veza/veza-backend-api/.env.template

# =============================================================================
# VEZA BACKEND API - ENVIRONMENT TEMPLATE
# =============================================================================
# This is a template file. Copy to .env and fill in actual values.
# DO NOT commit .env with real secrets to Git!
# =============================================================================

# --- ENVIRONMENT ---
# Options: development, staging, production
APP_ENV=development
APP_PORT=8080
LOG_LEVEL=info

# --- DATABASE (REQUIRED) ---
# PostgreSQL connection string
# Format: postgres://user:password@host:port/database?sslmode=disable
DATABASE_URL=postgres://veza:password@localhost:5432/veza?sslmode=disable
DATABASE_MAX_OPEN_CONNS=25
DATABASE_MAX_IDLE_CONNS=5
DATABASE_CONN_MAX_LIFETIME=5m

# --- JWT & AUTHENTICATION (REQUIRED) ---
# CRITICAL: Must be at least 32 characters in production
# Generate with: openssl rand -base64 32
JWT_SECRET=dev-secret-key-minimum-32-characters-long-for-testing-only
JWT_ISSUER=veza-api
JWT_AUDIENCE=veza-app
JWT_ACCESS_TOKEN_DURATION=15m
JWT_REFRESH_TOKEN_DURATION=30d

# --- COOKIES ---
# Set to true in production for HTTPS-only cookies
COOKIE_SECURE=false
COOKIE_SAME_SITE=lax
COOKIE_DOMAIN=

# --- CORS (REQUIRED) ---
# Comma-separated list of allowed origins
# Development: http://localhost:5173,http://localhost:3000
# Production: https://app.veza.com,https://www.veza.com
CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000

# --- REDIS (REQUIRED for CSRF, rate limiting, cache) ---
# Redis connection URL
# Format: redis://[:password@]host:port[/database]
REDIS_URL=redis://localhost:6379
REDIS_ADDR=localhost:6379
REDIS_PASSWORD=
REDIS_DB=0

# --- RABBITMQ (OPTIONAL) ---
# Enable message queue for async events
RABBITMQ_ENABLE=false
RABBITMQ_URL=amqp://guest:guest@localhost:5672/

# --- SENTRY (OPTIONAL - Recommended for production) ---
# Error tracking and monitoring
SENTRY_DSN=
SENTRY_ENVIRONMENT=development
SENTRY_SAMPLE_RATE_ERRORS=1.0
SENTRY_SAMPLE_RATE_TRANSACTIONS=0.1

# --- RATE LIMITING ---
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REQUESTS_PER_SECOND=100

# --- FILE UPLOADS ---
UPLOAD_DIR=./uploads
ENABLE_CLAMAV=false
CLAMAV_REQUIRED=false

# --- EXTERNAL SERVICES (OPTIONAL) ---
STREAM_SERVER_URL=http://localhost:8082
CHAT_SERVER_URL=http://localhost:8081

# --- EMAIL (OPTIONAL) ---
# Required if email verification / password reset enabled
SMTP_HOST=
SMTP_PORT=587
SMTP_USERNAME=
SMTP_PASSWORD=
SMTP_FROM=noreply@veza.com

# --- MONITORING (OPTIONAL) ---
PROMETHEUS_URL=

# =============================================================================
# VALIDATION RULES
# =============================================================================
#
# REQUIRED (app will not start without these):
# - DATABASE_URL
# - JWT_SECRET (min 32 chars)
# - REDIS_URL or REDIS_ADDR
# - CORS_ALLOWED_ORIGINS (can be empty for strict mode)
#
# RECOMMENDED for production:
# - SENTRY_DSN
# - COOKIE_SECURE=true
# - COOKIE_SAME_SITE=strict
#
# OPTIONAL:
# - RABBITMQ_* (if async events not used)
# - SMTP_* (if email not used)
# - CLAMAV_* (if file scanning not used)
#
# =============================================================================
config(template): add comprehensive .env.template Created centralized environment template with all configuration variables documented and categorized. Categories: - REQUIRED: DATABASE_URL, JWT_SECRET (min 32 chars), REDIS - RECOMMENDED: SENTRY_DSN, COOKIE_SECURE, CORS_ALLOWED_ORIGINS - OPTIONAL: RABBITMQ, SMTP, CLAMAV, S3 Features: - Clear documentation for each variable - Default values specified - Validation rules documented - Environment-specific guidance (dev vs prod) - Security notes for sensitive values Impact: Single source of truth for configuration, reduces config drift. Fixes: P3.4 (part 1) from audit AUDIT_TEMP_29_01_2026.md 2026-01-29 22:32:18 +00:00			`# =============================================================================`
			`# VEZA BACKEND API - ENVIRONMENT TEMPLATE`
			`# =============================================================================`
			`# This is a template file. Copy to .env and fill in actual values.`
			`# DO NOT commit .env with real secrets to Git!`
			`# =============================================================================`

