# =============================================================================
# Aegis Environment Variables
# =============================================================================
# Copy this file to .env and fill in the values BEFORE deploying.
#
# Generate secure random values with:
#   openssl rand -hex 32        (for SECRET_KEY)
#   openssl rand -base64 18     (for passwords)
# =============================================================================

# ── Database ─────────────────────────────────────────────────────────────────
DB_USER=postgres
DB_PASSWORD=              # REQUIRED — set a strong password
DB_NAME=attackdb

# ── Security ─────────────────────────────────────────────────────────────────
# REQUIRED in production — the app will refuse to start without it.
# Generate with:  openssl rand -hex 32
SECRET_KEY=

TOKEN_EXPIRE_MINUTES=60

# ── Initial Admin Account ────────────────────────────────────────────────────
# If ADMIN_PASSWORD is empty, a random password is auto-generated and
# printed to the backend container logs on first startup.
ADMIN_USERNAME=admin
ADMIN_PASSWORD=

# ── MinIO Object Storage ─────────────────────────────────────────────────────
MINIO_ACCESS_KEY=minioadmin
MINIO_SECRET_KEY=         # REQUIRED — set a strong password
MINIO_BUCKET=evidence
MINIO_SECURE=false        # Set to true if MinIO is behind TLS

# ── CORS ──────────────────────────────────────────────────────────────────────
# Comma-separated list of allowed frontend origins
CORS_ORIGINS=https://your-domain.com

# ── Frontend ─────────────────────────────────────────────────────────────────
FRONTEND_PORT=80

# ── Environment flag ─────────────────────────────────────────────────────────
# Set to "production" for production deployments (enforces SECRET_KEY, etc.)
AEGIS_ENV=production