-
Notifications
You must be signed in to change notification settings - Fork 145
Expand file tree
/
Copy path.env.example
More file actions
119 lines (103 loc) · 4.37 KB
/
Copy path.env.example
File metadata and controls
119 lines (103 loc) · 4.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# [OPS] Required Environment Variables
DB_URL=postgresql://username:password@localhost:5432/stellarflow
STELLAR_KEY=your_stellar_key_here
# Signer Configuration (Issue #223)
# Valid backends: "kms" (production), "local" (dev/test)
SIGNER_BACKEND=local
# Required for backend=local
STELLAR_SECRET=your_stellar_secret_here
# Required for backend=kms
AWS_KMS_KEY_ID=arn:aws:kms:us-east-1:123456789012:key/uuid
AWS_REGION=us-east-1
# Public key must be stored locally when using KMS (cannot be derived from HSM without a round-trip)
STELLAR_PUBLIC_KEY=GB...
# Server Configuration
PORT=3000
API_KEY=the_secret_api_key_here
REDIS_URL=redis://localhost:6379
# Prometheus metrics endpoint — must be set or /metrics returns 403
METRICS_SECRET=change-me-to-a-long-random-string
# Regional failover configuration
PRIMARY_CLUSTER_HEALTH_URL=https://lagos-backend.example.com
SECONDARY_CLUSTER_HEALTH_URL=https://frankfurt-backend.example.com
REGIONAL_HEARTBEAT_PATH=/health
REGIONAL_HEARTBEAT_INTERVAL_MS=30000
REGIONAL_HEARTBEAT_TIMEOUT_MS=5000
FAILOVER_THRESHOLD=3
# API Keys (optional - some rate sources may require)
OPENEXCHANGE_RATES_API_KEY=your_api_key_here
# VTpass (optional — enables NGN/XLM via local VTpass variation pricing)
# See: https://www.vtpass.com/documentation/variation-codes/
# Set VTPASS_NGN_SERVICE_ID + VTPASS_NGN_VARIATION_CODE to a variation whose
# variation_amount (or variation_rate) represents NGN charged per 1 USD of value.
VTPASS_API_BASE_URL=https://vtpass.com/api
VTPASS_API_KEY=
VTPASS_PUBLIC_KEY=
VTPASS_NGN_SERVICE_ID=
VTPASS_NGN_VARIATION_CODE=
# API Provider Secret Rotation (optional)
# Endpoint should return secrets in one of these shapes:
# - { "secrets": { "VTPASS_API_KEY": "..." } } (e.g. Doppler)
# - { "data": { "data": { "VTPASS_API_KEY": "..." } } } (e.g. Vault KV v2)
API_PROVIDER_SECRET_MANAGER_URL=
API_PROVIDER_SECRET_MANAGER_TOKEN=
# Comma-separated keys to rotate (defaults include Binance + VTpass keys)
API_PROVIDER_SECRET_KEYS=BINANCE_API_KEY,BINANCE_SECRET_KEY,VTPASS_API_KEY,VTPASS_PUBLIC_KEY
# Dashboard URL (CORS allowlist)
DASHBOARD_URL=http://localhost:3000
# Stellar Configuration (for future integration)
SOROBAN_ADMIN_SECRET=your_admin_secret_here
STELLAR_SECRET=your_stellar_secret_here
STELLAR_NETWORK=TESTNET
# Soroban Contract Configuration
# Target smart contract ID for state sanity checks on startup
CONTRACT_ID=your_contract_id_here
# Gas Account Monitoring
# Preferred: set public key directly, or set GAS_ACCOUNT_SECRET/STELLAR_SECRET to derive it
GAS_ACCOUNT_PUBLIC_KEY=
GAS_ACCOUNT_SECRET=
# Alert threshold in XLM
GAS_ALERT_THRESHOLD_XLM=10
# Database Configuration (for future integration)
DATABASE_URL=postgresql://username:password@localhost:5432/stellarflow?sslmode=require
# Rate Limiting
ADMIN_IP=127.0.0.1
ADMIN_API_KEY=
# Set to "true" if the app is behind a reverse proxy (nginx, AWS ALB, etc.)
# so X-Forwarded-For is trusted for real client IP resolution
TRUST_PROXY=false
# Relayer Signature Verification (Issue #225)
# Set to "true" to enforce Ed25519 X-Stellar-Signature header on all relayer requests
# When "false" (default), violations are logged but requests are allowed through
RELAYER_SIGNATURE_REQUIRED=false
# Webhook Error Reporting
# Discord webhook URL for critical alerts (primary)
DISCORD_WEBHOOK_URL=https://discord.com/api/webhooks/...
# Slack webhook URL for critical alerts (fallback)
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/...
# Rate limit for webhook alerts (minutes)
WEBHOOK_RATE_LIMIT_MINUTES=5
# Tracing Configuration
# Enable/disable distributed tracing
TRACING_ENABLED=false
# Service name for trace identification
TRACING_SERVICE_NAME=stellarflow-backend
# Enable console exporter for development
TRACING_CONSOLE_EXPORTER=true
# Jaeger collector endpoint
TRACING_JAEGER_ENDPOINT=http://localhost:14268/api/traces
# Honeycomb configuration
TRACING_HONEYCOMB_ENDPOINT=https://api.honeycomb.io/v1/events
TRACING_HONEYCOMB_API_KEY=your_honeycomb_api_key_here
TRACING_HONEYCOMB_DATASET=stellarflow
# Export interval in milliseconds
TRACING_EXPORT_INTERVAL_MS=5000
# Sampling rate (0.0-1.0)
TRACING_SAMPLING_RATE=1.0
# User Access Logging (Issue #227 - SOC2 Compliance)
# JWT secret for dashboard authentication (min 32 chars)
JWT_SECRET=change-this-to-a-secure-random-string-min-32-chars
# JWT expiry time in hours
JWT_EXPIRY_HOURS=24
# Session secret for session management
SESSION_SECRET=change-this-to-a-secure-random-string-min-32