forked from AshDevFr/experiment-RFHBX
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.deploy.example
More file actions
67 lines (54 loc) · 2.37 KB
/
.env.deploy.example
File metadata and controls
67 lines (54 loc) · 2.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# =============================================================================
# Production Environment Variables for docker-compose.deploy.yml
# Copy this file to .env.deploy and fill in real values before deploying.
# NEVER commit .env.deploy to version control.
# =============================================================================
# Rails
RAILS_ENV=production
SECRET_KEY_BASE=<generate with: bundle exec rails secret>
RAILS_LOG_TO_STDOUT=true
RAILS_SERVE_STATIC_FILES=true
# Server
PORT=3000
# Database (used by web + sidekiq services)
DATABASE_URL=postgresql://postgres:<strong-random-password>@db:5432/experiment_rfhbx_production
DATABASE_HOST=db
DATABASE_PORT=5432
DATABASE_NAME=experiment_rfhbx_production
DATABASE_USER=postgres
DATABASE_PASSWORD=<strong-random-password>
# Redis / Sidekiq
REDIS_URL=redis://redis:6379/0
# Optional: Action Mailer (SMTP)
# SMTP_ADDRESS=smtp.example.com
# SMTP_PORT=587
# SMTP_USERNAME=
# SMTP_PASSWORD=
# SMTP_DOMAIN=example.com
# SMTP_AUTHENTICATION=plain
# SMTP_ENABLE_STARTTLS=true
# Optional: Application host (used for URL generation)
# APP_HOST=example.com
# =============================================================================
# OIDC / Authentication (Phase 6)
# Configure these to point at your OIDC provider (Keycloak, Auth0, Dex, etc.)
# Introduced by Issues #51-#53 / PRs #57, #60, #67.
# =============================================================================
# Base URL of your OIDC issuer — must match the `iss` claim in JWTs
# Example (Keycloak): https://auth.example.com/realms/myrealm
# Example (Auth0): https://your-tenant.us.auth0.com/
OIDC_ISSUER_URL=https://auth.example.com/realms/myrealm
# OAuth2 client ID registered with your OIDC provider
OIDC_CLIENT_ID=experiment-rfhbx
# OAuth2 client secret — obtain from your OIDC provider's admin console
# KEEP THIS SECRET; never commit the real value
OIDC_CLIENT_SECRET=<your-oidc-client-secret>
# Expected `aud` (audience) claim in access tokens
# Typically matches OIDC_CLIENT_ID, but verify with your provider
OIDC_AUDIENCE=experiment-rfhbx
# How long (seconds) to cache the provider's JWKS public keys locally
# Reduces outbound requests to the JWKS endpoint; default is 3600 (1 hour)
OIDC_JWKS_CACHE_TTL=3600
# Dev auth bypass — MUST be false (or omitted) in production
# Set to "true" only in development/test to skip OIDC token validation
DEV_AUTH_BYPASS=false