-
-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy path.secrets.production.example
86 lines (76 loc) · 3.54 KB
/
.secrets.production.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# Make a local copy `.secrets.production.example` as `.secrets.production` in your project root
# This will have environment variables for production environment
# Optionally use `.secrets.production.local` to override environment variables in `.secrets.production` (like API keys)
###########################################################################
# Infra Properties
###########################################################################
## HASURA
# Password Gen Tool:
# On UNIX systems you can use `openssl rand -hex 32` or
# https://generate-secret.vercel.app/64 to generate a secret.
HASURA_GRAPHQL_ADMIN_SECRET = 'FIXME'
HASURA_GRAPHQL_JWT_SECRET = 'FIXME'
NHOST_WEBHOOK_SECRET = 'FIXME'
GRAFANA_ADMIN_PASSWORD = 'FIXME'
## AUTH PROVIDERS (optional)
AUTH_PROVIDER_AZUREAD_CLIENT_ID = 'FIXME'
AUTH_PROVIDER_AZUREAD_CLIENT_SECRET = 'FIXME'
AUTH_PROVIDER_AZUREAD_TENANT = 'FIXME'
AUTH_PROVIDER_GOOGLE_CLIENT_ID = 'FIXME'
AUTH_PROVIDER_GOOGLE_CLIENT_SECRET = 'FIXME'
# for spectacular-console.vercel.app
AUTH_PROVIDER_GITHUB_CLIENT_ID = 'FIXME'
AUTH_PROVIDER_GITHUB_CLIENT_SECRET = 'FIXME'
# CLOUDFLARE TURNSTILE
## https://developers.cloudflare.com/turnstile/troubleshooting/testing/
CLOUDFLARE_TURNSTILE_SECRET_KEY = 'FIXME'
CLOUDFLARE_TURNSTILE_SECRET_KEY_ALWAYS_PASSES = '1x0000000000000000000000000000000AA'
CLOUDFLARE_TURNSTILE_SECRET_KEY_ALWAYS_FAILS = '2x0000000000000000000000000000000AA'
## SMTP
AUTH_SMTP_AUTH_METHOD = 'PLAIN'
AUTH_SMTP_HOST = 'smtp.gmail.com'
AUTH_SMTP_PORT = '587'
AUTH_SMTP_USER = 'FIXME@example.com'
AUTH_SMTP_PASS = 'FIXME'
AUTH_SMTP_SECURE = 'false'
AUTH_SMTP_SENDER = 'hasura-auth@example.com'
## STORAGE
S3_ACCESS_KEY = 'FIXME'
S3_SECRET_KEY = 'FIXME'
S3_BUCKET = 'FIXME'
S3_ENDPOINT = 'https://storage.googleapis.com'
S3_REGION = 'us-west1'
S3_ROOT_FOLDER = ''
## AI
OPENAI_ORG_ID = 'FIXME'
OPENAI_PROJECT_ID = 'FIXME'
OPENAI_API_KEY = 'FIXME'
GRAPHITE_WEBHOOK_SECRET = 'FIXME'
## GHCR Container Registry
# For `nhost run` to pull private GHCR docker images to run in nhost cloud:
# set correct `GITHUB_USER` and `GHCR_READ_PAT_TOKEN` below
# use `echo -n "$GITHUB_USER:$GHCR_READ_PAT_TOKEN" | base64` command to generate `auth` value.
CONTAINER_REGISTRY_CREDENTIALS = '{"https://ghcr.io":{"username":"GITHUB_USER","password":"GHCR_READ_PAT_TOKEN","auth":"FIXME"}'
# For k8:
# kubectl create secret docker-registry ghcr-login-secret \
# --docker-server=https://ghcr.io \
# --docker-username=$GITHUB_USER \
# --docker-password=$GHCR_READ_PAT_TOKEN \
# -n my-runner-namespace --dry-run=client --output=yaml
# # OR from your local docker config.json file
# kubectl create secret generic regcred \
# --from-file=.dockerconfigjson=/Users/<username>/.docker/config.json \
# --type=kubernetes.io/dockerconfigjson --dry-run=client --output=yaml
###########################################################################
# Application Properties (Console)
###########################################################################
# RATE_LIMIT_SECRET: On UNIX systems you can use `openssl rand -hex 32` or
# https://generate-secret.vercel.app/32 to generate a secret.
# or copy (openssl rand -hex 32) output here
RATE_LIMIT_SECRET = '4a0e6459997e13e8dc7ec082d6c4b6afa374dd6c084002a3e279cfaca3f8f766'
## FEATURE FLAGS
# you could generate new secret with: `node -e "console.log(crypto.randomBytes(32).toString('base64url'))"`
FLAGS_SECRET = 'tDFgt3DY6huYq9nlJ3ZjKJXk6THYS0JocmDcsTD50bA'
###########################################################################
# Application Properties (Dashboard)
###########################################################################