-
-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path.env.example
More file actions
117 lines (106 loc) · 4.17 KB
/
.env.example
File metadata and controls
117 lines (106 loc) · 4.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
# ============================================
# Tracer v0.1 - Configuration Template
# Copy to .env and customize: cp .env.example .env
#
# ⚠️ WARNING: This file contains DEVELOPMENT defaults.
# DO NOT use these values in production without modification.
# See comments for production-safe configuration.
# ============================================
# ----------------
# Application
# ----------------
VERSION=v0.1.0
SERVER_PORT=8080
SERVER_ADDRESS=:${SERVER_PORT}
# Authentication
# ⚠️ SECURITY WARNING - PRODUCTION SECRETS MANAGEMENT:
# DO NOT use plain text secrets in production environments.
# Use an external secrets manager instead:
# - HashiCorp Vault: https://www.vaultproject.io/
# - AWS Secrets Manager: https://aws.amazon.com/secrets-manager/
# - Azure Key Vault: https://azure.microsoft.com/en-us/services/key-vault/
# - Kubernetes External Secrets Operator: https://external-secrets.io/
#
# API_KEY: The API key for authenticating requests (min 32 characters in production)
# API_KEY_ENABLED: Set to true to enforce API key authentication
API_KEY=dev_api_key_32chars_change_in_prod
API_KEY_ENABLED=false
API_KEY_ENABLED_ONLY_VALIDATION=false
# CORS (Cross-Origin Resource Sharing)
# CORS_ALLOWED_ORIGINS: Comma-separated list of allowed origins
# - Production: "https://app.example.com,https://admin.example.com"
# - Development: "*" (allows all origins - use only for local dev)
# - Empty/unset: restrictive (no cross-origin requests allowed)
#
# DEVELOPMENT: Uncomment the line below for local testing
# CORS_ALLOWED_ORIGINS=*
# PRODUCTION: Specify exact origins (default is restrictive)
CORS_ALLOWED_ORIGINS=
# POSTGRES
# ⚠️ DB_PASSWORD: Use external secrets manager in production (see Authentication section above)
#
# DEVELOPMENT: Use values below for local Docker setup
# PRODUCTION: Use secrets manager, enable SSL (DB_SSL_MODE=require or verify-full)
DB_HOST=tracer-postgres
DB_USER=tracer
DB_PASSWORD=tracer
DB_NAME=tracer
DB_PORT=5432
DB_SSL_MODE=disable
MIGRATIONS_PATH=./migrations
# ----------------
# Swagger Documentation
# ----------------
SWAGGER_TITLE='Tracer API'
SWAGGER_DESCRIPTION='Real-time transaction validation and fraud prevention API'
SWAGGER_VERSION=${VERSION}
SWAGGER_HOST=${SERVER_ADDRESS}
SWAGGER_BASE_PATH=/
SWAGGER_SCHEMES=http
SWAGGER_LEFT_DELIMITER={{
SWAGGER_RIGHT_DELIMITER=}}
# ----------------
# Logging
# ----------------
LOG_LEVEL=debug
# ----------------
# CEL Expression Engine
# ----------------
# CEL_COST_LIMIT: Maximum cost for CEL expression evaluation (default: 10000)
# Higher values allow more complex expressions but may impact performance
CEL_COST_LIMIT=10000
# ----------------
# OpenTelemetry (Observability)
# ----------------
OTEL_RESOURCE_SERVICE_NAME=tracer
OTEL_LIBRARY_NAME=github.com/LerianStudio/tracer
OTEL_RESOURCE_SERVICE_VERSION=${VERSION}
OTEL_EXPORTER_OTLP_ENDPOINT_PORT=4317
OTEL_EXPORTER_OTLP_ENDPOINT=tracer-jaeger:${OTEL_EXPORTER_OTLP_ENDPOINT_PORT}
ENABLE_TELEMETRY=true
# ----------------
# Usage Cleanup Worker
# ----------------
# Background worker that periodically cleans up expired usage counters
# CLEANUP_WORKER_ENABLED: Enable/disable the background cleanup worker (default: false)
# CLEANUP_INTERVAL_HOURS: How often cleanup runs in hours (default: 24)
# CLEANUP_RETENTION_DAYS: How long to keep counters in days (default: 90)
CLEANUP_WORKER_ENABLED=false
CLEANUP_INTERVAL_HOURS=24
CLEANUP_RETENTION_DAYS=90
# ----------------
# Plugin Authentication
# ----------------
# PLUGIN_AUTH_ADDRESS: URL of the authentication service for plugins
# PLUGIN_AUTH_ENABLED: Set to true to enable plugin authentication (default: false)
PLUGIN_AUTH_ADDRESS=http://localhost:4000
PLUGIN_AUTH_ENABLED=false
# Rule Sync Worker
# ----------------
# Background worker that polls for rule changes and updates the in-memory cache
# RULE_SYNC_POLL_INTERVAL_SECONDS: How often to poll for changes in seconds (default: 10)
# RULE_SYNC_STALENESS_THRESHOLD_SECONDS: Cache staleness threshold for health checks in seconds (default: 50)
# RULE_SYNC_OVERLAP_BUFFER_SECONDS: Overlap buffer for delta queries in seconds (default: 2)
RULE_SYNC_POLL_INTERVAL_SECONDS=10
RULE_SYNC_STALENESS_THRESHOLD_SECONDS=50
RULE_SYNC_OVERLAP_BUFFER_SECONDS=2