2022-01-19 13:08:15 +00:00
|
|
|
# Jackson settings
|
2023-02-22 16:51:06 +00:00
|
|
|
# Change this to your deployment public URL
|
|
|
|
EXTERNAL_URL=http://localhost:5225
|
2022-01-19 13:08:15 +00:00
|
|
|
SAML_AUDIENCE=https://saml.boxyhq.com
|
|
|
|
JACKSON_API_KEYS="secret"
|
2023-01-12 15:09:08 +00:00
|
|
|
ADMIN_PORTAL_SSO_TENANT="_jackson_boxyhq"
|
|
|
|
ADMIN_PORTAL_SSO_PRODUCT="_jackson_admin_portal"
|
2022-01-19 13:08:15 +00:00
|
|
|
IDP_ENABLED=
|
2022-10-28 19:19:31 +00:00
|
|
|
PRE_LOADED_CONNECTION=
|
2022-02-15 14:09:56 +00:00
|
|
|
CLIENT_SECRET_VERIFIER=
|
2022-01-19 13:08:15 +00:00
|
|
|
|
|
|
|
# Database settings
|
|
|
|
DB_ENGINE=sql
|
2022-02-16 17:59:31 +00:00
|
|
|
DB_URL=postgres://postgres:postgres@localhost:5432/postgres
|
2022-01-19 13:08:15 +00:00
|
|
|
DB_TYPE=postgres
|
|
|
|
DB_TTL=300
|
|
|
|
DB_CLEANUP_LIMIT=1000
|
2022-03-18 18:39:16 +00:00
|
|
|
DB_PAGE_LIMIT=50
|
2022-01-25 15:10:06 +00:00
|
|
|
# You can use openssl to generate a random 32 character key: openssl rand -base64 24
|
2022-01-19 13:08:15 +00:00
|
|
|
DB_ENCRYPTION_KEY=
|
2023-10-13 22:29:21 +00:00
|
|
|
# Uncomment below if you wish to run DB migrations manually.
|
|
|
|
#DB_MANUAL_MIGRATION=true
|
2022-02-15 23:34:12 +00:00
|
|
|
|
2022-11-09 10:35:10 +00:00
|
|
|
# Admin Portal settings
|
2023-02-07 12:25:28 +00:00
|
|
|
# SMTP details for Magic Links
|
2022-02-22 19:03:21 +00:00
|
|
|
SMTP_HOST=
|
|
|
|
SMTP_PORT=
|
|
|
|
SMTP_USER=
|
|
|
|
SMTP_PASSWORD=
|
|
|
|
SMTP_FROM=
|
2023-02-07 12:25:28 +00:00
|
|
|
# Access Control for Magic Links. Set this to a comma separated string of email addresses
|
|
|
|
# or glob patterns like: `tonystark@gmail.com,*@marvel.com`.
|
|
|
|
# Access will be denied to email addresses which don't match. If you don't specify any value access is denied to all.
|
|
|
|
NEXTAUTH_ACL=
|
2022-02-22 19:03:21 +00:00
|
|
|
|
2023-02-22 16:51:06 +00:00
|
|
|
# Change this to your deployment public URL (https://next-auth.js.org/configuration/options#nextauth_url)
|
|
|
|
NEXTAUTH_URL=http://localhost:5225
|
|
|
|
# Change this to a real secret when deploying to production
|
2024-03-19 12:27:42 +00:00
|
|
|
# You can use openssl to generate a secret key: openssl rand -base64 32
|
2023-02-22 16:51:06 +00:00
|
|
|
NEXTAUTH_SECRET=secret
|
2023-02-07 12:25:28 +00:00
|
|
|
# Admin credentials (In the format email:password. Comma separated values if you want multiple logins). Alternative to Magic Links.
