curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a052ed4528d698e3ea366cdc5995f5947a2c2d39
kite/.env.example
T
curo1305 a052ed4528 feat(05-01): add Phase 5 cloud storage packages and config settings 
- Add 6 new packages to requirements.txt: cryptography>=41.0.0,
  google-auth-oauthlib>=1.3.1, google-api-python-client>=2.196.0,
  msal>=1.36.0, webdavclient3>=3.14.7, cachetools>=5.3.0
- Add 8 new Settings fields to config.py: cloud_creds_key,
  google_client_id/secret, onedrive_client_id/secret/tenant_id,
  backend_url (frontend_url already present from Phase 2)
- Append cloud storage section to .env.example
2026-05-28 20:48:38 +02:00

72 lines
4.0 KiB
Bash
Raw Blame History

# Copy to .env and fill in as needed.
# Settings are primarily managed through the in-app Settings UI.
# These are NOT required — the app defaults to LM Studio with no API keys.
ANTHROPIC_API_KEY=
OPENAI_API_KEY=
# ── PostgreSQL ───────────────────────────────────────────────────────────────
# App user — SELECT/INSERT/UPDATE/DELETE only, used by FastAPI + Celery
DATABASE_URL=postgresql+psycopg://docuvault_app:changeme_app@postgres:5432/docuvault
# Migration user — DDL privileges, used ONLY by Alembic, never by the app at runtime
DATABASE_MIGRATE_URL=postgresql+psycopg://docuvault_migrate:changeme_migrate@postgres:5432/docuvault
# Superuser password for the postgres init container — used only by initdb.d scripts
POSTGRES_PASSWORD=changeme_super
# ── MinIO ────────────────────────────────────────────────────────────────────
MINIO_ROOT_USER=minioadmin
MINIO_ROOT_PASSWORD=changeme_minio_root
MINIO_ENDPOINT=minio:9000
# App-level access key — minimal permissions on docuvault bucket only
MINIO_ACCESS_KEY=docuvault_app
MINIO_SECRET_KEY=changeme_minio_app
MINIO_BUCKET=docuvault
# ── Redis ─────────────────────────────────────────────────────────────────────
REDIS_PASSWORD=changeme_redis
# Must match REDIS_PASSWORD; the leading : is the no-username form for requirepass
REDIS_URL=redis://:changeme_redis@redis:6379/0
# ── Security (Phase 2) ───────────────────────────────────────────────────────
# JWT signing secret — generate with: python3 -c "import secrets; print(secrets.token_hex(64))"
SECRET_KEY=CHANGEME-replace-with-64-char-random-hex
# ── Admin Bootstrap (Phase 2 — D-04) ─────────────────────────────────────────
# First admin account created on startup if users table is empty.
# Both vars must be set; if missing, a WARNING is logged but app starts normally.
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=CHANGEME-replace-with-strong-password
# ── SMTP / Email (Phase 2 — D-01) ────────────────────────────────────────────
# When SMTP_HOST is unset, password reset links are logged to stdout (dev mode).
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASSWORD=
SMTP_FROM=noreply@docuvault.local
# ── CORS (Phase 2 — D-09) ────────────────────────────────────────────────────
# Comma-separated list of allowed origins. Default: http://localhost:5173
# Example for production: https://app.docuvault.example.com
CORS_ORIGINS=http://localhost:5173
# ── Cloud Storage Backends (Phase 5) ─────────────────────────────────────────
# Master key for HKDF per-user cloud credential encryption.
# Must be at least 32 bytes. Generate with:
# python3 -c "import secrets; print(secrets.token_urlsafe(32))"
CLOUD_CREDS_KEY=CHANGEME-32-bytes-padded!!
# Google Drive OAuth 2.0 — create credentials at https://console.cloud.google.com/
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# Microsoft OneDrive OAuth 2.0 — create app at https://portal.azure.com/
ONEDRIVE_CLIENT_ID=
ONEDRIVE_CLIENT_SECRET=
# "common" for personal + org accounts; or your tenant UUID for org-only
ONEDRIVE_TENANT_ID=common
# Backend and frontend URLs — used to construct OAuth callback/redirect URLs
BACKEND_URL=http://localhost:8000
FRONTEND_URL=http://localhost:5173
Reference in New Issue View Git Blame Copy Permalink