-
Notifications
You must be signed in to change notification settings - Fork 18
Expand file tree
/
Copy pathtemplate.env
More file actions
155 lines (132 loc) · 5.64 KB
/
Copy pathtemplate.env
File metadata and controls
155 lines (132 loc) · 5.64 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# Attack Workbench REST API - Environment Configuration Template
# Guidance:
# - Booleans: use true or false
# - Lists: use comma-separated values
# Server
# PORT (int) - HTTP server port
# Default: 3000
#PORT=3000
# Database (REQUIRED)
# DATABASE_URL (string) - MongoDB connection string
# Example (Docker):
#DATABASE_URL=mongodb://attack-workbench-database/attack-workspace
# Example (local):
#DATABASE_URL=mongodb://localhost:27017/attack-workspace
DATABASE_URL=
# CORS_ALLOWED_ORIGINS (domains) - Allowed origins for REST API
# Accepts:
# * : allow any origin
# disable : disable CORS
# Comma-separated list of origins (http/https), e.g.:
# http://localhost:3000,https://example.com,https://sub.domain.org:8443
# Supports localhost, private IPv4 (10.x, 172.16-31.x, 192.168.x), and FQDNs.
# Default: *
#CORS_ALLOWED_ORIGINS=*
# Application
# NODE_ENV (string) - Environment name
# Options: development, production, test
# Default: development
#NODE_ENV=development
# WB_REST_DATABASE_MIGRATION_ENABLE (bool) - Auto-run DB migrations on startup
# Default: true
#WB_REST_DATABASE_MIGRATION_ENABLE=true
# Logging
# LOG_LEVEL (string) - Console log level
# Options: error, warn, http, info, verbose, debug
# Default: info
#LOG_LEVEL=info
# Workbench Collection Indexes
# DEFAULT_INTERVAL (int, seconds) - Default polling interval for new indexes
# Note: does not affect existing indexes
# Default: 300
#DEFAULT_INTERVAL=300
# Configuration Files
# JSON_CONFIG_PATH (string) - Path to a JSON file with additional configuration.
# Use this to provide arrays for service accounts and OIDC clients
# Default: empty (disabled)
#JSON_CONFIG_PATH=
# ALLOWED_VALUES_PATH (string) - Path to allowed values configuration file
# Default: ./app/config/allowed-values.json
#ALLOWED_VALUES_PATH=./app/config/allowed-values.json
# WB_REST_STATIC_MARKING_DEFS_PATH (string) - Directory of static marking definition JSON files
# Default: ./app/lib/default-static-marking-definitions/
#WB_REST_STATIC_MARKING_DEFS_PATH=./app/lib/default-static-marking-definitions/
# Scheduler
# ENABLE_SCHEDULER (bool) - Enable background scheduler
# Default: true
#ENABLE_SCHEDULER=true
# CHECK_WORKBENCH_INTERVAL (int, seconds) - Scheduler start interval
# Default: 10
#CHECK_WORKBENCH_INTERVAL=10
# Validation
# VALIDATE_WITH_ADM_SCHEMAS (bool) - Validate POST/PUT bodies against the ATT&CK Data Model
# When true, requests that fail ADM validation are rejected before persistence.
# Default: false
#VALIDATE_WITH_ADM_SCHEMAS=false
# VALIDATE_OBJECTS_CRON (string) - Cron pattern for the scheduled re-validation task
# Re-validates every SDO/SRO against the current ADM and refreshes workspace.validation.
# Standard 5-field cron syntax (minute hour day-of-month month day-of-week).
# Skipped entirely when ENABLE_SCHEDULER=false.
# Default: 0 3 * * * (daily at 3:00 AM)
#VALIDATE_OBJECTS_CRON=0 3 * * *
# ADM_LOG_LEVEL (enum) - Verbosity of the @mitre-attack/attack-data-model library's logger
# Read by the ADM library directly; independent of LOG_LEVEL and not configurable via JSON.
# Options: debug, info, warn, error, silent (inclusive — info enables info+warn+error)
# Set to error or silent to suppress per-relationship deprecation warnings during scheduler runs.
# Default: warn
#ADM_LOG_LEVEL=warn
# Session
# SESSION_SECRET (string) - Secret to sign session cookies.
# Default: securely generated at startup (changes on restart; not recommended for production).
# Generate with: node -e "console.log(require('crypto').randomBytes(48).toString('base64'))"
#SESSION_SECRET=
# MONGOSTORE_CRYPTO_SECRET (string) - Secret to encrypt session data in MongoDB.
# Default: securely generated at startup (changes on restart; not recommended for production).
# Generate with: node -e "console.log(require('crypto').randomBytes(48).toString('base64'))"
#MONGOSTORE_CRYPTO_SECRET=
# User Authentication
# AUTHN_MECHANISM (enum) - User login mechanism
# Options: anonymous, oidc
# Default: anonymous
#AUTHN_MECHANISM=anonymous
# OIDC settings (required if AUTHN_MECHANISM=oidc)
# AUTHN_OIDC_ISSUER_URL (string) - OIDC issuer URL (e.g., https://idp.example.com)
# Default: empty
#AUTHN_OIDC_ISSUER_URL=
# AUTHN_OIDC_CLIENT_ID (string) - OIDC client ID
# Default: empty
#AUTHN_OIDC_CLIENT_ID=
# AUTHN_OIDC_CLIENT_SECRET (string) - OIDC client secret
# Default: empty
#AUTHN_OIDC_CLIENT_SECRET=
# AUTHN_OIDC_REDIRECT_ORIGIN (string) - Origin used to build redirect URI
# Example: http://localhost:3000 -> http://localhost:3000/authn/oidc/callback
# Default: http://localhost:3000
#AUTHN_OIDC_REDIRECT_ORIGIN=http://localhost:3000
# Service Authentication
# OIDC Client Credentials (service-to-service)
# SERVICE_ACCOUNT_OIDC_ENABLE (bool) - Enable client credentials flow
# Default: false
#SERVICE_ACCOUNT_OIDC_ENABLE=false
# JWKS_URI (string) - JWKS endpoint for IdP public keys (required if enabled)
# Default: empty
#JWKS_URI=
# Challenge API Key (token exchange)
# WB_REST_SERVICE_ACCOUNT_CHALLENGE_APIKEY_ENABLE (bool) - Enable challenge flow
# Default: false
#WB_REST_SERVICE_ACCOUNT_CHALLENGE_APIKEY_ENABLE=false
# WB_REST_TOKEN_SIGNING_SECRET (string) - Token signing secret
# Default: securely generated at startup (changes on restart; set for production)
#WB_REST_TOKEN_SIGNING_SECRET=
# WB_REST_TOKEN_TIMEOUT (int, seconds) - Access token lifetime
# Default: 300
#WB_REST_TOKEN_TIMEOUT=300
# Basic API Key (no challenge)
# WB_REST_SERVICE_ACCOUNT_BASIC_APIKEY_ENABLE (bool) - Enable basic apikey auth
# Default: false
#WB_REST_SERVICE_ACCOUNT_BASIC_APIKEY_ENABLE=false
# TLS/Certificates
# NODE_EXTRA_CA_CERTS (string) - Path to additional CA certs in PEM format
# Useful when MongoDB or IdP uses a private CA
# Default: empty
#NODE_EXTRA_CA_CERTS=