forked from StarkMindsHQ/StrellerMinds-Backend
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
251 lines (214 loc) · 8.31 KB
/
.env.example
File metadata and controls
251 lines (214 loc) · 8.31 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
# WARNING: Never commit real credentials to version control.
# Copy this file to .env and fill in your actual values.
# Use a secrets manager (e.g., AWS Secrets Manager, Vault) in production.
DATABASE_HOST=localhost
DATABASE_PORT=5432
DATABASE_USER=your_database_user_here
DATABASE_PASSWORD=your_database_password_here
DATABASE_NAME=your_database_name_here
# JWT Configuration
JWT_SECRET=secure_placeholder_32_characters_minimum_1
JWT_REFRESH_SECRET=secure_placeholder_32_characters_minimum_2
JWT_EXPIRES_IN=15m
JWT_REFRESH_EXPIRES_IN=7d
JWT_EMAIL_EXPIRES_IN=24h
JWT_PASSWORD_RESET_EXPIRES_IN=1h
# Email Configuration
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=your_email@gmail.com
SMTP_PASS=your_app_password
SMTP_FROM=noreply@strellerminds.com
# Rate Limiting
RATE_LIMIT_TTL=60000
RATE_LIMIT_MAX=10
# File Uploads
UPLOAD_DIR=./uploads
# Cloudinary Configuration
CLOUDINARY_CLOUD_NAME=your_cloud_name
CLOUDINARY_API_KEY=your_api_key
CLOUDINARY_API_SECRET=your_api_secret
# Stellar Soroban Configuration
# SECURITY: Never commit real credentials. Use a secrets manager in production.
SOROBAN_RPC_URL=https://soroban-testnet.stellar.org
STELLAR_NETWORK=TESTNET
CREDENTIAL_CONTRACT_ID=<your_contract_id_here>
# Key Management - CRITICAL SECURITY NOTICE
# ⚠️ NEVER use production keys in development environments
# ⚠️ Store keys in a secure key management service (AWS Secrets Manager, HashiCorp Vault, etc.)
# ⚠️ Use separate key pairs for different environments (dev, staging, prod)
# ⚠️ Rotate keys regularly and monitor for unauthorized access
# ⚠️ For testnet: Generate test keys at https://laboratory.stellar.org
#
# STELLAR BLOCKCHAIN SECURITY BEST PRACTICES
# =====================================================
# 1. NEVER commit real secret keys to version control
# 2. Use a secrets manager: AWS Secrets Manager, HashiCorp Vault, Azure Key Vault
# 3. Generate separate key pairs for each environment (dev, staging, prod)
# 4. Implement key rotation policies (recommended: every 90 days)
# 5. Monitor key usage and set up alerts for unauthorized access
# 6. Use hardware security modules (HSM) for production when possible
# 7. Implement multi-signature schemes for high-value operations
# 8. For testnet development: https://laboratory.stellar.org
# 9. Regular security audits of key storage and access patterns
# 10. Have a key compromise response plan in place
#
# Key Format: S + 55 uppercase alphanumeric characters (56 total)
# Example (DO NOT USE): SABCDEFGHIJKLMNOPQRSTUVWXYZ234567ABCDEFGHIJKLMNOPQRSTUV
#
# Security Validation: The application validates key format on startup.
# If you see validation errors, ensure you're using a properly formatted key from a secure source.
SIGNER_SECRET_KEY=<STEWARD_SECRET_KEY_PLACEHOLDER_REPLACE_IN_PRODUCTION>