|
|
|
|
NEXTAUTH_ADMIN_CREDENTIALS=
|
2022-02-22 19:03:21 +00:00
|
|
|
|
2023-03-02 20:55:54 +00:00
|
|
|
# Admin Portal for Retraced (Audit Logs)
|
2023-01-04 17:51:06 +00:00
|
|
|
RETRACED_HOST_URL=
|
|
|
|
RETRACED_EXTERNAL_URL=
|
|
|
|
RETRACED_ADMIN_ROOT_TOKEN=
|
|
|
|
|
2023-03-02 20:55:54 +00:00
|
|
|
# Admin Portal for Terminus (Privacy Vault)
|
|
|
|
TERMINUS_PROXY_HOST_URL=
|
|
|
|
TERMINUS_ADMIN_ROOT_TOKEN=
|
|
|
|
|
2022-02-15 23:34:12 +00:00
|
|
|
# OpenTelemetry
|
|
|
|
OTEL_EXPORTER_OTLP_METRICS_ENDPOINT=
|
2022-12-05 20:47:12 +00:00
|
|
|
OTEL_EXPORTER_OTLP_METRICS_HEADERS=
|
|
|
|
# If you want to use grpc
|
|
|
|
# OTEL_EXPORTER_OTLP_METRICS_PROTOCOL=grpc
|
|
|
|
# If you have any issues with using the otel exporter and want to enable debug logs
|
|
|
|
# OTEL_EXPORTER_DEBUG=true
|
2022-07-23 17:04:55 +00:00
|
|
|
|
|
|
|
# JWS Algorithm to be used for signing e.g., RS256
|
|
|
|
# https://github.com/panva/jose/issues/114#digital-signatures
|
|
|
|
OPENID_JWS_ALG=
|
|
|
|
|
|
|
|
# JWT signing keys
|
|
|
|
# Generate keys: https://www.scottbrady91.com/openssl/creating-rsa-keys-using-openssl,
|
|
|
|
# Load into env: https://developer.vonage.com/blog/20/07/29/using-private-keys-in-environment-variables
|
|
|
|
# openssl genrsa -out private-key.pem 3072
|
|
|
|
# convert to pkcs8 format: openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in private-key.pem -out private_key.pem
|
|
|
|
# cat private_key.pem | base64
|
|
|
|
OPENID_RSA_PRIVATE_KEY=
|
|
|
|
# openssl rsa -in private_key.pem -pubout -out public_key.pem
|
2022-09-30 10:37:21 +00:00
|
|
|
# cat public_key.pem | base64
|
2022-12-06 19:01:01 +00:00
|
|
|
OPENID_RSA_PUBLIC_KEY=
|
|
|
|
|
|
|
|
# You can use `openssl req -x509 -newkey rsa:2048 -keyout key.pem -out public.crt -sha256 -days 365000 -nodes` to generate one
|
|
|
|
# Base64 encoded value of public key `cat public.crt | base64`
|
|
|
|
PUBLIC_KEY=
|
|
|
|
|
|
|
|
# Base64 encoded value of private key `cat key.pem | base64`
|
2022-12-16 15:38:59 +00:00
|
|
|
PRIVATE_KEY=
|
|
|
|
|
|
|
|
# To enable enterprise-only features, fill your license key in here.
|
2022-12-29 19:45:52 +00:00
|
|
|
BOXYHQ_LICENSE_KEY=
|
|
|
|
|
|
|
|
# To turn off our anonymous analytics uncomment the line below
|
|
|
|
#BOXYHQ_NO_ANALYTICS=1
|
2023-03-27 15:36:44 +00:00
|
|
|
|
2023-03-29 18:27:09 +00:00
|
|
|
# Set Webhook URL and secret to enable webhook notifications
|
2023-03-27 15:36:44 +00:00
|
|
|
WEBHOOK_URL=
|
2023-11-13 23:06:06 +00:00
|
|
|
WEBHOOK_SECRET=
|
|
|
|
|
|
|
|
# Directory sync webhook event batch size (Eg: 50)
|
2023-11-20 09:56:50 +00:00
|
|
|
DSYNC_WEBHOOK_BATCH_SIZE=
|
2024-03-22 11:49:23 +00:00
|
|
|
DSYNC_WEBHOOK_BATCH_CRON_INTERVAL=
|
2023-11-20 09:56:50 +00:00
|
|
|
|
|
|
|
# Google workspace directory sync
|
2023-11-22 17:46:14 +00:00
|
|
|
DSYNC_GOOGLE_CLIENT_ID=
|
|
|
|
DSYNC_GOOGLE_CLIENT_SECRET=
|
2024-03-22 11:49:23 +00:00
|
|
|
DSYNC_GOOGLE_CRON_INTERVAL=
|
2024-01-02 15:00:41 +00:00
|
|
|
|
|
|
|
# Only applicable for BoxyHQ SaaS deployments
|
2024-01-03 12:30:13 +00:00
|
|
|
BOXYHQ_HOSTED=0
|
|
|
|
|
|
|
|
# Setup link expiry in days
|
2024-01-30 14:47:08 +00:00
|
|
|
SETUP_LINK_EXPIRY_DAYS=3
|
|
|
|
|
|
|
|
# Ory integration. You need BOXYHQ_LICENSE_KEY to be set to use this.
|
|
|
|
ENTERPRISE_ORY_SDK_TOKEN=
|
|
|
|
ENTERPRISE_ORY_PROJECT_ID=
|
2024-03-13 14:47:15 +00:00
|
|
|
|
|
|
|
# Uncomment below if you wish to opt-out of sending `profile` scope in OIDC Provider Authorization Request
|
2024-03-16 20:16:25 +00:00
|
|
|
#OPENID_REQUEST_PROFILE_SCOPE=false
|