-
Notifications
You must be signed in to change notification settings - Fork 35
/
Copy path.env.example
146 lines (126 loc) · 7.16 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
#
# REQUIRED SETTINGS
#
# If equal to "development", applies configurations on the backend and frontend containers that
# are not suitable for production, related to CORS, secure cookies and https.
# Any other value works for a production environment, and will be used by sentry to mark the environment
# an error occurred in.
ENV=production
# Ports respectively used by the backend API and the frontends containers
# Maps to the "PORT" environment variable in the backend and frontend containers
# respectively.
API_PORT=8080
APP_PORT=3000
# Ports on the host Docker will listen on. Specific to using docker-compose,
# can be ignored for a deployment with managed containers or k8s.
HOST_API_PORT=8080
HOST_APP_PORT=3000
# Set this to the url used by your users to access Marble's frontend from the browser.
# Must include the scheme (e.g http://), and the port if non-standard.
MARBLE_APP_URL="http://localhost:3000"
# Set those values to the URLs the Marble API can be reached at. Both must include the scheme (e.g http://)
# "MARBLE_API_URL_SERVER" must be reachable from the frontend host. With docker-compose, use the api container name as host name.
# "MARBLE_API_URL_CLIENT" must be reachable from the user's browser.
MARBLE_API_URL_SERVER="http://api:8080"
MARBLE_API_URL_CLIENT="http://localhost:8080"
# RSA private key, in PEM format, used for for signing authentication tokens. MUST be changed for production.
# We recommend using AUTHENTICATION_JWT_SIGNING_KEY_FILE to point to a private key on disk because multi-line
# environment variables are not handled very gracefully.
#
# If using AUTHENTICATION_JWT_SIGNING_KEY, line breaks should be replaced with '\n':
# e.g. AUTHENTICATION_JWT_SIGNING_KEY="-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBA...
#
# To generate a private key, use `openssl genrsa -out /path/to/private/key.pem 4096`.
# If left empty, a key will be regenerated on every app restart, which may cause unexpected logouts.
AUTHENTICATION_JWT_SIGNING_KEY=
# AUTHENTICATION_JWT_SIGNING_KEY_FILE=/shared/jwt_key.pem
# Configure your PostgreSQL database connection information, either by providing a DSN using this form:
# PG_CONNECTION_STRING='postgres://postgres:marble@localhost:5432/marble?sslmode=prefer'
# Or by setting each piece of information in those variables:
PG_HOSTNAME=db
PG_PORT=5432
PG_USER=postgres
PG_PASSWORD=changeme
# For production, this SHOULD be set to 'require'
PG_SSL_MODE=prefer
# Configure the ID of your Firebase project for authentication and the path to the service account's JSON private key file.
# - The 'Project ID' can be found in the 'General' section of your Firebase project's settings page.
# - The private key must be generated in the 'Service accounts' tab by clicking 'Generate new private key'
# If you are using GCS as a blob storage backend, the same service account key is used to sign URLs.
GOOGLE_CLOUD_PROJECT=
GOOGLE_APPLICATION_CREDENTIALS=/shared/service_account_key.json
# Configure the document blob storage backend.
# The example values MUST be changed for anything but a local test environment since the file provider does not support all features.
#
# Several blob storage implementations are supported:
# - 'file://{path}?create_dir=true' (see https://pkg.go.dev/gocloud.dev/blob/fileblob#URLOpener)
# - 'gs://{bucket_name}' for Google Cloud Storage
# - 's3://{bucket_name}' for AWS S3 or any S3-compatible platform (Minio, ...)
# - 'azblob://{bucket_name}' for Azure Blob Storage
#
# Depending on the used cloud provider, the idiomatic way to discover credentials will be used, such as:
# - GOOGLE_APPLICATION_CREDENTIALS or Application Default Credentials for Google Cloud Platform
# - AWS_DEFAULT_REGION, AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY or default profile for Amazon Web Services
# - AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_KEY or equivalent for Azure
#
# If you are using Minio, you should use the S3 provider with some options set, depending on your setup, for example:
# - s3://marble?awssdk=v1&endpoint=https://minio.local&s3ForcePathStyle=true
# When testing Marble, you can add the 'requireSSL=false' query parameter to connect in cleartext.
#
# See https://gocloud.dev/howto/blob/ for more details.
INGESTION_BUCKET_URL="file://./tempFiles/data-ingestion-bucket?create_dir=true"
CASE_MANAGER_BUCKET_URL="file://./tempFiles/case-manager-bucket?create_dir=true"
# Configure your Firebase project to allow username and password authentication.
# To retrieve this value, go into the settings of your Firebase project, and register
# a new app from the 'General' tab.
FIREBASE_API_KEY=
# Generate a random string, for instance using `openssl rand -base64 128 | tr -d "\n"`
SESSION_SECRET=changeme
SESSION_MAX_AGE=43200
#
# OPTIONAL SETTINGS
#
# Set your license key here if you have one in order to access premium features.
LICENSE_KEY=
# Change the two settings below to create your initial organization and users.
# The user must also have a matching account in the authentication store used (in Firebase, for example).
# Subsequent users will be able to be created from the application, and the variables
# can be left blank.
CREATE_ORG_NAME=
CREATE_ORG_ADMIN_EMAIL=
# Configure the connection details to your Metabase instance.
# - To retrieve the JWT signing key, go to your Metabase admin panel, in 'Settings', then 'Embedding', and click 'Manage' under 'Static embedding'
# - The dashboard ID is the ID of the dashboard you want to embed in Marble. You will find it when you publish a dashboard as
# a static embedding on Metabase.
# - The site url can be on a metabase domain, or can use your self-hosted Metabase instance.
METABASE_SITE_URL=
METABASE_JWT_SIGNING_KEY=
METABASE_GLOBAL_DASHBOARD_ID=
# Set up connection details to Convoy to enable webhooks sending.
# You can get your project ID and API key from your project settings page in Convoy's dashboard, in the "Secrets" section.
# NB: CONVOY_API_URL should be {scheme}://{host}:{port}/api - forgetting the /api will result in unexpected errors.
CONVOY_API_URL=
CONVOY_API_KEY=
CONVOY_PROJECT_ID=
# Configure the URL of the Elasticsearch instance used by yente for sanction screening.
# Those are not specific to marble, and are only used to configure containers
# when using docker-compose.
YENTE_ELASTICSEARCH_URL=http://marble-es:9200
YENTE_PORT=8000
ES_PORT=9200
# Configure access to the Open Sanctions API to use sanction checks
#
# If you use the SaaS Open Sanctions API, only uncomment OPENSANCTIONS_API_KEY and provide its values.
# If you self-host the API, uncomment all relevant settings to point to your deployment and configure authentication.
# - OPENSANCTIONS_AUTH_METHOD supports 'bearer' and 'basic'
# If basic, provide the username and password in the form of 'user:password'
# OPENSANCTIONS_API_HOST=http://self.hosted.local
# OPENSANCTIONS_AUTH_METHOD=bearer
# OPENSANCTIONS_API_KEY=
# Configure various external integrations.
SENTRY_DSN=
# If you need to support federated authentication through Firebase, you will need to configure the following settings:
# To retrieve those values, go into the settings of your Firebase project, and register a new app from the 'General' tab.
# The two pieces of information below will be provided to you after that.
# FIREBASE_APP_ID=
# FIREBASE_AUTH_DOMAIN=