forked from onecli/onecli
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
37 lines (30 loc) · 1.66 KB
/
.env.example
File metadata and controls
37 lines (30 loc) · 1.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Database — required. Use `pnpm db:up` to start a local PostgreSQL via Docker.
DATABASE_URL=postgresql://onecli:onecli@localhost:5432/onecli
# Auth — single-user mode by default (no login required).
# To enable Google OAuth login (multi-user), set NEXTAUTH_SECRET and the Google credentials below.
# Generate with: openssl rand -hex 32
NEXTAUTH_SECRET=
# Gateway auth mode — "local" skips JWT validation (single-user dev), "oauth" validates OIDC access tokens.
AUTH_MODE=local
# OIDC login provider (Keycloak, Okta, Auth0, etc.)
# Set all three + NEXTAUTH_SECRET to enable multi-user OAuth login.
# Redirect URI to register with your provider: {APP_URL}/api/auth/callback/oidc
OAUTH_ISSUER=
OAUTH_AUDIENCE=
OAUTH_CLIENT_ID=
OAUTH_CLIENT_SECRET=
# Google OAuth — used for Google Workspace app connections (Gmail, Calendar, etc.)
# NOT used for login. Set these only if you use Google Workspace integrations.
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# Secret encryption key for encrypting stored secrets (API keys, tokens, etc.)
# Auto-generated on first container start if not set.
# Only set this if you need a specific key (e.g., migrating data between instances).
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
SECRET_ENCRYPTION_KEY=change-me-to-secure-key
# Gateway API — where the web app calls the gateway HTTP API (vault, cache, etc.)
# OSS: localhost:10255, Cloud: api.onecli.sh (no protocol prefix)
API_BASE_URL=localhost:10255
# Gateway proxy — where containers connect for the CONNECT proxy
# OSS: host.docker.internal:10255, Cloud: gateway.onecli.sh:10255 (no protocol prefix)
GATEWAY_BASE_URL=host.docker.internal:10255