Alexander Bocken
f40dfd1774
Some checks failed
CI / build-and-deploy (push) Failing after 47s
Change from $env/static/private to $env/dynamic/private for all environment variables. This allows building in CI without embedding secrets in build artifacts, while keeping secrets secure on the server at runtime. Changes: - Refactor auth configuration to use dynamic env vars - Move database connection string to runtime - Update image API routes to read IMAGE_DIR at runtime - Add .env.example for documentation This enables the containerized build workflow to succeed without requiring a .env file during build, as secrets are only needed when the application starts on the server.
25 lines
754 B
Plaintext
25 lines
754 B
Plaintext
# Database Configuration
|
|
MONGO_URL="mongodb://user:password@host:port/database?authSource=admin"
|
|
|
|
# Authentication Secrets (runtime only - not embedded in build)
|
|
AUTHENTIK_ID="your-authentik-client-id"
|
|
AUTHENTIK_SECRET="your-authentik-client-secret"
|
|
|
|
# Static Configuration (embedded in build - OK to be public)
|
|
AUTHENTIK_ISSUER="https://sso.example.com/application/o/your-app/"
|
|
|
|
# File Storage
|
|
IMAGE_DIR="/path/to/static/files"
|
|
|
|
# Optional: Development Settings
|
|
# DEV_DISABLE_AUTH="true"
|
|
# ORIGIN="http://127.0.0.1:3000"
|
|
|
|
# Optional: Additional Configuration
|
|
# BEARER_TOKEN="your-bearer-token"
|
|
# COOKIE_SECRET="your-cookie-secret"
|
|
# PEPPER="your-pepper-value"
|
|
# ALLOW_REGISTRATION="1"
|
|
# AUTH_SECRET="your-auth-secret"
|
|
# USDA_API_KEY="your-usda-api-key"
|