-
Notifications
You must be signed in to change notification settings - Fork 164
/
.env.example
118 lines (98 loc) · 4.01 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# Jackson settings
# Change this to your deployment public URL
EXTERNAL_URL=http://localhost:5225
SAML_AUDIENCE=https://saml.boxyhq.com
JACKSON_API_KEYS="secret"
ADMIN_PORTAL_SSO_TENANT="_jackson_boxyhq"
ADMIN_PORTAL_SSO_PRODUCT="_jackson_admin_portal"
IDP_ENABLED=
PRE_LOADED_CONNECTION=
CLIENT_SECRET_VERIFIER=
# Database settings
DB_ENGINE=sql
DB_URL=postgres://postgres:postgres@localhost:5432/postgres
DB_TYPE=postgres
DB_TTL=300
DB_CLEANUP_LIMIT=1000
DB_PAGE_LIMIT=50
# You can use openssl to generate a random 32 bytes key: openssl rand -base64 32
DB_ENCRYPTION_KEY=
# Uncomment below if you wish to run DB migrations manually.
#DB_MANUAL_MIGRATION=true
# Admin Portal settings
# SMTP details for Magic Links
SMTP_HOST=
SMTP_PORT=
SMTP_USER=
SMTP_PASSWORD=
SMTP_FROM=
# Access Control for Magic Links. Set this to a comma separated string of email addresses
# or glob patterns like: `[email protected],*@marvel.com`.
# Access will be denied to email addresses which don't match. If you don't specify any value access is denied to all.
NEXTAUTH_ACL=
# Change this to your deployment public URL (https://next-auth.js.org/configuration/options#nextauth_url)
NEXTAUTH_URL=http://localhost:5225
# Change this to a real secret when deploying to production
# You can use openssl to generate a secret key: openssl rand -base64 32
NEXTAUTH_SECRET=secret
# Admin credentials (In the format email:password. Comma separated values if you want multiple logins). Alternative to Magic Links.
NEXTAUTH_ADMIN_CREDENTIALS=
# Admin Portal for Retraced (Audit Logs)
RETRACED_HOST_URL=
RETRACED_EXTERNAL_URL=
RETRACED_ADMIN_ROOT_TOKEN=
# Admin Portal for Terminus (Privacy Vault)
TERMINUS_PROXY_HOST_URL=
TERMINUS_ADMIN_ROOT_TOKEN=
# Set this env to enable vault audit logs in the sidebar
TERMINUS_RETRACED_PROJECT_ID=
# OpenTelemetry
OTEL_EXPORTER_OTLP_METRICS_ENDPOINT=
OTEL_EXPORTER_OTLP_METRICS_HEADERS=
# If you want to use grpc
# OTEL_EXPORTER_OTLP_METRICS_PROTOCOL=grpc
# If you have any issues with using the otel exporter and want to enable debug logs
# OTEL_EXPORTER_DEBUG=true
# JWS Algorithm to be used for signing e.g., RS256
# https://github.com/panva/jose/issues/114#digital-signatures
OPENID_JWS_ALG=
# JWT signing keys
# Generate keys: https://www.scottbrady91.com/openssl/creating-rsa-keys-using-openssl,
# Load into env: https://developer.vonage.com/blog/20/07/29/using-private-keys-in-environment-variables
# openssl genrsa -out private-key.pem 3072
# convert to pkcs8 format: openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private-key.pem -out private_key.pem
# cat private_key.pem | base64
OPENID_RSA_PRIVATE_KEY=
# openssl rsa -in private_key.pem -pubout -out public_key.pem
# cat public_key.pem | base64
OPENID_RSA_PUBLIC_KEY=
# You can use `openssl req -x509 -newkey rsa:2048 -keyout key.pem -out public.crt -sha256 -days 365000 -nodes` to generate one
# Base64 encoded value of public key `cat public.crt | base64`
PUBLIC_KEY=
# Base64 encoded value of private key `cat key.pem | base64`
PRIVATE_KEY=
# To enable enterprise-only features, fill your license key in here.
BOXYHQ_LICENSE_KEY=
# To turn off our anonymous analytics uncomment the line below
#BOXYHQ_NO_ANALYTICS=1
# Set Webhook URL and secret to enable webhook notifications
WEBHOOK_URL=
WEBHOOK_SECRET=
# Directory sync webhook event batch size (Eg: 50)
DSYNC_WEBHOOK_BATCH_SIZE=
DSYNC_WEBHOOK_BATCH_CRON_INTERVAL=
# Google workspace directory sync
DSYNC_GOOGLE_CLIENT_ID=
DSYNC_GOOGLE_CLIENT_SECRET=
DSYNC_GOOGLE_CRON_INTERVAL=
# Only applicable for BoxyHQ SaaS deployments
BOXYHQ_HOSTED=0
# Setup link expiry in days
SETUP_LINK_EXPIRY_DAYS=3
# Ory integration. You need BOXYHQ_LICENSE_KEY to be set to use this.
ENTERPRISE_ORY_SDK_TOKEN=
ENTERPRISE_ORY_PROJECT_ID=
# Uncomment below if you wish to opt-out of sending `profile` scope in OIDC Provider Authorization Request
#OPENID_REQUEST_PROFILE_SCOPE=false
# Uncomment below if you wish to forward the OpenID params (https://openid.net/specs/openid-connect-core-1_0-errata2.html#AuthRequest) to the OpenID IdP
#OPENID_REQUEST_FORWARD_PARAMS=true