# Connection Pool Settings
DATABASE_POOL_MAX=10
DATABASE_POOL_MIN=1
DATABASE_IDLE_TIMEOUT=30000
# Retry Mechanism
DATABASE_RETRY_ATTEMPTS=5
DATABASE_RETRY_DELAY=3000
# Backup Configuration
BACKUP_DIR=./backups
BACKUP_RETENTION_DAYS=30
BACKUP_MONTHLY_RETENTION_MONTHS=12
BACKUP_VERIFICATION_ENABLED=true
# Backup Encryption
BACKUP_ENCRYPTION_ENABLED=true
BACKUP_ENCRYPTION_KEY=your-32-byte-base64-encoded-encryption-key-here
# Backup Cloud Storage (S3)
BACKUP_CLOUD_UPLOAD_ENABLED=true
AWS_BACKUP_BUCKET=strellerminds-backups
AWS_BACKUP_REPLICA_BUCKET=strellerminds-backups-replica
AWS_BACKUP_REPLICA_REGION=us-west-2
BACKUP_CROSS_REGION_REPLICATION=true
# Backup Retention Policies
BACKUP_DAILY_RETENTION_DAYS=30
BACKUP_WEEKLY_RETENTION_WEEKS=12
BACKUP_MONTHLY_RETENTION_MONTHS=12
BACKUP_YEARLY_RETENTION_YEARS=7
# Backup Scheduling
BACKUP_SCHEDULING_ENABLED=true
# Recovery Testing
BACKUP_RECOVERY_TEST_ENABLED=true
BACKUP_RECOVERY_TEST_DATABASE=strellerminds_recovery_test
# Backup Alerts
BACKUP_ALERT_ON_SUCCESS=false
BACKUP_ALERT_ON_FAILURE=true
BACKUP_ALERT_ON_RECOVERY_TEST=true
BACKUP_STORAGE_WARNING_THRESHOLD_GB=500
# Logging Configuration
LOG_LEVEL=info
LOG_FORMAT=json
LOG_FILE_ENABLED=true
LOG_FILE_PATH=logs/app-%DATE%.log
LOG_FILE_MAX_SIZE=20m
LOG_FILE_MAX_FILES=14
LOG_CONSOLE_ENABLED=true
LOG_CONSOLE_COLORIZE=true
LOG_ERROR_FILE_ENABLED=true
LOG_ERROR_FILE_PATH=logs/error-%DATE%.log
LOG_ERROR_FILE_MAX_SIZE=20m
LOG_ERROR_FILE_MAX_FILES=30
# Secure Logging Configuration
# Prevents sensitive data from being logged
SECURE_LOGGING_ENABLED=true
SECURE_LOGGING_REPLACEMENT_VALUE=[REDACTED]
# Comma-separated list of sensitive field names to redact (case-insensitive)
# These fields will be automatically redacted from all logs
SECURE_LOGGING_SENSITIVE_FIELDS=password,passwd,pwd,secret,token,accessToken,refreshToken,authorization,auth,creditCard,cardNumber,cvv,ssn,socialSecurity,dateOfBirth,dob,phoneNumber,phone,address,bankAccount,routingNumber,pin,otp,oneTimePassword,verificationCode,resetToken,resetCode,currentPassword,newPassword,confirmPassword,oldPassword
# Sentry Configuration
SENTRY_ENABLED=false
SENTRY_DSN=https://your-sentry-dsn@sentry.io/project-id
SENTRY_TRACES_SAMPLE_RATE=0.1
SENTRY_DEBUG=false
SENTRY_HTTP_INTEGRATION=true
SENTRY_EXPRESS_INTEGRATION=true
SENTRY_CONSOLE_INTEGRATION=true
# Alerting Configuration
ALERTING_ENABLED=false
EMAIL_ALERTS_ENABLED=false
EMAIL_ALERT_RECIPIENTS=admin@example.com,dev@example.com
SLACK_ALERTS_ENABLED=false
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/YOUR/SLACK/WEBHOOK
SLACK_ALERT_CHANNEL=#alerts
WEBHOOK_ALERTS_ENABLED=false
WEBHOOK_ALERT_URL=https://your-webhook-url.com/alerts
WEBHOOK_ALERT_HEADERS={"Authorization":"Bearer your-token"}
