flowker/.env.example at main · LerianStudio/flowker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# DEFAULT local
ENV_NAME=development

# DEPLOYMENT MODE
# Controls TLS enforcement for database connections:
#   - saas: TLS MANDATORY for all DB connections (hard-fail at startup without TLS)
#   - byoc: TLS recommended but not hard-enforced (customer-hosted)
#   - local: TLS optional (developer workstation, default if unset)
DEPLOYMENT_MODE=local

# APP
SERVER_PORT=4021
VERSION=v1.0.0
SERVER_ADDRESS=:${SERVER_PORT}

# MONGODB REPLICA SET
MONGO_ROOT_USER=root
MONGO_ROOT_PASSWORD=<CHANGE_ME>
MONGO_APP_USER=flowker
MONGO_APP_PASSWORD=<CHANGE_ME>
MONGO_DB_NAME=flowker
MONGO_PORT=27017
MONGO_SECONDARY1_PORT=27018
MONGO_SECONDARY2_PORT=27019
MONGO_HOST=flowker-mongodb-primary
MONGO_SECONDARY1_HOST=flowker-mongodb-secondary1
MONGO_SECONDARY2_HOST=flowker-mongodb-secondary2
MONGO_REPLICA_SET=rs0
MONGO_MAX_POOL_SIZE=10
# Base64-encoded PEM CA certificate for TLS connections (e.g., AWS DocumentDB).
# Leave empty to disable TLS CA validation.
MONGO_TLS_CA_CERT=
# Note: Variable interpolation may not work in all env loaders.
# Construct URI in application or update manually based on hosts/ports above.
MONGO_URI=mongodb://${MONGO_APP_USER}:${MONGO_APP_PASSWORD}@${MONGO_HOST}:${MONGO_PORT},${MONGO_SECONDARY1_HOST}:${MONGO_SECONDARY1_PORT},${MONGO_SECONDARY2_HOST}:${MONGO_SECONDARY2_PORT}/${MONGO_DB_NAME}?replicaSet=${MONGO_REPLICA_SET}&authSource=${MONGO_DB_NAME}

# AUDIT DATABASE (PostgreSQL)
AUDIT_DB_HOST=flowker-audit-postgres
AUDIT_DB_PORT=5432
AUDIT_DB_USER=flowker_audit
AUDIT_DB_PASSWORD=<CHANGE_ME>
AUDIT_DB_NAME=flowker_audit
AUDIT_DB_SSL_MODE=disable
AUDIT_MIGRATIONS_PATH=./migrations

# SWAGGER
SWAGGER_TITLE="Flowker API"
SWAGGER_DESCRIPTION="Workflow orchestration platform for financial validation"
SWAGGER_VERSION=${VERSION}
SWAGGER_HOST=localhost:${SERVER_PORT}
SWAGGER_BASE_PATH=/
SWAGGER_SCHEMES=http
SWAGGER_LEFT_DELIM={{
SWAGGER_RIGHT_DELIM=}}

# API KEY AUTHENTICATION (fallback when Access Manager is disabled)
API_KEY=<CHANGE_ME>
API_KEY_ENABLED=false

# ACCESS MANAGER (PLUGIN AUTH)
PLUGIN_AUTH_ENABLED=false
PLUGIN_AUTH_ADDRESS=

# CORS
CORS_ALLOWED_ORIGINS=*

# FEATURE FLAGS
FAULT_INJECTION_ENABLED=false
SKIP_LIB_COMMONS_TELEMETRY=false
# Allow SSRF to private IPs (localhost providers in dev). NEVER enable in production.
SSRF_ALLOW_PRIVATE=false

# MULTI-TENANT CONFIGURATION
# When MULTI_TENANT_ENABLED=true, database connections are resolved per-tenant via Tenant Manager.
# When MULTI_TENANT_ENABLED=false (default), single-tenant mode with static connections.
MULTI_TENANT_ENABLED=false
# Tenant Manager API URL (required when MULTI_TENANT_ENABLED=true)
MULTI_TENANT_URL=
# API key for Tenant Manager /settings endpoint (required when MULTI_TENANT_ENABLED=true)
MULTI_TENANT_SERVICE_API_KEY=
# Redis configuration for Pub/Sub event-driven tenant discovery
MULTI_TENANT_REDIS_HOST=
MULTI_TENANT_REDIS_PORT=6379
MULTI_TENANT_REDIS_PASSWORD=
MULTI_TENANT_REDIS_TLS=false
# Connection pool settings
MULTI_TENANT_MAX_TENANT_POOLS=100
MULTI_TENANT_IDLE_TIMEOUT_SEC=300
MULTI_TENANT_CONNECTIONS_CHECK_INTERVAL_SEC=30
# HTTP client and cache settings
MULTI_TENANT_TIMEOUT=30
MULTI_TENANT_CACHE_TTL_SEC=120
# Circuit breaker settings for Tenant Manager client
MULTI_TENANT_CIRCUIT_BREAKER_THRESHOLD=5
MULTI_TENANT_CIRCUIT_BREAKER_TIMEOUT_SEC=30

# LOG LEVEL
LOG_LEVEL=debug

# OPEN TELEMETRY
OTEL_RESOURCE_SERVICE_NAME=flowker
OTEL_LIBRARY_NAME=github.com/LerianStudio/flowker
OTEL_RESOURCE_SERVICE_VERSION=${VERSION}
OTEL_RESOURCE_DEPLOYMENT_ENVIRONMENT=${ENV_NAME}
OTEL_EXPORTER_OTLP_ENDPOINT_PORT=4317
OTEL_EXPORTER_OTLP_ENDPOINT=flowker-otel-lgtm:${OTEL_EXPORTER_OTLP_ENDPOINT_PORT}
ENABLE_TELEMETRY=false