-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
159 lines (124 loc) · 4.96 KB
/
.env.example
File metadata and controls
159 lines (124 loc) · 4.96 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# Lexecon Environment Variables for Railway Deployment
# Node Configuration
LEXECON_NODE_ID=railway-node
# Logging Configuration
LEXECON_LOG_LEVEL=INFO
LEXECON_LOG_FORMAT=json
# Policy Configuration
LEXECON_POLICY_MODE=strict
# API Configuration (Railway will set PORT automatically)
# PORT=8000
# Data Directory (Railway provides persistent storage)
# LEXECON_DATA_DIR=/data/.lexecon
# CORS Configuration (Add your frontend URL)
LEXECON_CORS_ORIGINS=https://lex-agent-guard.lovable.app
# Optional: Database URL if using external database
# DATABASE_URL=
# Optional: Redis URL if using caching
# REDIS_URL=
# Rate Limiting Configuration (Phase 1A)
LEXECON_RATE_LIMIT_ENABLED=true
# Format: requests/seconds (e.g., 100/60 = 100 requests per 60 seconds)
LEXECON_RATE_LIMIT_GLOBAL_PER_IP=100/60
LEXECON_RATE_LIMIT_AUTH_LOGIN=5/300
LEXECON_RATE_LIMIT_API_PER_USER=1000/3600
# Secrets Management Configuration (Phase 1D)
# Master key for encrypting .env files (development)
# Generate with: python scripts/manage_secrets.py generate
LEXECON_MASTER_KEY=
# Database encryption key (for MFA secrets, sensitive fields)
# Set directly OR use _FILE suffix to read from file (Docker Secrets)
DB_ENCRYPTION_KEY=
# DB_ENCRYPTION_KEY_FILE=/run/secrets/db_encryption_key
# RSA private key password (for digital signatures)
RSA_KEY_PASSWORD=
# RSA_KEY_PASSWORD_FILE=/run/secrets/rsa_private_key_password
# Session secret key (for session token signing)
SESSION_SECRET_KEY=
# SESSION_SECRET_KEY_FILE=/run/secrets/session_secret_key
# MFA encryption key (for TOTP secrets)
MFA_ENCRYPTION_KEY=
# MFA_ENCRYPTION_KEY_FILE=/run/secrets/mfa_encryption_key
# Environment (affects security headers, HSTS)
LEXECON_ENV=development # or 'production'
# Base URL (required for OAuth callbacks in Phase 1F)
LEXECON_BASE_URL=http://localhost:8000
# OIDC OAuth Configuration (Phase 1F - Optional)
# Configure providers you want to enable for SSO
# Google OAuth
# Get credentials at: https://console.cloud.google.com/apis/credentials
# Authorized redirect URIs: {LEXECON_BASE_URL}/auth/oidc/callback/google
OIDC_GOOGLE_CLIENT_ID=
OIDC_GOOGLE_CLIENT_SECRET=
# Azure AD / Microsoft OAuth
# Get credentials at: https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps
# Authorized redirect URIs: {LEXECON_BASE_URL}/auth/oidc/callback/azure
OIDC_AZURE_CLIENT_ID=
OIDC_AZURE_CLIENT_SECRET=
OIDC_AZURE_TENANT_ID=common # or your specific tenant ID
# Okta OAuth
# Example custom provider configuration:
# OIDC_CUSTOM_DISCOVERY_URL=https://your-domain.okta.com/.well-known/openid-configuration
# OIDC_CUSTOM_CLIENT_ID=your-client-id
# OIDC_CUSTOM_CLIENT_SECRET=your-client-secret
# Auth0 OAuth
# Example: OIDC_CUSTOM_DISCOVERY_URL=https://your-domain.auth0.com/.well-known/openid-configuration
# Any OIDC-compliant provider
OIDC_CUSTOM_DISCOVERY_URL=
OIDC_CUSTOM_CLIENT_ID=
OIDC_CUSTOM_CLIENT_SECRET=
# ================================================================================
# FEATURE FLAGS (Phase 5.4)
# ================================================================================
# Feature Flags Mode
# Options: "env" (environment variables) or "launchdarkly" (LaunchDarkly SDK)
FEATURE_FLAGS_MODE=env
# LaunchDarkly SDK Key (only needed if FEATURE_FLAGS_MODE=launchdarkly)
# Get from: LaunchDarkly Dashboard → Account Settings → Projects → Lexecon
# LAUNCHDARKLY_SDK_KEY=sdk-xxxxx-xxxxx-xxxxx
# Feature Flags (Environment Variable Mode)
# Format: FEATURE_FLAG_<FLAG_NAME>=<value>
# Boolean: true/false, 1/0, yes/no, on/off
# Number: 100, 1000.5
# String: "value"
# JSON: {"key": "value"}
# Security & Authentication
FEATURE_FLAG_MFA_REQUIRED=false
FEATURE_FLAG_MFA_ENROLLMENT_MANDATORY=false
FEATURE_FLAG_PASSWORD_EXPIRATION_ENABLED=true
FEATURE_FLAG_SESSION_TIMEOUT_STRICT=true
# Rate Limiting
FEATURE_FLAG_RATE_LIMITING_STRICT=true
FEATURE_FLAG_RATE_LIMIT_PER_USER=100
FEATURE_FLAG_RATE_LIMIT_GLOBAL=10000
# Decision Engine
FEATURE_FLAG_NEW_DECISION_ENGINE=false
FEATURE_FLAG_DECISION_CACHING_ENABLED=true
FEATURE_FLAG_DECISION_ASYNC_EVALUATION=false
FEATURE_FLAG_DECISION_BATCH_PROCESSING=false
# Ledger & Audit
FEATURE_FLAG_LEDGER_COMPRESSION_ENABLED=true
FEATURE_FLAG_LEDGER_ENCRYPTION_ENABLED=true
FEATURE_FLAG_AUDIT_LOG_RETENTION_DAYS=90
# API Features
FEATURE_FLAG_API_VERSIONING_ENABLED=true
FEATURE_FLAG_API_DEPRECATION_WARNINGS=true
FEATURE_FLAG_GRAPHQL_ENABLED=false
FEATURE_FLAG_WEBHOOKS_ENABLED=false
# Observability
FEATURE_FLAG_METRICS_DETAILED=true
FEATURE_FLAG_TRACING_ENABLED=false
FEATURE_FLAG_PERFORMANCE_PROFILING=false
# Sentry Error Tracking & Performance Monitoring
# Get your DSN from: https://sentry.io/settings/[org]/projects/[project]/keys/
# Format: https://[public_key]@[region].ingest.sentry.io/[project_id]
SENTRY_DSN=
# Optional: Set the release version for release tracking
# SENTRY_RELEASE=lexecon@0.1.0
# Compliance
FEATURE_FLAG_GDPR_MODE_ENABLED=false
FEATURE_FLAG_HIPAA_MODE_ENABLED=false
FEATURE_FLAG_DATA_RESIDENCY_ENFORCEMENT=false
# Experimental
FEATURE_FLAG_EXPERIMENTAL_FEATURES=false
FEATURE_FLAG_BETA_FEATURES=false