-
Notifications
You must be signed in to change notification settings - Fork 183
/
Copy path.env.example
121 lines (108 loc) · 4.59 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# --- Shared env vars ---
LOG_LEVEL=INFO
COMPOSE_PROJECT_NAME=tracecat
# --- Shared URL env vars ---
PUBLIC_APP_URL=http://localhost
PUBLIC_API_URL=${PUBLIC_APP_URL}/api
SAML_SP_ACS_URL=${PUBLIC_API_URL}/auth/saml/acs
INTERNAL_API_URL=http://api:8000
INTERNAL_EXECUTOR_URL=http://executor:8000
# -- Caddy env vars ---
BASE_DOMAIN=:80
# Note: replace with your server's IP address
ADDRESS=0.0.0.0
# --- App and DB env vars ---
# One of `development`, `staging`, or `production`
TRACECAT__APP_ENV=development
# Used to encrypt/decrypt sensitive keys in the database
# Can be generated using `python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"`
TRACECAT__DB_ENCRYPTION_KEY=your-tracecat-db-fernet-key
# Used to authenticate with Tracecat services
# Can be generated using `openssl rand -hex 32`
TRACECAT__SERVICE_KEY=your-tracecat-service-key
# Used to generate private webhook URLs
# Can be generated using `openssl rand -hex 32`
TRACECAT__SIGNING_SECRET=your-tracecat-signing-secret
# API Service URL
TRACECAT__API_URL=${INTERNAL_API_URL}
# Root path to deal with extra path prefix behind the reverse proxy
TRACECAT__API_ROOT_PATH=/api
# This the public URL for the frontend
TRACECAT__PUBLIC_APP_URL=${PUBLIC_APP_URL}
# This is the public URL for incoming webhooks
# If you wish to expose your webhooks to the internet, you can use a tunneling service like ngrok.
# If using ngrok, run `ngrok http --domain=INSERT_STATIC_NGROK_DOMAIN_HERE 8001`
# to start ngrok and update this with the forwarding URL
TRACECAT__PUBLIC_API_URL=${PUBLIC_API_URL}
# CORS (comman separated string of allowed origins)
TRACECAT__ALLOW_ORIGINS=http://localhost:3000,${PUBLIC_APP_URL}
# Postgres SSL model
TRACECAT__DB_SSLMODE=disable
# Email Sanitization
# Key-value pairs of allowed attributes to add to the email body
# e.g. {"*": {"style"}} # This allows all tags to have a style attribute
TRACECAT__ALLOWED_EMAIL_ATTRIBUTES=
# --- Postgres ---
TRACECAT__POSTGRES_USER=postgres
TRACECAT__POSTGRES_PASSWORD=postgres
TRACECAT__DB_URI=postgresql+psycopg://${TRACECAT__POSTGRES_USER}:${TRACECAT__POSTGRES_PASSWORD}@postgres_db:5432/postgres
# --- Shared frontend env vars ---
# Important: environment variables prefixed with `NEXT_PUBLIC_` are exposed to the browser client
# You may need to adjust the domain (default `localhost`) based on your setup
# Containers in the same network can communicate with each other using the service name
# Or you can use the host.docker.internal to communicate with the host machine
NODE_ENV=development
NEXT_PUBLIC_APP_ENV=development
# The frontend app URL
NEXT_PUBLIC_APP_URL=${PUBLIC_APP_URL}
# Allows the browser to communicate with the backend
NEXT_PUBLIC_API_URL=${PUBLIC_API_URL}
# Allows the frontend server (inside docker) to communicate with the backend server (inside docker)
NEXT_SERVER_API_URL=${INTERNAL_API_URL}
# --- Authentication ---
# One or more comma-separated values from `basic`, `google_oauth`, `saml`
TRACECAT__AUTH_TYPES=basic,google_oauth
# One or more comma-separated domains, e.g. `example.com,example.org`
# Leave blank to allow all domains
TRACECAT__AUTH_ALLOWED_DOMAINS=
TRACECAT__AUTH_MIN_PASSWORD_LENGTH=12
# OAuth
OAUTH_CLIENT_ID=
OAUTH_CLIENT_SECRET=
USER_AUTH_SECRET=your-auth-secret
# SAML SSO settings
SAML_IDP_METADATA_URL=
# Enables SAML on startup
TRACECAT__SETTING_OVERRIDE_SAML_ENABLED=
# --- Temporal ---
TEMPORAL__CLUSTER_URL=temporal:7233
TEMPORAL__CLUSTER_QUEUE=tracecat-task-queue
TEMPORAL__CLUSTER_NAMESPACE=default
TEMPORAL__VERSION=1.24.2
TEMPORAL__POSTGRES_USER=temporal
TEMPORAL__POSTGRES_PASSWORD=temporal
TEMPORAL__UI_VERSION=2.26.2
TEMPORAL__TASK_TIMEOUT=120
# --- Cloud only ---
# Tracecat Cloud only, please ignore if self-hosted:
NEXT_PUBLIC_POSTHOG_KEY=
NEXT_PUBLIC_POSTHOG_HOST=https://us.i.posthog.com
NEXT_PUBLIC_DISABLE_SESSION_RECORDING=true
# --- Remote registry ---
# Allowed git domains
# If you're using a self-hosted git provider, you can add it here
TRACECAT__ALLOWED_GIT_DOMAINS=github.com,gitlab.com,bitbucket.org
# If you wish to use a remote registry, set the URL here
# This is useful if you wish to use a custom set of UDFs
# or if you wish to host your own registry
TRACECAT__REMOTE_REPOSITORY_URL=
# If not provided, the package name will be inferred from the git remote URL (repo name)
TRACECAT__REMOTE_REPOSITORY_PACKAGE_NAME=
# --- AI settings ---
# If you wish to use open source models, add a comma-separated list of models to preload
# Please see module `tracecat.llm` for the full list of available models
# The models will be loaded on startup
TRACECAT__PRELOAD_OSS_MODELS=
# Ollama settings
OLLAMA__VERSION=0.3.12
OLLAMA__API_URL=http://ollama:11434