-
Notifications
You must be signed in to change notification settings - Fork 177
/
.env.example
133 lines (118 loc) · 4.62 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# --- Shared env vars ---
LOG_LEVEL=INFO
COMPOSE_PROJECT_NAME=tracecat
# --- Shared URL env vars ---
PUBLIC_APP_URL=http://localhost
PUBLIC_API_URL=http://localhost/api
SAML_SP_ACS_URL=${PUBLIC_API_URL}/auth/saml/acs
INTERNAL_API_URL=http://api:8000
INTERNAL_EXECUTOR_URL=http://executor:8000
# -- Caddy env vars ---
BASE_DOMAIN=:80
# Note: replace with your server's IP address
ADDRESS=0.0.0.0
# --- App and DB env vars ---
# One of `development`, `staging`, or `production`
TRACECAT__APP_ENV=development
# Used to encrypt/decrypt sensitive keys in the database
# Can be generated using `python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"`
TRACECAT__DB_ENCRYPTION_KEY=your-tracecat-db-fernet-key
# Used to authenticate with Tracecat services
# Can be generated using `openssl rand -hex 32`
TRACECAT__SERVICE_KEY=your-tracecat-service-key
# Used to generate private webhook URLs
# Can be generated using `openssl rand -hex 32`
TRACECAT__SIGNING_SECRET=your-tracecat-signing-secret
# API Service URL
TRACECAT__API_URL=${INTERNAL_API_URL}
# Root path to deal with extra path prefix behind the reverse proxy
TRACECAT__API_ROOT_PATH=/api
# This the public URL for the frontend
TRACECAT__PUBLIC_APP_URL=${PUBLIC_APP_URL}
# This is the public URL for incoming webhooks
# If you wish to expose your webhooks to the internet, you can use a tunneling service like ngrok.
# If using ngrok, run `ngrok http --domain=INSERT_STATIC_NGROK_DOMAIN_HERE 8001`
# to start ngrok and update this with the forwarding URL
TRACECAT__PUBLIC_API_URL=${PUBLIC_API_URL}
# CORS (comman separated string of allowed origins)
TRACECAT__ALLOW_ORIGINS=http://localhost:3000,${PUBLIC_APP_URL}
# Postgres SSL model
TRACECAT__DB_SSLMODE=disable
# --- Postgres ---
TRACECAT__POSTGRES_USER=postgres
TRACECAT__POSTGRES_PASSWORD=postgres
TRACECAT__DB_URI=postgresql+psycopg://${TRACECAT__POSTGRES_USER}:${TRACECAT__POSTGRES_PASSWORD}@postgres_db:5432/postgres
# --- Shared frontend env vars ---
# Important: environment variables prefixed with `NEXT_PUBLIC_` are exposed to the browser client
# You may need to adjust the domain (default `localhost`) based on your setup
# Containers in the same network can communicate with each other using the service name
# Or you can use the host.docker.internal to communicate with the host machine
NODE_ENV=development
NEXT_PUBLIC_APP_ENV=development
# The frontend app URL
NEXT_PUBLIC_APP_URL=${PUBLIC_APP_URL}
# Allows the browser to communicate with the backend
NEXT_PUBLIC_API_URL=${PUBLIC_API_URL}
# Allows the frontend server (inside docker) to communicate with the backend server (inside docker)
NEXT_SERVER_API_URL=${INTERNAL_API_URL}
# --- Authentication ---
# One or more comma-separated values from `basic`, `google_oauth`, `saml`
TRACECAT__AUTH_TYPES=basic,google_oauth
# One or more comma-separated domains, e.g. `example.com,example.org`
# Leave blank to allow all domains
TRACECAT__AUTH_ALLOWED_DOMAINS=
TRACECAT__AUTH_MIN_PASSWORD_LENGTH=12
# OAuth
OAUTH_CLIENT_ID=
OAUTH_CLIENT_SECRET=
USER_AUTH_SECRET=your-auth-secret
# SAML SSO settings
SAML_IDP_ENTITY_ID=
SAML_IDP_REDIRECT_URL=
SAML_IDP_CERTIFICATE=
SAML_IDP_METADATA_URL=
# --- Temporal ---
TEMPORAL__CLUSTER_URL=temporal:7233
TEMPORAL__CLUSTER_QUEUE=tracecat-task-queue
TEMPORAL__CLUSTER_NAMESPACE=default
TEMPORAL__VERSION=1.24.2
TEMPORAL__POSTGRES_USER=temporal
TEMPORAL__POSTGRES_PASSWORD=temporal
TEMPORAL__UI_VERSION=2.26.2
TEMPORAL__TASK_TIMEOUT=120
# --- Cloud only ---
# Tracecat Cloud only, please ignore if self-hosted:
NEXT_PUBLIC_POSTHOG_KEY=
NEXT_PUBLIC_POSTHOG_HOST=https://us.i.posthog.com
NEXT_PUBLIC_DISABLE_SESSION_RECORDING=true
# --- SMTP settings ---
# Settings used by the core.send_email_smtp action
SMTP_HOST=smtp.example.com
SMTP_PORT=465
SMTP_STARTTLS_ENABLED=1
SMTP_SSL_ENABLED=0
SMTP_IGNORE_CERT_ERRORS=0
SMTP_AUTH_ENABLED=1
SMTP_USER=testuser
SMTP_PASS=test
# --- LDAP settings ---
# Settings used by the integrations.ldap actions
LDAP_HOST=ldap.example.com
LDAP_PORT=389
LDAP_SSL=0
LDAP_TYPE=AD
# --- Remote registry ---
# If you wish to use a remote registry, set the URL here
# This is useful if you wish to use a custom set of UDFs
# or if you wish to host your own registry
TRACECAT__REMOTE_REPOSITORY_URL=
# If not provided, the package name will be inferred from the git remote URL (repo name)
TRACECAT__REMOTE_REPOSITORY_PACKAGE_NAME=
# --- AI settings ---
# If you wish to use open source models, add a comma-separated list of models to preload
# Please see module `tracecat.llm` for the full list of available models
# The models will be loaded on startup
TRACECAT__PRELOAD_OSS_MODELS=
# Ollama settings
OLLAMA__VERSION=0.3.12
OLLAMA__API_URL=http://ollama:11434