# Alert Thresholds
ERROR_RATE_THRESHOLD=0.05
RESPONSE_TIME_THRESHOLD=5000
CRITICAL_ERROR_CODES=INTERNAL_ERROR,DATABASE_ERROR,EXTERNAL_SERVICE_ERROR
# Alert Rate Limiting
ALERT_RATE_LIMITING_ENABLED=true
MAX_ALERTS_PER_HOUR=10
ALERT_COOLDOWN_MINUTES=5
# Video Streaming Configuration
# AWS CloudFront & S3
AWS_CLOUDFRONT_DISTRIBUTION_ID=E1234567890ABC
AWS_CLOUDFRONT_DOMAIN=d1234567890abc.cloudfront.net
AWS_S3_BUCKET=strellerminds-videos
AWS_S3_REGION=us-east-1
AWS_ACCESS_KEY_ID=your-access-key-id
AWS_SECRET_ACCESS_KEY=your-secret-access-key
AWS_CLOUDFRONT_PRIVATE_KEY_ID=your-private-key-id
AWS_CLOUDFRONT_PRIVATE_KEY=your-private-key-content
AWS_SIGNED_URL_EXPIRY=3600
# Video Processing
VIDEO_PROCESSING_ENABLED=true
VIDEO_PROCESSING_CONCURRENT_JOBS=2
VIDEO_PROCESSING_TEMP_DIR=./temp/video-processing
FFMPEG_PATH=/usr/bin/ffmpeg
FFPROBE_PATH=/usr/bin/ffprobe
# Video Security
VIDEO_TOKEN_EXPIRY=3600
VIDEO_DRM_ENABLED=false
DRM_WIDEVINE_LICENSE_URL=https://your-drm-provider.com/widevine/license
DRM_WIDEVINE_CERT_URL=https://your-drm-provider.com/widevine/cert
DRM_FAIRPLAY_LICENSE_URL=https://your-drm-provider.com/fairplay/license
DRM_FAIRPLAY_CERT_URL=https://your-drm-provider.com/fairplay/cert
# Video Analytics
VIDEO_ANALYTICS_ENABLED=true
VIDEO_ANALYTICS_BATCH_SIZE=100
VIDEO_ANALYTICS_RETENTION_DAYS=365
# Video Quality Settings
VIDEO_DEFAULT_QUALITIES=240p,360p,480p,720p,1080p
VIDEO_ADAPTIVE_STREAMING_ENABLED=true
VIDEO_HLS_ENABLED=true
VIDEO_DASH_ENABLED=true
VIDEO_THUMBNAIL_COUNT=5
VIDEO_PREVIEW_ENABLED=true
# Video Upload Limits
VIDEO_MAX_FILE_SIZE=5368709120
VIDEO_ALLOWED_FORMATS=mp4,webm,mov,avi,mkv
VIDEO_MAX_DURATION=7200
VIDEO_MIN_DURATION=1
OTEL_SERVICE_NAME=streller-minds-backend
OTEL_COLLECTOR_URL=http://localhost:4318/v1/traces # OTLP HTTP
OTEL_EXPORTER=jaeger # one of: otlp | jaeger | zipkin
OTEL_SAMPLER_PROBABILITY=1.0 # 0..1, 1.0 = sample all (tune for prod)
OTEL_RESOURCE_ATTRIBUTES=service.version=1.0
OTEL_EXPORTER=jaeger
OTEL_COLLECTOR_URL=http://localhost:14268/api/traces
ELASTICSEARCH_NODE=http://localhost:9200
ELASTICSEARCH_USERNAME=elastic
ELASTICSEARCH_PASSWORD=your_elasticsearch_password_here
# Webhook Security Configuration
# Stripe Webhook Configuration
STRIPE_WEBHOOK_SECRET=whsec_your_stripe_webhook_secret_here
# PayPal Webhook Configuration
PAYPAL_WEBHOOK_SECRET=your_paypal_webhook_secret_here
# Zoom Webhook Configuration
ZOOM_WEBHOOK_SECRET=your_zoom_webhook_secret_here
# Custom Webhook Configuration
CUSTOM_WEBHOOK_SECRET=your_custom_webhook_secret_here
# Webhook Rate Limiting (per minute)
WEBHOOK_RATE_LIMIT_STRIPE=100
WEBHOOK_RATE_LIMIT_PAYPAL=50
WEBHOOK_RATE_LIMIT_ZOOM=200
WEBHOOK_RATE_LIMIT_CUSTOM=100
# Webhook Replay Protection (window in milliseconds)
WEBHOOK_REPLAY_WINDOW=300000
# Webhook Logging Configuration
WEBHOOK_LOG_RETENTION_DAYS=30
WEBHOOK_LOG_INCLUDE_PAYLOAD=false
WEBHOOK_LOG_INCLUDE_HEADERS=true