.env

# local, heroku, stage, production
APP_ENV=local
SERVER_URL=http://localhost:6060
PORT=6060
NEXTAUTH_URL=http://localhost:6060

# 1: disables the dockerflow endpoints
# see: https://github.com/mozilla-services/Dockerflow#containerized-app-requirements
DISABLE_DOCKERFLOW=

# Database server
DATABASE_URL=postgres://postgres@localhost:5432/blurts
# How many seconds can unverified subscribers remain in the database
DELETE_UNVERIFIED_SUBSCRIBERS_TIMER=86400

# How many seconds until page tokens expire?
PAGE_TOKEN_TIMER=0

# Email server
SMTP_URL=
# From: address used in emails
EMAIL_FROM=
# https://docs.aws.amazon.com/ses/latest/DeveloperGuide/using-configuration-sets.html
SES_CONFIG_SET=
# 1: only log messages coming back from SES
SES_NOTIFICATION_LOG_ONLY=

# s3 bucket for cdn
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_REGION=
S3_BUCKET=

# Firefox Accounts OAuth
FXA_SETTINGS_URL=https://accounts.stage.mozaws.net/settings

OAUTH_CLIENT_ID=edd29a80019d61a1
OAUTH_CLIENT_SECRET=get-this-from-groovecoder-or-fxmonitor-engineering
OAUTH_AUTHORIZATION_URI=https://oauth.stage.mozaws.net/v1/authorization
OAUTH_METRICS_FLOW_URI=https://accounts.stage.mozaws.net/metrics-flow
OAUTH_PROFILE_URI=https://profile.stage.mozaws.net/v1/profile
OAUTH_TOKEN_URI=https://oauth.stage.mozaws.net/v1/token
OAUTH_ACCOUNT_URI="https://api-accounts.stage.mozaws.net/v1"

# HIBP API for breach data
# How many seconds to wait before refreshing upstream breach data from HIBP
HIBP_RELOAD_BREACHES_TIMER=600
# HIBP API for range search and subscription
HIBP_KANON_API_ROOT=https://enterprise.stage-api.haveibeenpwned.com
HIBP_KANON_API_TOKEN=
HIBP_API_ROOT=https://haveibeenpwned.com/api/v2
HIBP_API_TOKEN=
# How many milliseconds to wait before retrying an HIBP request
HIBP_THROTTLE_DELAY=2000
# Max number of times to try an HIBP request before throwing error
HIBP_THROTTLE_MAX_TRIES=5
# Authorization token for HIBP to present to /hibp/notify endpoint
HIBP_NOTIFY_TOKEN=unsafe-default-token-for-dev
# Domains we prefer to not link to
HIBP_BREACH_DOMAIN_BLOCKLIST=a-blocked-domain.com,another-blocked-domain.org

# OneRep API for exposure scanning
ONEREP_API_BASE=https://mozilla.api.onerep.com
ONEREP_API_KEY=
ONEREP_WEBHOOK_SECRET="unsafe-default-secret-for-dev"

# Firefox Remote Settings
FX_REMOTE_SETTINGS_WRITER_SERVER=https://settings-writer.prod.mozaws.net/v1
FX_REMOTE_SETTINGS_WRITER_USER=
FX_REMOTE_SETTINGS_WRITER_PASS=

# DSN for Sentry error and event capturing
# e.g., SENTRY_DSN=https://{key}@sentry.prod.mozaws.net/408
SENTRY_DSN=
SENTRY_DSN_LEGACY=

BREACH_RESOLUTION_ENABLED=1
PRODUCT_PROMOS_ENABLED=1

# Experiment Flag
EXPERIMENT_ACTIVE=0

REDIS_URL=redis://redis.mock

SUPPORTED_LOCALES=cak,cs,cy,da,de,el,en,en-CA,en-GB,es-AR,es-CL,es-ES,es-MX,fi,fr,fy-NL,gn,hu,kab,ia,id,it,ja,nb-NO,nl,nn-NO,pt-BR,pt-PT,ro,ru,sk,sl,sq,sv-SE,tr,uk,vi,zh-CN,zh-TW

