If you lose this key, encrypted shares cannot be recovered! CRYPTO_MASTER_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef # ============================================================================= # API Security Configuration # ============================================================================= # API authentication key for server-to-server communication # This key must match the MPC_API_KEY in your backend mpc-service configuration # SECURITY: Generate a strong random key and keep it synchronized! # Example command: openssl rand -base64 48 MPC_API_KEY=change_this_api_key_to_match_your_mpc_service_config # Allowed IP addresses (comma-separated list) # Only these IPs can access the MPC system APIs # IMPORTANT: In production, restrict this to your actual backend server IP(s)! # Examples: # Single IP: ALLOWED_IPS=192.168.1.111 # Multiple IPs: ALLOWED_IPS=192.168.1.111,192.168.1.112 # Local only: ALLOWED_IPS=127.0.0.1 # Allow all: ALLOWED_IPS= (empty, relies on API_KEY auth only - NOT RECOMMENDED for production) # # Default allows all IPs (protected by API_KEY authentication) # SECURITY WARNING: Change this in production to specific backend server IP(s)! ALLOWED_IPS=