For local development, you need a .env file with the required configuration. You have two options:
-
Use Development Values
- Copy
.env.exampleto.env - Fill in the values for local development
cp .env.example .env
- Copy
-
Use Production Values
- Install Azure CLI: https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
- Log in to Azure:
az login
- Set your KeyVault name:
export AZURE_KEYVAULT_NAME=your-keyvault-name- Run the fetch script:
./scripts/fetch-secrets.sh
This will create a
.envfile with all secrets from Azure KeyVault.
In production, secrets are managed through:
- Azure KeyVault for secure storage
- Kubernetes External Secrets Operator for synchronization
- Kubernetes Secrets for application access
The configuration is split into:
infrastructure/keyvault/secrets.yaml: Defines all secrets in Azure KeyVaultinfrastructure/k8s/base/secrets.yaml: Configures K8s secret management
-
Database Credentials
- POSTGRES_HOST
- POSTGRES_DB
- POSTGRES_USER
- POSTGRES_PASSWORD
-
Auth0 Configuration
- AUTH0_CLIENT_ID
- AUTH0_CLIENT_SECRET
- AUTH0_MANAGEMENT_CLIENT_ID
- AUTH0_MANAGEMENT_CLIENT_SECRET
- AUTH0_ADMIN_ROLE_ID
- AUTH0_MEMBER_ROLE_ID
- DEFAULT_CONNECTION_ID
- SESSION_ENCRYPTION_SECRET
-
Application Configuration
- APP_BASE_URL
- NEXT_PUBLIC_AUTH0_DOMAIN
- NEXT_PUBLIC_CUSTOM_CLAIMS_NAMESPACE
- Never commit
.envfiles to version control - Use
fetch-secrets.shonly on secure development machines - Rotate secrets regularly through Azure KeyVault
- Keep development and production configurations separate