# Locales blocked from viewing Mozilla VPN promos. Use CSV without whitespace.
VPN_PROMO_BLOCKED_LOCALES=zh-CN

# MaxMind GeoLite2 geolocation service used for VPN Banner
# For Heroku deploys, the following 3 vars are generated automatically via Buildpack https://github.com/HiMamaInc/heroku-buildpack-geoip-geolite2
# Staging and production environments will need variables set manually
# Local environment uses a test database with limited data (preset here)
GEOIP_GEOLITE2_PATH=./tests/mmdb/
GEOIP_GEOLITE2_CITY_FILENAME=GeoLite2-City-Test.mmdb
GEOIP_GEOLITE2_COUNTRY_FILENAME=GeoLite2-Country-Test.mmdb

# Educational video src urls, hosted by SRE team on a CDN
EDUCATION_VIDEO_URL_RELAY=https://monitor.cdn.mozilla.net/videos/FF_Relay_version_02.mp4
EDUCATION_VIDEO_URL_VPN=https://monitor.cdn.mozilla.net/videos/Mozilla_VPN.mp4

# Email addresses that are allowed to test and send emails
ADMINS=

# Enable monthly cron-job, currently for sending unresolved breach reminder emails
MONTHLY_CRON_ENABLED=

# E2E Tests
E2E_TEST_ENV=
E2E_TEST_BASE_URL=
E2E_TEST_ACCOUNT_EMAIL=
E2E_TEST_ACCOUNT_PASSWORD=

E2E_TEST_ACCOUNT_EMAIL_ZERO_BROKERS=
E2E_TEST_ACCOUNT_EMAIL_ZERO_BREACHES_ZERO_BROKERS=
E2E_TEST_ACCOUNT_EMAIL_EXPOSURES_STARTED=

E2E_TEST_PAYPAL_LOGIN=
E2E_TEST_PAYPAL_PASSWORD=

# Monitor Premium features
# Link to start user on the subscription process. PREMIUM_ENABLED must be set to `true`.
FXA_SUBSCRIPTIONS_URL=https://accounts.stage.mozaws.net/subscriptions
PREMIUM_PRODUCT_ID=prod_NErZh679W62lai
PREMIUM_PLAN_ID_MONTHLY_US=price_1MUNq0Kb9q6OnNsL4BoJgepf
PREMIUM_PLAN_ID_YEARLY_US=
SUBSCRIPTION_BILLING_AMOUNT_YEARLY_US=13.37
SUBSCRIPTION_BILLING_AMOUNT_MONTHLY_US=42.42

# This date is used to direct users who signed up after data broker scanning
# was released to the welcome flow. Users who had signed up before and thus
# have seen data breach results before, will be able to see their known breaches
# first:
BROKER_SCAN_RELEASE_DATE=2024-02-06

MONTHLY_SUBSCRIBERS_QUOTA=
MONTHLY_SCANS_QUOTA=
STATS_TOKEN=

# GCP PubSub Project ID and subscription name
GCP_PUBSUB_PROJECT_ID=
GCP_PUBSUB_TOPIC_NAME=
GCP_PUBSUB_SUBSCRIPTION_NAME=

# Randomly-generated UUIDv5 namespace, until/unless we are approved to use FxA UID for Nimbus User ID.
NIMBUS_UUID_NAMESPACE=00000000-0000-0000-0000-000000000000
NIMBUS_SIDECAR_URL=http://localhost:8001

# The maximum number of jobs that the email breach alert worker will process.
EMAIL_BREACH_ALERT_MAX_MESSAGES = 10000

# The maximum number of scans and profiles allowed. May be used for alerts, and for redirecting to waitlist.
MAX_MANUAL_SCANS=100
MAX_INITIAL_SCANS=100
MAX_PROFILES_ACTIVATED=100
MAX_PROFILES_CREATED=100

# Used during CI to upload sourcemaps to Sentry.
UPLOAD_SENTRY_SOURCEMAPS=false
SENTRY_AUTH_TOKEN=

# Whether GA4 sends data or not. NOTE: must be set in build environment.
NEXT_PUBLIC_GA4_DEBUG_MODE=true

CURRENT_COUPON_CODE_ID=
GA4_API_SECRET=unsafe-default-secret-for-dev

# Data broker removal estimates data
DATA_BROKER_REMOVAL_ESTIMATES_DATA=[]