-
Notifications
You must be signed in to change notification settings - Fork 167
/
Copy path.env.example
130 lines (108 loc) · 4.28 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# Jackson settings
# Change this to your deployment public URL
EXTERNAL_URL=http://localhost:5225
SAML_AUDIENCE=https://saml.boxyhq.com
JACKSON_API_KEYS="secret"
ADMIN_PORTAL_SSO_TENANT="_jackson_boxyhq"
ADMIN_PORTAL_SSO_PRODUCT="_jackson_admin_portal"
IDP_ENABLED=
PRE_LOADED_CONNECTION=
CLIENT_SECRET_VERIFIER=
# Database settings
DB_ENGINE=sql
DB_URL=postgres://postgres:postgres@localhost:5432/postgres
DB_TYPE=postgres
DB_TTL=300
DB_CLEANUP_LIMIT=1000
DB_PAGE_LIMIT=50
# You can use openssl to generate a random 32 bytes key: openssl rand -base64 32
DB_ENCRYPTION_KEY=
# Uncomment below if you wish to run DB migrations manually.
#DB_MANUAL_MIGRATION=true
# Admin Portal settings
# SMTP details for Magic Links
SMTP_HOST=
SMTP_PORT=
SMTP_USER=
SMTP_PASSWORD=
SMTP_FROM=
# Access Control for Magic Links. Set this to a comma separated string of email addresses
# or glob patterns like: `[email protected],*@marvel.com`.
# Access will be denied to email addresses which don't match. If you don't specify any value access is denied to all.
NEXTAUTH_ACL=
# Change this to your deployment public URL (https://next-auth.js.org/configuration/options#nextauth_url)
NEXTAUTH_URL=http://localhost:5225
# Change this to a real secret when deploying to production
# You can use openssl to generate a secret key: openssl rand -base64 32
NEXTAUTH_SECRET=secret
# Admin credentials (In the format email:password. Comma separated values if you want multiple logins). Alternative to Magic Links.
NEXTAUTH_ADMIN_CREDENTIALS=
# Admin Portal for Retraced (Audit Logs)
RETRACED_HOST_URL=
RETRACED_EXTERNAL_URL=
RETRACED_ADMIN_ROOT_TOKEN=
# Admin Portal for Terminus (Privacy Vault)
TERMINUS_PROXY_HOST_URL=
TERMINUS_ADMIN_ROOT_TOKEN=
# Set this env to enable vault audit logs in the sidebar
TERMINUS_RETRACED_PROJECT_ID=
# OpenTelemetry
OTEL_EXPORTER_OTLP_METRICS_ENDPOINT=
OTEL_EXPORTER_OTLP_METRICS_HEADERS=
# If you want to use grpc
# OTEL_EXPORTER_OTLP_METRICS_PROTOCOL=grpc
# If you have any issues with using the otel exporter and want to enable debug logs
# OTEL_EXPORTER_DEBUG=true
# JWS Algorithm to be used for signing e.g., RS256
# https://github.com/panva/jose/issues/114#digital-signatures
OPENID_JWS_ALG=
# JWT signing keys
# Generate keys: https://www.scottbrady91.com/openssl/creating-rsa-keys-using-openssl,
# Load into env: https://developer.vonage.com/blog/20/07/29/using-private-keys-in-environment-variables
# openssl genrsa -out private-key.pem 3072
# convert to pkcs8 format: openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private-key.pem -out private_key.pem
# cat private_key.pem | base64
OPENID_RSA_PRIVATE_KEY=
# openssl rsa -in private_key.pem -pubout -out public_key.pem
# cat public_key.pem | base64
OPENID_RSA_PUBLIC_KEY=
# You can use `openssl req -x509 -newkey rsa:2048 -keyout key.pem -out public.crt -sha256 -days 365000 -nodes` to generate one
# Base64 encoded value of public key `cat public.crt | base64`
PUBLIC_KEY=
# Base64 encoded value of private key `cat key.pem | base64`
PRIVATE_KEY=
# To enable enterprise-only features, fill your license key in here.
BOXYHQ_LICENSE_KEY=
# To turn off our anonymous analytics uncomment the line below
#BOXYHQ_NO_ANALYTICS=1
# Set Webhook URL and secret to enable webhook notifications
WEBHOOK_URL=
WEBHOOK_SECRET=
# Directory sync webhook event batch size (Eg: 50)
DSYNC_WEBHOOK_BATCH_SIZE=
DSYNC_WEBHOOK_BATCH_CRON_INTERVAL=
# Google workspace directory sync
DSYNC_GOOGLE_CLIENT_ID=
DSYNC_GOOGLE_CLIENT_SECRET=
DSYNC_GOOGLE_CRON_INTERVAL=
# Only applicable for BoxyHQ SaaS deployments
BOXYHQ_HOSTED=0
# Setup link expiry in days
SETUP_LINK_EXPIRY_DAYS=3
# Ory integration. You need BOXYHQ_LICENSE_KEY to be set to use this.
ENTERPRISE_ORY_SDK_TOKEN=
ENTERPRISE_ORY_PROJECT_ID=
# Uncomment below if you wish to opt-out of sending `profile` scope in OIDC Provider Authorization Request
#OPENID_REQUEST_PROFILE_SCOPE=false
# Uncomment below if you wish to forward the OpenID params (https://openid.net/specs/openid-connect-core-1_0-errata2.html#AuthRequest) to the OpenID IdP
#OPENID_REQUEST_FORWARD_PARAMS=true
# disable logging into sso trace
# SSO_TRACES_DISABLE=true
# SSO_TRACES_REDACT=true
# traces ttl in hours
# SSO_TRACES_TTL=
# Logger options
# Log file to write to
LOG_FILE=
# Log levels - "fatal" | "error" | "warn" | "info" (default) | "debug" | "trace"
LOG_LEVEL=