94 lines
4.5 KiB
Plaintext
94 lines
4.5 KiB
Plaintext
# =============================================================================
|
|
# MPC System - Environment Configuration
|
|
# =============================================================================
|
|
# This file contains all environment variables needed for MPC System deployment.
|
|
#
|
|
# Setup Instructions:
|
|
# 1. Copy this file: cp .env.example .env
|
|
# 2. Update ALL values according to your production environment
|
|
# 3. Generate secure random keys for secrets (see instructions below)
|
|
# 4. Start services: ./deploy.sh up
|
|
#
|
|
# IMPORTANT: This file contains examples only!
|
|
# In production, you MUST:
|
|
# - Change ALL passwords and keys to secure random values
|
|
# - Update ALLOWED_IPS to match your actual backend server IP
|
|
# - Keep the .env file secure and NEVER commit it to version control
|
|
# =============================================================================
|
|
|
|
# =============================================================================
|
|
# Environment Identifier
|
|
# =============================================================================
|
|
# Options: development, staging, production
|
|
ENVIRONMENT=production
|
|
|
|
# =============================================================================
|
|
# PostgreSQL Database Configuration
|
|
# =============================================================================
|
|
# Database user (can keep default or customize)
|
|
POSTGRES_USER=mpc_user
|
|
|
|
# Database password
|
|
# SECURITY: Generate a strong password in production!
|
|
# Example command: openssl rand -base64 32
|
|
POSTGRES_PASSWORD=change_this_to_secure_postgres_password
|
|
|
|
# =============================================================================
|
|
# Redis Cache Configuration
|
|
# =============================================================================
|
|
# Redis password (leave empty if Redis is only accessible within Docker network)
|
|
# For production, consider setting a password for defense in depth
|
|
# Example command: openssl rand -base64 24
|
|
REDIS_PASSWORD=
|
|
|
|
# =============================================================================
|
|
# RabbitMQ Message Broker Configuration
|
|
# =============================================================================
|
|
# RabbitMQ user (can keep default or customize)
|
|
RABBITMQ_USER=mpc_user
|
|
|
|
# RabbitMQ password
|
|
# SECURITY: Generate a strong password in production!
|
|
# Example command: openssl rand -base64 32
|
|
RABBITMQ_PASSWORD=change_this_to_secure_rabbitmq_password
|
|
|
|
# =============================================================================
|
|
# JWT Configuration
|
|
# =============================================================================
|
|
# JWT signing secret key (minimum 32 characters)
|
|
# SECURITY: Generate a strong random key in production!
|
|
# Example command: openssl rand -base64 48
|
|
JWT_SECRET_KEY=change_this_jwt_secret_key_to_random_value_min_32_chars
|
|
|
|
# =============================================================================
|
|
# Cryptography Configuration
|
|
# =============================================================================
|
|
# Master encryption key for encrypting stored key shares
|
|
# MUST be exactly 64 hexadecimal characters (256-bit key)
|
|
# SECURITY: Generate a secure random key in production!
|
|
# Example command: openssl rand -hex 32
|
|
# WARNING: If you lose this key, encrypted shares cannot be recovered!
|
|
CRYPTO_MASTER_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
|
|
|
|
# =============================================================================
|
|
# API Security Configuration
|
|
# =============================================================================
|
|
# API authentication key for server-to-server communication
|
|
# This key must match the MPC_API_KEY in your backend mpc-service configuration
|
|
# SECURITY: Generate a strong random key and keep it synchronized!
|
|
# Example command: openssl rand -base64 48
|
|
MPC_API_KEY=change_this_api_key_to_match_your_mpc_service_config
|
|
|
|
# Allowed IP addresses (comma-separated list)
|
|
# Only these IPs can access the MPC system APIs
|
|
# IMPORTANT: In production, restrict this to your actual backend server IP(s)!
|
|
# Examples:
|
|
# Single IP: ALLOWED_IPS=192.168.1.111
|
|
# Multiple IPs: ALLOWED_IPS=192.168.1.111,192.168.1.112
|
|
# Local only: ALLOWED_IPS=127.0.0.1
|
|
# Allow all: ALLOWED_IPS= (empty, relies on API_KEY auth only - NOT RECOMMENDED for production)
|
|
#
|
|
# Default allows all IPs (protected by API_KEY authentication)
|
|
# SECURITY WARNING: Change this in production to specific backend server IP(s)!
|
|
ALLOWED_IPS=
|