-
-
Notifications
You must be signed in to change notification settings - Fork 4
/
.secrets.example
80 lines (71 loc) · 3.33 KB
/
.secrets.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
# Make a local copy `.secrets.example` as `.secrets` in your project root
# This will have environment variables for development environment
# Optionally use `.secrets.local` to override environment variables in `.secrets` (like API keys)
###########################################################################
# Infra Properties
###########################################################################
## HASURA
# Password Gen Tool:
# On UNIX systems you can use `openssl rand -hex 32` or
# https://generate-secret.vercel.app/64 to generate a secret.
HASURA_GRAPHQL_ADMIN_SECRET = 'hasura-admin-secret'
HASURA_GRAPHQL_JWT_SECRET = 'hasura-jwt-really-loooooooooooong-secret'
NHOST_WEBHOOK_SECRET = 'hasura-webhook-secret'
GRAFANA_ADMIN_PASSWORD = 'grafana-admin-password'
## AUTH PROVIDERS (optional)
AUTH_PROVIDER_AZUREAD_CLIENT_ID = 'FIXME'
AUTH_PROVIDER_AZUREAD_CLIENT_SECRET = 'FIXME'
AUTH_PROVIDER_AZUREAD_TENANT = 'FIXME'
AUTH_PROVIDER_GOOGLE_CLIENT_ID = 'FIXME'
AUTH_PROVIDER_GOOGLE_CLIENT_SECRET = 'FIXME'
# for local.auth.local.nhost.run
AUTH_PROVIDER_GITHUB_CLIENT_ID = 'FIXME'
AUTH_PROVIDER_GITHUB_CLIENT_SECRET = 'FIXME'
## SMTP
AUTH_SMTP_AUTH_METHOD = 'PLAIN'
AUTH_SMTP_HOST = 'mailhog'
AUTH_SMTP_PORT = '1025'
AUTH_SMTP_USER = 'user'
AUTH_SMTP_PASS = 'password'
AUTH_SMTP_SECURE = 'false'
AUTH_SMTP_SENDER = 'hasura-auth@example.com'
## STORAGE
S3_ACCESS_KEY = 'storage-access-key-never-use-this-value'
S3_SECRET_KEY = 'storage-secret-key-never-use-this-value'
S3_BUCKET = 'nhost'
S3_ENDPOINT = 'http://minio:9000'
S3_REGION = ''
S3_ROOT_FOLDER = ''
## AI
OPENAI_ORG_ID = 'FIXME'
OPENAI_PROJECT_ID = 'FIXME'
OPENAI_API_KEY = 'FIXME'
GRAPHITE_WEBHOOK_SECRET = 'graphite-webhook-secret'
## GHCR Container Registry
# For `nhost run` to pull private GHCR docker images to run in nhost cloud:
# set correct `GITHUB_USER` and `GHCR_READ_PAT_TOKEN` below
# use `echo -n "$GITHUB_USER:$GHCR_READ_PAT_TOKEN" | base64` command to generate `auth` value.
CONTAINER_REGISTRY_CREDENTIALS = '{"https://ghcr.io":{"username":"GITHUB_USER","password":"GHCR_READ_PAT_TOKEN","auth":"FIXME"}'
# For k8:
# kubectl create secret docker-registry ghcr-login-secret \
# --docker-server=https://ghcr.io \
# --docker-username=$GITHUB_USER \
# --docker-password=$GHCR_READ_PAT_TOKEN \
# -n my-runner-namespace --dry-run=client --output=yaml
# # OR from your local docker config.json file
# kubectl create secret generic regcred \
# --from-file=.dockerconfigjson=/Users/<username>/.docker/config.json \
# --type=kubernetes.io/dockerconfigjson --dry-run=client --output=yaml
###########################################################################
# Application Properties (Console)
###########################################################################
# RATE_LIMIT_SECRET: On UNIX systems you can use `openssl rand -hex 32` or
# https://generate-secret.vercel.app/32 to generate a secret.
# or copy (openssl rand -hex 32) output here
RATE_LIMIT_SECRET = '4e6e7d317f48c5a90c24983e5f15bbffc1d36d899fe46a055e1e80038962a298'
## FEATURE FLAGS
# you could generate new secret with: `node -e "console.log(crypto.randomBytes(32).toString('base64url'))"`
FLAGS_SECRET = 'dtQj-Agf3Kai_6vQ3mGlMzrznDBV4nUegPOeZDfodLw'
###########################################################################
# Application Properties (Dashboard)
###########################################################################