-
Notifications
You must be signed in to change notification settings - Fork 6
Expand file tree
/
Copy path.env.example
More file actions
164 lines (129 loc) · 6.15 KB
/
.env.example
File metadata and controls
164 lines (129 loc) · 6.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
# Neo4j Configuration
NEO4J_URI=bolt://localhost:7687
NEO4J_USER=neo4j
NEO4J_PASSWORD=your-neo4j-password
PUBLIC_EVAULT_SERVER_URI=http://localhost:4000
# Rate limiting (requests per minute)
RATE_LIMIT_PER_PLATFORM=250
RATE_LIMIT_PER_IP=500
REGISTRY_ENTROPY_KEY_JWK='{"kty":"EC","use":"sig","alg":"ES256","kid":"entropy-key-1","crv":"P-256","x":"your-x-value","y":"your-y-value","d":"your-d-value"}'
ENCRYPTION_PASSWORD="your-encryption-password"
W3ID="@your-w3id"
REGISTRY_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/registry
REGISTRY_SHARED_SECRET="your-registry-shared-secret"
PROVISIONER_DATABASE_URL="postgres://postgres:postgres@localhost:5432/provisioner"
PUBLIC_VERIFF_KEY="your-veriff-key"
VERIFF_HMAC_KEY="your-veriff-hmac-key"
# Didit KYC
DIDIT_API_KEY="your-didit-api-key"
DIDIT_WORKFLOW_ID="your-didit-workflow-id"
DIDIT_WEBHOOK_SECRET="your-didit-webhook-secret"
# Provisioner signing key (32-byte hex seed for ed25519)
PROVISIONER_SIGNING_SEED="your-32-byte-hex-seed"
PROVISIONER_KID="provisioner-1"
# set this to allow or deny
DUPLICATES_POLICY="DENY"
IP_ADDR="localhost"
PICTIQUE_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/pictique
PICTIQUE_MAPPING_DB_PATH=/path/to/pictique/mapping/db
BLABSY_MAPPING_DB_PATH="/path/to/blabsy/mapping/db"
DREAMSYNC_MAPPING_DB_PATH="/path/to/dreamsync/mapping/db"
GROUP_CHARTER_MAPPING_DB_PATH=/path/to/charter/mapping/db
CERBERUS_MAPPING_DB_PATH=/path/to/cerberus/mapping/db
GOOGLE_APPLICATION_CREDENTIALS="/Users/sosweetham/projs/metastate/prototype/secrets/eid-w-firebase-adminsdk.json"
# Notification Trigger (APNS/FCM toy platform)
NOTIFICATION_TRIGGER_PORT=3998
# Full URL for control panel proxy (optional; defaults to http://localhost:NOTIFICATION_TRIGGER_PORT)
NOTIFICATION_TRIGGER_URL=http://localhost:3998
# APNS (iOS) - from Apple Developer
APNS_KEY_PATH="/Users/sosweetham/projs/metastate/prototype/secrets/AuthKey_A3BBXD9YR3.p8"
APNS_KEY_ID="A3BBXD9YR3"
APNS_TEAM_ID="M49C8XS835"
APNS_BUNDLE_ID="com.example.app"
APNS_PRODUCTION=false
# Broadcast push (Live Activities) - base64 channel ID
APNS_BROADCAST_CHANNEL_ID=znbhuBJCEfEAAMIJbS9xUw==
#PUBLIC_REGISTRY_URL="https://registry.w3ds.metastate.foundation"
#PUBLIC_PROVISIONER_URL="https://provisioner.w3ds.metastate.foundation"
#PUBLIC_REGISTRY_URL="https://registry.staging.metastate.foundation"
#PUBLIC_PROVISIONER_URL="https://provisioner.staging.metastate.foundation"
PUBLIC_REGISTRY_URL="http://localhost:4321"
PUBLIC_PROVISIONER_URL="http://localhost:3001"
PUBLIC_PICTIQUE_URL="http://localhost:5173"
PUBLIC_PICTIQUE_BASE_URL="http://localhost:1111"
PUBLIC_BLABSY_URL="http://localhost:8080"
PUBLIC_BLABSY_BASE_URL="http://localhost:4444"
PUBLIC_GROUP_CHARTER_BASE_URL="http://localhost:5555"
GROUP_CHARTER_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/group_charter_manager
CERBERUS_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/cerberus
PUBLIC_CERBERUS_BASE_URL="http://localhost:6666"
