-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
38 lines (33 loc) · 2.35 KB
/
.env.example
File metadata and controls
38 lines (33 loc) · 2.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# ═══════════════════════════════════════════════════════════════════════════
# Haldir — self-host configuration
# ═══════════════════════════════════════════════════════════════════════════
# Copy this file to .env and fill in the required values:
#
# cp .env.example .env
# # Generate a 256-bit AES key (base64url-encoded):
# python3 -c 'import base64, os; print(base64.urlsafe_b64encode(os.urandom(32)).decode())'
# # Paste the output below as HALDIR_ENCRYPTION_KEY
# ── Required ──────────────────────────────────────────────────────────────
# Vault's AES-256-GCM encryption key. Losing this means losing access to
# all stored secrets. Back it up somewhere safe; use a different one per
# environment.
HALDIR_ENCRYPTION_KEY=
# ── Strongly recommended ──────────────────────────────────────────────────
# Bootstrap token — protects the first API key creation. If set, callers to
# POST /v1/keys must include `X-Bootstrap-Token: <this>`. Rotate or clear
# after your first key is created.
HALDIR_BOOTSTRAP_TOKEN=change-me-or-leave-empty-for-open-bootstrap
# ── Port exposed on the host (container always uses 8080 internally) ──────
HALDIR_PORT=8000
# ── Postgres credentials (used by both services) ──────────────────────────
# Safe defaults for local dev. CHANGE for any deployment you care about.
POSTGRES_USER=haldir
POSTGRES_PASSWORD=haldir
POSTGRES_DB=haldir
# ── Optional: Stripe billing ──────────────────────────────────────────────
# Leave empty unless you're also running your own billing. Self-host is
# free forever; these only matter if you're reselling cloud-style tiers.
# STRIPE_SECRET_KEY=
# STRIPE_WEBHOOK_SECRET=
# STRIPE_PRICE_PRO=
# STRIPE_PRICE_ENTERPRISE=