mirror of https://github.com/boxyhq/jackson.git
113 lines
3.7 KiB
Plaintext
113 lines
3.7 KiB
Plaintext
# Jackson settings
|
|
# Change this to your deployment public URL
|
|
EXTERNAL_URL=http://localhost:5225
|
|
SAML_AUDIENCE=https://saml.boxyhq.com
|
|
JACKSON_API_KEYS="secret"
|
|
ADMIN_PORTAL_SSO_TENANT="_jackson_boxyhq"
|
|
ADMIN_PORTAL_SSO_PRODUCT="_jackson_admin_portal"
|
|
IDP_ENABLED=
|
|
PRE_LOADED_CONNECTION=
|
|
CLIENT_SECRET_VERIFIER=
|
|
|
|
# Database settings
|
|
DB_ENGINE=sql
|
|
DB_URL=postgres://postgres:postgres@localhost:5432/postgres
|
|
DB_TYPE=postgres
|
|
DB_TTL=300
|
|
DB_CLEANUP_LIMIT=1000
|
|
DB_PAGE_LIMIT=50
|
|
# You can use openssl to generate a random 32 character key: openssl rand -base64 24
|
|
DB_ENCRYPTION_KEY=
|
|
# Uncomment below if you wish to run DB migrations manually.
|
|
#DB_MANUAL_MIGRATION=true
|
|
|
|
# Admin Portal settings
|
|
# SMTP details for Magic Links
|
|
SMTP_HOST=
|
|
SMTP_PORT=
|
|
SMTP_USER=
|
|
SMTP_PASSWORD=
|
|
SMTP_FROM=
|
|
# Access Control for Magic Links. Set this to a comma separated string of email addresses
|
|
# or glob patterns like: `tonystark@gmail.com,*@marvel.com`.
|
|
# Access will be denied to email addresses which don't match. If you don't specify any value access is denied to all.
|
|
NEXTAUTH_ACL=
|
|
|
|
# Change this to your deployment public URL (https://next-auth.js.org/configuration/options#nextauth_url)
|
|
NEXTAUTH_URL=http://localhost:5225
|
|
# Change this to a real secret when deploying to production
|
|
# You can use openssl to generate a secret key: openssl rand -base64 32
|
|
NEXTAUTH_SECRET=secret
|
|
# Admin credentials (In the format email:password. Comma separated values if you want multiple logins). Alternative to Magic Links.
|
|
NEXTAUTH_ADMIN_CREDENTIALS=
|
|
|
|
# Admin Portal for Retraced (Audit Logs)
|
|
RETRACED_HOST_URL=
|
|
RETRACED_EXTERNAL_URL=
|
|
RETRACED_ADMIN_ROOT_TOKEN=
|
|
|
|
# Admin Portal for Terminus (Privacy Vault)
|
|
TERMINUS_PROXY_HOST_URL=
|
|
TERMINUS_ADMIN_ROOT_TOKEN=
|
|
|
|
# OpenTelemetry
|
|
OTEL_EXPORTER_OTLP_METRICS_ENDPOINT=
|
|
OTEL_EXPORTER_OTLP_METRICS_HEADERS=
|
|
# If you want to use grpc
|
|
# OTEL_EXPORTER_OTLP_METRICS_PROTOCOL=grpc
|
|
# If you have any issues with using the otel exporter and want to enable debug logs
|
|
# OTEL_EXPORTER_DEBUG=true
|
|
|
|
# JWS Algorithm to be used for signing e.g., RS256
|
|
# https://github.com/panva/jose/issues/114#digital-signatures
|
|
OPENID_JWS_ALG=
|
|
|
|
# JWT signing keys
|
|
# Generate keys: https://www.scottbrady91.com/openssl/creating-rsa-keys-using-openssl,
|
|
# Load into env: https://developer.vonage.com/blog/20/07/29/using-private-keys-in-environment-variables
|
|
# openssl genrsa -out private-key.pem 3072
|
|
# convert to pkcs8 format: openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private-key.pem -out private_key.pem
|
|
# cat private_key.pem | base64
|
|
OPENID_RSA_PRIVATE_KEY=
|
|
# openssl rsa -in private_key.pem -pubout -out public_key.pem
|
|
# cat public_key.pem | base64
|
|
OPENID_RSA_PUBLIC_KEY=
|
|
|
|
# You can use `openssl req -x509 -newkey rsa:2048 -keyout key.pem -out public.crt -sha256 -days 365000 -nodes` to generate one
|
|
# Base64 encoded value of public key `cat public.crt | base64`
|
|
PUBLIC_KEY=
|
|
|
|
# Base64 encoded value of private key `cat key.pem | base64`
|
|
PRIVATE_KEY=
|
|
|
|
# To enable enterprise-only features, fill your license key in here.
|
|
BOXYHQ_LICENSE_KEY=
|
|
|
|
# To turn off our anonymous analytics uncomment the line below
|
|
#BOXYHQ_NO_ANALYTICS=1
|
|
|
|
# Set Webhook URL and secret to enable webhook notifications
|
|
WEBHOOK_URL=
|
|
WEBHOOK_SECRET=
|
|
|
|
# Directory sync webhook event batch size (Eg: 50)
|
|
DSYNC_WEBHOOK_BATCH_SIZE=
|
|
DSYNC_WEBHOOK_BATCH_CRON_INTERVAL=
|
|
|
|
# Google workspace directory sync
|
|
DSYNC_GOOGLE_CLIENT_ID=
|
|
DSYNC_GOOGLE_CLIENT_SECRET=
|
|
DSYNC_GOOGLE_CRON_INTERVAL=
|
|
|
|
# Only applicable for BoxyHQ SaaS deployments
|
|
BOXYHQ_HOSTED=0
|
|
|
|
# Setup link expiry in days
|
|
SETUP_LINK_EXPIRY_DAYS=3
|
|
|
|
# Ory integration. You need BOXYHQ_LICENSE_KEY to be set to use this.
|
|
ENTERPRISE_ORY_SDK_TOKEN=
|
|
ENTERPRISE_ORY_PROJECT_ID=
|
|
|
|
# Uncomment below if you wish to opt-out of sending `profile` scope in OIDC Provider Authorization Request
|
|
#OPENID_REQUEST_PROFILE_SCOPE=false |