curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3b7d362600153463dc94f8cac54ca8467f1c63b7
kite/.env.example
T
curo1305 12c6487855 feat(02-01): add BackupCode ORM model, password_must_change field, Alembic migration, extend Settings 
- Add BackupCode model to db/models.py with user_id FK, code_hash (Argon2), used_at (nullable)
- Add ix_backup_codes_user_id index on backup_codes.user_id
- Add password_must_change BOOLEAN NOT NULL DEFAULT false to User model (ADMIN-01)
- Extend config.py Settings with JWT, SMTP, admin bootstrap, and CORS fields (D-01, D-04, D-09)
- Add env_list_separator=',' for cors_origins env var parsing
- Append PyJWT, pwdlib[argon2], pyotp, aioredis, slowapi to requirements.txt
- Add .env.example entries for SECRET_KEY, ADMIN_EMAIL, SMTP_*, CORS_ORIGINS
- Create migration 0002 adding backup_codes table and password_must_change column
- Add TDD tests for all Task 1 acceptance criteria (7 tests pass)
2026-05-22 19:19:52 +02:00

52 lines
3.1 KiB
Bash
Raw Blame History

# Copy to .env and fill in as needed.
# Settings are primarily managed through the in-app Settings UI.
# These are NOT required — the app defaults to LM Studio with no API keys.
ANTHROPIC_API_KEY=
OPENAI_API_KEY=
# ── PostgreSQL ───────────────────────────────────────────────────────────────
# App user — SELECT/INSERT/UPDATE/DELETE only, used by FastAPI + Celery
DATABASE_URL=postgresql+psycopg://docuvault_app:changeme_app@postgres:5432/docuvault
# Migration user — DDL privileges, used ONLY by Alembic, never by the app at runtime
DATABASE_MIGRATE_URL=postgresql+psycopg://docuvault_migrate:changeme_migrate@postgres:5432/docuvault
# Superuser password for the postgres init container — used only by initdb.d scripts
POSTGRES_PASSWORD=changeme_super
# ── MinIO ────────────────────────────────────────────────────────────────────
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=changeme_minio_root
MINIO_ENDPOINT=minio:9000
# App-level access key — minimal permissions on docuvault bucket only
MINIO_ACCESS_KEY=docuvault_app
MINIO_SECRET_KEY=changeme_minio_app
MINIO_BUCKET=docuvault
# ── Redis ─────────────────────────────────────────────────────────────────────
REDIS_PASSWORD=changeme_redis
# Must match REDIS_PASSWORD; the leading : is the no-username form for requirepass
REDIS_URL=redis://:changeme_redis@redis:6379/0
# ── Security (Phase 2) ───────────────────────────────────────────────────────
# JWT signing secret — generate with: python3 -c "import secrets; print(secrets.token_hex(64))"
SECRET_KEY=CHANGEME-replace-with-64-char-random-hex
# ── Admin Bootstrap (Phase 2 — D-04) ─────────────────────────────────────────
# First admin account created on startup if users table is empty.
# Both vars must be set; if missing, a WARNING is logged but app starts normally.
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=CHANGEME-replace-with-strong-password
# ── SMTP / Email (Phase 2 — D-01) ────────────────────────────────────────────
# When SMTP_HOST is unset, password reset links are logged to stdout (dev mode).
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASSWORD=
SMTP_FROM=noreply@docuvault.local
# ── CORS (Phase 2 — D-09) ────────────────────────────────────────────────────
# Comma-separated list of allowed origins. Default: http://localhost:5173
# Example for production: https://app.docuvault.example.com
CORS_ORIGINS=http://localhost:5173
Reference in New Issue View Git Blame Copy Permalink