EVOTING_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/evoting
EVOTING_MAPPING_DB_PATH="/path/to/evoting/mapping/db"
OPENAI_API_KEY=sk-your-openai-api-key
PUBLIC_EVOTING_BASE_URL="http://localhost:7777"
PUBLIC_EVOTING_URL="http://localhost:3001"
PUBLIC_APP_STORE_EID_WALLET=""
PUBLIC_PLAY_STORE_EID_WALLET=""
NOTIFICATION_SHARED_SECRET=your-notification-secret-key
# Shared secret between eid-wallet frontend and evault-core provisioner
# Backend reads PROVISIONER_SHARED_SECRET, wallet reads PUBLIC_PROVISIONER_SHARED_SECRET
PROVISIONER_SHARED_SECRET="your-provisioner-shared-secret"
PUBLIC_PROVISIONER_SHARED_SECRET="your-provisioner-shared-secret"
PUBLIC_ESIGNER_BASE_URL="http://localhost:3004"
PUBLIC_FILE_MANAGER_BASE_URL="http://localhost:3005"
PUBLIC_PROFILE_EDITOR_BASE_URL=http://localhost:3007
DREAMSYNC_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/dreamsync
VITE_DREAMSYNC_BASE_URL="http://localhost:8888"
EREPUTATION_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/ereputation
EREPUTATION_MAPPING_DB_PATH="/path/to/erep/mapping/db"
VITE_EREPUTATION_BASE_URL=http://localhost:8765
PUBLIC_EREPUTATION_BASE_URL=http://localhost:8765
LOAD_TEST_USER_COUNT=6
PUBLIC_EID_WALLET_TOKEN=obtained-from-post-registry-service-/platforms/certification
LOKI_URL=http://localhost:3100
LOKI_USERNAME=admin
LOKI_PASSWORD=admin
# Control Panel
PUBLIC_CONTROL_PANEL_URL=http://localhost:5173
CONTROL_PANEL_JWT_SECRET=replace-with-a-strong-secret
CONTROL_PANEL_ADMIN_ENAMES_FILE=config/admin-enames.json
VISUALIZER_API_KEY=
DREAMSYNC_JWT_SECRET="secret"
ECURRENCY_JWT_SECRET="secret"
EREPUTATION_JWT_SECRET="secret"
ESIGNER_JWT_SECRET="secret"
EMOVER_JWT_SECRET="secret"
FILE_MANAGER_JWT_SECRET="secret"
CHARTER_JWT_SECRET="secret"
PICTIQUE_JWT_SECRET="secret"
# Awareness as a Service (AaaS)
# Connection string for the AaaS Postgres database
AWARENESS_DATABASE_URL="postgres://postgres:postgres@localhost:5432/awareness"
AWARENESS_API_PORT=4100
# Public base URL of the AaaS API (used to build W3DS auth callbacks)
AWARENESS_PUBLIC_URL="http://localhost:4100"
# Shared secret evault-core must present on POST /ingest
AWARENESS_INGEST_SECRET="replace-with-a-strong-secret"
# Where evault-core forwards every awareness packet
AWARENESS_SERVICE_URL="http://localhost:4100"
# Comma-separated eNames allowed to act as AaaS portal admins
AAAS_ADMIN_ENAMES=""
# DigitalOcean Spaces object storage (S3-compatible) — used by eVault core to
# store file blobs and expose public URIs for the w3ds://file URI scheme.
DO_SPACES_ENDPOINT="https://nyc3.digitaloceanspaces.com"
DO_SPACES_REGION="nyc3"
DO_SPACES_KEY="your-spaces-access-key"
DO_SPACES_SECRET="your-spaces-secret-key"
DO_SPACES_BUCKET="your-spaces-bucket"
# Optional public/CDN base URL; defaults to the bucket sub-domain on the endpoint
DO_SPACES_CDN_URL=""
# Secret used to sign AaaS portal session JWTs
AAAS_JWT_SECRET="replace-with-a-strong-secret"
# Webhook delivery tuning
AWARENESS_MAX_ATTEMPTS=3
AWARENESS_DELIVERY_POLL_MS=2000
# The one-time Neo4j backfill reuses the standard NEO4J_URI / NEO4J_USER /
# NEO4J_PASSWORD vars at the top of this file - it reads evault-core's graph
# directly, so there are no AaaS-specific Neo4j vars.
# Portal -> API base URL
PUBLIC_AWARENESS_API_URL="http://localhost:4100"