-
Notifications
You must be signed in to change notification settings - Fork 90
Expand file tree
/
Copy path.env.example
More file actions
175 lines (128 loc) · 7.8 KB
/
.env.example
File metadata and controls
175 lines (128 loc) · 7.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
# ── Stellar / Soroban ────────────────────────────────────────────────────────
# testnet | mainnet (default: testnet)
STELLAR_NETWORK=testnet
# Horizon REST API for the chosen network
HORIZON_URL=https://horizon-testnet.stellar.org
# Soroban RPC endpoint for contract simulation and submission
SOROBAN_RPC_URL=https://soroban-testnet.stellar.org
# Must exactly match the target network passphrase
STELLAR_NETWORK_PASSPHRASE=Test SDF Network ; September 2015
# ── Contract ─────────────────────────────────────────────────────────────────
# 56-char contract address starting with C — output of `make deploy`
VACCINATIONS_CONTRACT_ID=
# ── Backend auth ─────────────────────────────────────────────────────────────
# Secret key for admin contract invocations (starts with S)
ADMIN_SECRET_KEY=
# Public key matching ADMIN_SECRET_KEY (starts with G) — grants issuer role on login
ADMIN_PUBLIC_KEY=
# Dedicated secret key for signing SEP-10 challenges (starts with S)
SEP10_SERVER_KEY=
# SEP-10: home domain — used as the manage_data key prefix ('<HOME_DOMAIN> auth')
# Must match the domain in your stellar.toml (e.g. vaccichain.example.com)
HOME_DOMAIN=localhost
# SEP-10: domain of this auth server — included in the web_auth_domain manage_data operation
# May differ from HOME_DOMAIN when the auth server is on a subdomain
WEB_AUTH_DOMAIN=localhost
# Secret key for signing mint/revoke transactions (starts with S)
ISSUER_SECRET_KEY=
# JWT signing secret — min 32 chars recommended; rotate to invalidate sessions
JWT_SECRET=
# kid (key ID) for the current JWT signing key — increment on each rotation
JWT_KEY_ID=1
# Comma-separated list of previous JWT secrets still valid for verification
# during the transition window after a rotation. Remove entries once all
# tokens signed with those secrets have expired.
# Example: JWT_PREVIOUS_KEYS=oldSecret1,oldSecret2
JWT_PREVIOUS_KEYS=
# ── Backend server ────────────────────────────────────────────────────────────
# TCP port for the Express backend (default: 4000)
PORT=4000
# Winston log level for the backend (default: info)
# Allowed values: error | warn | info | http | debug
LOG_LEVEL=info
# Maximum JSON request body size accepted by the API (default: 10kb)
BODY_LIMIT=10kb
# Comma-separated list of allowed CORS origins (default: http://localhost:3000)
# Example: https://app.example.com,https://admin.example.com
ALLOWED_ORIGINS=http://localhost:3000
# Max retries for Soroban RPC calls before failing (default: 3)
SOROBAN_RPC_MAX_RETRIES=3
# Base transaction fee in stroops (1 XLM = 10,000,000 stroops; default: 100)
SOROBAN_FEE=100
# Fee bump tip in stroops to prioritise transactions (default: 0)
SOROBAN_TIP=0
# How often (ms) the event indexer polls the backend for new contract events (default: 15000)
EVENT_POLL_INTERVAL_MS=15000
# Path to the SQLite database file used by the indexer (default: /data/vaccichain.db)
DATABASE_PATH=/data/vaccichain.db
# ── Rate limiting ─────────────────────────────────────────────────────────────
# Max SEP-10 challenge requests per IP per minute (default: 10)
RATE_LIMIT_SEP10=10
# Max public verify requests per IP per minute (default: 60)
RATE_LIMIT_VERIFY=60
# ── Brute-force protection ────────────────────────────────────────────────────
# Max failed /auth/verify attempts before blocking (default: 5)
BRUTE_FORCE_MAX_ATTEMPTS=5
# Sliding window for counting failures in milliseconds (default: 600000 = 10 min)
BRUTE_FORCE_WINDOW_MS=600000
# How long a blocked IP/wallet stays blocked in milliseconds (default: 900000 = 15 min)
BRUTE_FORCE_BLOCK_MS=900000
# ── Audit log ─────────────────────────────────────────────────────────────────
# Path to append-only NDJSON audit log (default: ./audit.log)
AUDIT_LOG_PATH=./audit.log
# ── Python analytics service ──────────────────────────────────────────────────
# TCP port for the FastAPI analytics service (default: 8001)
ANALYTICS_PORT=8001
# Base URL the analytics service uses to reach the backend (default set by Compose)
BACKEND_URL=http://backend:4000
# API key required to access protected analytics endpoints (rates, issuers, anomalies)
# Generate with: openssl rand -hex 32
ANALYTICS_API_KEY=
# Python log level: DEBUG | INFO | WARNING | ERROR | CRITICAL (default: INFO)
# Reuses LOG_LEVEL defined in the backend section above; set to INFO for Python stdlib levels.
# ── Anomaly detection ─────────────────────────────────────────────────────────
# Mint count above which an issuer is flagged as anomalous (default: 50)
ANOMALY_THRESHOLD=50
# How often (minutes) the anomaly detection job runs (default: 15)
ANOMALY_SCHEDULE_MINUTES=15
# Webhook URL to POST alerts to when anomalies are detected (leave empty to disable)
# Example (Slack): https://hooks.slack.com/services/TXXXXXXXXX/BXXXXXXXXX/XXXXXXXX
ALERT_WEBHOOK_URL=
# Webhook payload format: slack | pagerduty | email (default: slack)
ALERT_WEBHOOK_TYPE=slack
# PagerDuty Events API v2 routing key — required when ALERT_WEBHOOK_TYPE=pagerduty
# Set ALERT_WEBHOOK_URL=https://events.pagerduty.com/v2/enqueue
PAGERDUTY_ROUTING_KEY=
# Recipient email address — required when ALERT_WEBHOOK_TYPE=email
ALERT_EMAIL_TO=
# ── Backup service ────────────────────────────────────────────────────────────
# S3 Bucket for analytics DB backup
S3_BUCKET_NAME=
# AWS Credentials for S3 access
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_REGION=us-east-1
# Number of days to retain backups
RETENTION_DAYS=30
DEMO_ISSUER_SECRET=
ADMIN_SECRET=
# ── Secrets Management (Production) ───────────────────────────────────────────
# Enable AWS Secrets Manager for production (default: false)
USE_AWS_SECRETS=false
# AWS Secrets Manager secret name/ARN containing all secrets
# Example: arn:aws:secretsmanager:us-east-1:123456789012:secret:vaccichain/prod/stellar
AWS_SECRET_NAME=
# AWS region for Secrets Manager (default: us-east-1)
AWS_REGION=us-east-1
# ── Admin multi-signature ─────────────────────────────────────────────────────
# Number of approvals required for critical admin operations (default: 2)
MULTISIG_THRESHOLD=2
# Comma-separated list of wallet addresses authorised to approve proposals.
# Leave empty to allow any admin-role JWT holder to approve.
# Example: MULTISIG_KEY_HOLDERS=GABC...,GDEF...,GHIJ...
MULTISIG_KEY_HOLDERS=
# How long a pending proposal stays valid in milliseconds (default: 3600000 = 1 hour)
MULTISIG_PROPOSAL_TTL_MS=3600000
# Set to 'false' to waive consent requirement (e.g. jurisdiction config).
# Default: true (consent required before minting)
REQUIRE_PATIENT_CONSENT=true