-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
127 lines (99 loc) · 6.12 KB
/
.env.example
File metadata and controls
127 lines (99 loc) · 6.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# same for testnet and mainnet
# Copy to .env and fill in your values
# cp .env.example .env
ADMIN_TOKEN=use_a_strong_token_here # protects /admin/* routes
PLARTFORM_SUPPORT_EMAIL=support@vaultkeyio.com
# ── Server ────────────────────────────────────────────────────────────────────
PORT=8080
# ── Postgres ──────────────────────────────────────────────────────────────────
POSTGRES_PASSWORD=use_a_strong_password_here
# ── Redis ─────────────────────────────────────────────────────────────────────
REDIS_PASSWORD=use_a_strong_password_here
# ── Worker ────────────────────────────────────────────────────────────────────
WORKER_CONCURRENCY=10 # increase for higher throughput
WORKER_POLL_TIMEOUT_SEC=5
ALLOWED_ORIGINS=http://localhost:3000,http://localhost:5173 # comma-separated list of allowed CORS origins for cloud features; e.g. your frontend URL(s)
# ── KMS Provider ──────────────────────────────────────────────────────────────
# Choose one: vault | gcp | aws
# Default is vault. Only the section matching your provider needs to be filled in.
KMS_PROVIDER=vault
# ── Vault (KMS_PROVIDER=vault) ────────────────────────────────────────────────
# Used with docker-compose.yml (self-hosted, local dev)
# VAULT_ADDR is set automatically in docker-compose.yml — only override if
# running Vault outside of Docker.
# VAULT_ADDR=http://vault:8200
VAULT_MOUNT_PATH=transit
VAULT_KEY_NAME=vaultkey-master
# VAULT_TOKEN and VAULT_TOKEN_FILE are managed by docker-compose.yml automatically.
# Set VAULT_TOKEN directly only if running the binary outside of Docker.
# VAULT_TOKEN=your_root_token_here
# ── GCP Cloud KMS (KMS_PROVIDER=gcp) ─────────────────────────────────────────
# Used with docker-compose.gcp.yml
# Full resource name of the symmetric encryption key version:
# projects/{project}/locations/{location}/keyRings/{ring}/cryptoKeys/{key}/cryptoKeyVersions/{version}
# GCP_KMS_KEY_NAME=projects/my-project/locations/global/keyRings/vaultkey/cryptoKeys/vaultkey-master/cryptoKeyVersions/1
# Authentication — pick one, no file mounts required:
#
# Option A: Inline credentials (running outside GCP, e.g. your own server or laptop)
# Paste the entire contents of your service account key JSON as a single env var.
# Get the JSON from: GCP Console → IAM → Service Accounts → Keys → Add Key → JSON
# GOOGLE_APPLICATION_CREDENTIALS_JSON={"type":"service_account","project_id":"..."}
#
# Option B: Workload Identity (GKE, Cloud Run, GCE)
# Attach a service account to your compute resource in GCP console.
# Leave both credential vars unset — the SDK picks them up automatically.
# ── AWS KMS (KMS_PROVIDER=aws) ────────────────────────────────────────────────
# Used with docker-compose.aws.yml
# Accepts key ID, key ARN, alias name, or alias ARN.
# AWS_KMS_KEY_ID=arn:aws:kms:us-east-1:123456789012:key/your-key-id
# AWS_KMS_KEY_ID=alias/vaultkey-master
# AWS_REGION=us-east-1
# Leave these unset on EC2/ECS/EKS — the SDK picks up the instance role automatically.
# Only set for local development without an instance role.
# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# ── EVM RPC Endpoints ─────────────────────────────────────────────────────────
# Replace public RPCs with your own (Infura, Alchemy, QuickNode, etc.)
# for production — public endpoints are rate limited and unreliable.
# EVM_RPC_1=https://mainnet.infura.io/v3/YOUR_KEY # Ethereum
# EVM_RPC_137=https://polygon-mainnet.infura.io/v3/YOUR_KEY # Polygon
# EVM_RPC_42161=https://arbitrum-mainnet.infura.io/v3/YOUR_KEY # Arbitrum
# EVM_RPC_8453=https://base-mainnet.infura.io/v3/YOUR_KEY # Base
# EVM_RPC_10=https://optimism-mainnet.infura.io/v3/YOUR_KEY # Optimism
# ── Solana RPC ────────────────────────────────────────────────────────────────
# SOLANA_RPC_URL=https://mainnet.helius-rpc.com/?api-key=YOUR_KEY
# Cloud features (optional) — required only if you want to enable cloud features like user accounts and webhooks. If not enabled, these features are simply disabled and all related routes return 404.
# ENVIRONMENT=testnet
# ENABLE_CLOUD_FEATURES=true
# # Testnet limits
# TESTNET_MAX_PROJECTS=2
# TESTNET_MAX_MEMBERS=3
# TESTNET_MAX_API_KEYS=3
# CLERK_SECRET_KEY=sk_live_...
# CLERK_PUBLISHABLE_KEY=pk_live_...
# CLERK_WEBHOOK_SECRET=whsec_...
# Stripe keys (for billing features)
# STRIPE_SECRET_KEY=sk_live_...
# STRIPE_WEBHOOK_SECRET=whsec_...
# STRIPE_PUBLISHABLE_KEY=pk_live_...
# ENABLE_TEST_UI=true
# Email
# Required
EMAIL_FROM_ADDRESS=noreply@vaultkey.io
APP_BASE_URL=https://app.vaultkey.io
# Optional (defaults shown)
EMAIL_PROVIDER=noop # smtp | resend | noop
EMAIL_FROM_NAME=VaultKey
EMAIL_UNSUB_URL= # defaults to APP_BASE_URL/unsubscribe
EMAIL_NOOP_VERBOSE=true # log full email bodies in noop mode (dev)
PLATFORM_SUPPORT_EMAIL=
# SMTP (when EMAIL_PROVIDER=smtp)
SMTP_HOST=smtp.sendgrid.net
SMTP_PORT=587
SMTP_USERNAME=apikey
SMTP_PASSWORD=SG.xxx
SMTP_USE_TLS=false
# Resend (when EMAIL_PROVIDER=resend)
RESEND_API_KEY=re_xxx
#RPC
TATUM_API_KEY=