rampart/.env.example at main · manimovassagh/rampart · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
# Rampart development environment
# Copy this file to .env and fill in values
# NEVER commit .env to version control

POSTGRES_USER=rampart
POSTGRES_PASSWORD=<your-secure-password>
POSTGRES_DB=rampart
RAMPART_PORT=8080
RAMPART_DB_URL=postgres://rampart:<your-secure-password>@localhost:5432/rampart?sslmode=disable
RAMPART_LOG_LEVEL=debug
RAMPART_LOG_FORMAT=pretty
RAMPART_ALLOWED_ORIGINS=http://localhost:3000

# RSA signing key path (auto-generated on first boot if missing)
RAMPART_SIGNING_KEY_PATH=rampart-signing-key.pem

# OIDC issuer URL (must match the public-facing URL of this server)
RAMPART_ISSUER=http://localhost:8080

# Token TTLs in seconds (defaults: access=900, refresh=604800)
# RAMPART_ACCESS_TOKEN_TTL=900
# RAMPART_REFRESH_TOKEN_TTL=604800

# Security
# RAMPART_HSTS_ENABLED=true
# RAMPART_SECURE_COOKIES=true
# RAMPART_ENCRYPTION_KEY=<64-char-hex-string-for-32-byte-key>

# Trusted proxy CIDRs (comma-separated). Only set if behind a reverse proxy.
# When empty, X-Forwarded-For headers are ignored (prevents rate limit bypass).
# RAMPART_TRUSTED_PROXIES=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

# Rate limiting (requests per minute per IP)
# RAMPART_RATE_LIMIT_LOGIN=10
# RAMPART_RATE_LIMIT_REGISTER=5
# RAMPART_RATE_LIMIT_TOKEN=10

# SMTP for transactional emails (password reset, email verification)
# RAMPART_SMTP_HOST=smtp.example.com
# RAMPART_SMTP_PORT=587
# RAMPART_SMTP_USERNAME=
# RAMPART_SMTP_PASSWORD=
# RAMPART_SMTP_FROM=noreply@example.com

# Social login providers (uncomment and set to enable)
# RAMPART_GOOGLE_CLIENT_ID=
# RAMPART_GOOGLE_CLIENT_SECRET=
# RAMPART_GITHUB_CLIENT_ID=
# RAMPART_GITHUB_CLIENT_SECRET=
# RAMPART_APPLE_CLIENT_ID=
# RAMPART_APPLE_TEAM_ID=
# RAMPART_APPLE_KEY_ID=
# RAMPART_APPLE_PRIVATE_KEY=