66 lines
2.6 KiB
Plaintext
66 lines
2.6 KiB
Plaintext
# ============================================================================
|
|
# K-Template Configuration
|
|
# ============================================================================
|
|
# Copy this file to .env and adjust values for your environment.
|
|
|
|
# ============================================================================
|
|
# Server
|
|
# ============================================================================
|
|
HOST=127.0.0.1
|
|
PORT=3000
|
|
|
|
# ============================================================================
|
|
# Database
|
|
# ============================================================================
|
|
# SQLite (default)
|
|
DATABASE_URL=sqlite:data.db?mode=rwc
|
|
|
|
# PostgreSQL (requires postgres feature flag)
|
|
# DATABASE_URL=postgres://user:password@localhost:5432/mydb
|
|
|
|
DB_MAX_CONNECTIONS=5
|
|
DB_MIN_CONNECTIONS=1
|
|
|
|
# ============================================================================
|
|
# Cookie Secret
|
|
# ============================================================================
|
|
# Used to encrypt the OIDC state cookie (CSRF token, PKCE verifier, nonce).
|
|
# Must be at least 64 characters in production.
|
|
COOKIE_SECRET=your-cookie-secret-key-must-be-at-least-64-characters-long-for-security!!
|
|
|
|
# Set to true when serving over HTTPS
|
|
SECURE_COOKIE=false
|
|
|
|
# ============================================================================
|
|
# JWT
|
|
# ============================================================================
|
|
# Must be at least 32 characters in production.
|
|
JWT_SECRET=your-jwt-secret-key-at-least-32-chars
|
|
|
|
# Optional: embed issuer/audience claims in tokens
|
|
# JWT_ISSUER=your-app-name
|
|
# JWT_AUDIENCE=your-app-audience
|
|
|
|
# Token lifetime in hours (default: 24)
|
|
JWT_EXPIRY_HOURS=24
|
|
|
|
# ============================================================================
|
|
# OIDC (optional — requires auth-oidc feature flag)
|
|
# ============================================================================
|
|
# OIDC_ISSUER=https://your-oidc-provider.com
|
|
# OIDC_CLIENT_ID=your-client-id
|
|
# OIDC_CLIENT_SECRET=your-client-secret
|
|
# OIDC_REDIRECT_URL=http://localhost:3000/api/v1/auth/callback
|
|
# OIDC_RESOURCE_ID=your-resource-id # optional audience claim to verify
|
|
|
|
# ============================================================================
|
|
# CORS
|
|
# ============================================================================
|
|
CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000
|
|
|
|
# ============================================================================
|
|
# Production Mode
|
|
# ============================================================================
|
|
# Set to true/production/1 to enforce minimum secret lengths and other checks.
|
|
PRODUCTION=false
|