			`# --- ENVIRONMENT ---`
			`# Options: development, staging, production`
			`APP_ENV=development`
			`APP_PORT=8080`
			`LOG_LEVEL=info`

			`# --- DATABASE (REQUIRED) ---`
			`# PostgreSQL connection string`
			`# Format: postgres://user:password@host:port/database?sslmode=disable`
			`DATABASE_URL=postgres://veza:password@localhost:5432/veza?sslmode=disable`
			`DATABASE_MAX_OPEN_CONNS=25`
			`DATABASE_MAX_IDLE_CONNS=5`
			`DATABASE_CONN_MAX_LIFETIME=5m`

			`# --- JWT & AUTHENTICATION (REQUIRED) ---`
			`# CRITICAL: Must be at least 32 characters in production`
			`# Generate with: openssl rand -base64 32`
			`JWT_SECRET=dev-secret-key-minimum-32-characters-long-for-testing-only`
			`JWT_ISSUER=veza-api`
			`JWT_AUDIENCE=veza-app`
			`JWT_ACCESS_TOKEN_DURATION=15m`
			`JWT_REFRESH_TOKEN_DURATION=30d`

			`# --- COOKIES ---`
			`# Set to true in production for HTTPS-only cookies`
			`COOKIE_SECURE=false`
			`COOKIE_SAME_SITE=lax`
			`COOKIE_DOMAIN=`

			`# --- CORS (REQUIRED) ---`
			`# Comma-separated list of allowed origins`
			`# Development: http://localhost:5173,http://localhost:3000`
			`# Production: https://app.veza.com,https://www.veza.com`
			`CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000`

			`# --- REDIS (REQUIRED for CSRF, rate limiting, cache) ---`
			`# Redis connection URL`
			`# Format: redis://[:password@]host:port[/database]`
			`REDIS_URL=redis://localhost:6379`
			`REDIS_ADDR=localhost:6379`
			`REDIS_PASSWORD=`
			`REDIS_DB=0`

			`# --- RABBITMQ (OPTIONAL) ---`
			`# Enable message queue for async events`
			`RABBITMQ_ENABLE=false`
			`RABBITMQ_URL=amqp://guest:guest@localhost:5672/`

			`# --- SENTRY (OPTIONAL - Recommended for production) ---`
			`# Error tracking and monitoring`
			`SENTRY_DSN=`
			`SENTRY_ENVIRONMENT=development`
			`SENTRY_SAMPLE_RATE_ERRORS=1.0`
			`SENTRY_SAMPLE_RATE_TRANSACTIONS=0.1`

			`# --- RATE LIMITING ---`
			`RATE_LIMIT_ENABLED=true`
			`RATE_LIMIT_REQUESTS_PER_SECOND=100`

			`# --- FILE UPLOADS ---`
			`UPLOAD_DIR=./uploads`
			`ENABLE_CLAMAV=false`
			`CLAMAV_REQUIRED=false`

			`# --- EXTERNAL SERVICES (OPTIONAL) ---`
			`STREAM_SERVER_URL=http://localhost:8082`
			`CHAT_SERVER_URL=http://localhost:8081`

			`# --- EMAIL (OPTIONAL) ---`
			`# Required if email verification / password reset enabled`
			`SMTP_HOST=`
			`SMTP_PORT=587`
			`SMTP_USERNAME=`
			`SMTP_PASSWORD=`
			`SMTP_FROM=noreply@veza.com`

			`# --- MONITORING (OPTIONAL) ---`
			`PROMETHEUS_URL=`

			`# =============================================================================`
			`# VALIDATION RULES`
			`# =============================================================================`
			`#`
			`# REQUIRED (app will not start without these):`
			`# - DATABASE_URL`
			`# - JWT_SECRET (min 32 chars)`
			`# - REDIS_URL or REDIS_ADDR`
			`# - CORS_ALLOWED_ORIGINS (can be empty for strict mode)`
			`#`
			`# RECOMMENDED for production:`
			`# - SENTRY_DSN`
			`# - COOKIE_SECURE=true`
			`# - COOKIE_SAME_SITE=strict`
			`#`
			`# OPTIONAL:`
			`# - RABBITMQ_* (if async events not used)`
			`# - SMTP_* (if email not used)`
			`# - CLAMAV_* (if file scanning not used)`
			`#`
			`# =============================================================================`