-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathenv.sample
More file actions
82 lines (66 loc) · 2.4 KB
/
Copy pathenv.sample
File metadata and controls
82 lines (66 loc) · 2.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# General
PORT=8077
GOOGLE_CLOUD_PROJECT=<REPLACE>
TRACE_SAMPLING_FREQUENCY=0
TRACE_PRETTY=true
# Members
MEMBERS_API_DOMAIN=sandbox-api.bcc.no
# Database
DB_CONNECTION_STRING=postgres://bccm:bccm123@localhost:5432/bccm?sslmode=disable
# Auth0 (Authentication)
AUTH0_CLIENT_ID=<CLIENT_ID>
AUTH0_CLIENT_SECRET=<CLIENT_SECRET>
AUTH0_DOMAIN=api-sandbox.bcc.no
AUTH0_AUDIENCES=<REPLACE 1>[,<REPLACE 2>[,...]]
# CDN Config
IMAGE_CDN_DOMAIN=brunstadtv.imgix.net
VOD2_CDN_DOMAIN=vod2.brunstad.tv
FILES_CDN_DOMAIN=files.brunstad.tv
CF_SIGNING_KEY_ID=<SIGNING_KEY_ID>
LIVESTREAM_SIGNING_KEY_ID=<LIVESTREAM_SIGNING_KEY_ID>
LIVESTREAM_SIGNING_KEY_PATH=<PATH TO LIVESTREAM PEM KEY>
AZ_SIGNING_KEY=<BASE 64 ENCODED SIMMETRYC KEY>
# Stream proxy: HMAC secret + issuer the API uses to mint stream JWTs.
# These MUST match the values configured in cmd/stream-proxy.
STREAM_JWT_SECRET=
STREAM_JWT_ISSUER=
# Public hostname clients use to reach the stream proxy.
# For local dev, point at the locally-running cmd/stream-proxy (default port 8081).
STREAM_PROXY_DOMAIN=localhost:8081
# Optional. Selects how the API delivers stream URLs to clients:
# "cloudfront" (or empty) → API signs CloudFront URLs directly; the
# stream-proxy is NOT in the request path.
# "streamproxy" → API returns a stream-proxy URL with an HS256
# JWT; the proxy signs upstream to ioriver.
# The Unleash `stream-proxy:legacy` flag, when set on a request, overrides
# this and forces the CloudFront-direct signer for that request only.
STREAM_PRIMARY_PROVIDER=
# Other Secrets
SERVICE_SECRET_DIRECTUS=<COMMON SECRET>
# Redis
REDIS_ADDRESS=localhost:6378
REDIS_USERNAME=
REDIS_PASSWORD=
REDIS_DATABASE=0
# AWS Credentials
AWS_DEFAULT_REGION=eu-north-1
# TempBucket for export
AWS_TEMP_BUCKET=btv-tempstorage-dev
# Private key for signing redirect JWTs. For local dev, scripts/init.sh generates
# backend/cmd/api/key.local.rsa (gitignored) and inlines its PEM into REDIRECT_JWT_KEY.
# Leave REDIRECT_JWT_KEY unset/empty here — init.sh appends it.
REDIRECT_JWT_KEY=
REDIRECT_JWT_KEY_ID=local-dev
## This config takes precedence
ELASTIC_CLOUDID=
ELASTIC_APIKEY=
## Default local setup
ELASTIC_URL=http://localhost:9200/
ELASTIC_USERNAME=elastic
ELASTIC_PASSWORD=bccm123
## BMM
BMM_AUTH0_BASE_URL=https://auth0/
BMM_CLIENT_ID=<REPLACE>
BMM_CLIENT_SECRET=<REPLACE>
BMM_AUDIENCE=<REPLACE>
BMM_BASE_URL=<REPLACE>