TehRiehlDeal/TehRiehlIncremental
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
TehRiehlIncremental/.env.example
T
TehRiehlDeal 2dd1d8cb01 chore: bootstrap monorepo with TMT-compatible schema and day-1 content 
Sets up the pnpm workspace, shared TS types and formula/predicate
registries, and the six day-1 content layers (Code, Commits, Coffee,
Tickets, Releases, Tech Debt). Why now: subsequent backend and
client work depends on a stable shared contract — the formula
registry approach (no eval) means content stays data-only and both
sides can validate against the same types.

Coverage gate at 90% (currently 98.83% branches, 100% lines).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-17 12:07:39 -07:00

40 lines
1.6 KiB
Bash
Raw Permalink Blame History

# =============================================================================
# TehRiehlIncremental — example environment file
# =============================================================================
# Copy to .env and fill in real values. DO NOT commit .env.
#
# SECURITY: The encryption keys below are EXAMPLES ONLY. Regenerate them for
# any environment that touches real user data. Suggested commands:
#
# openssl rand -base64 32 # for ENCRYPTION_MASTER_KEY
# openssl rand -base64 32 # for EMAIL_HASH_SECRET
# openssl rand -base64 64 # for JWT_SECRET / JWT_REFRESH_SECRET
# =============================================================================
# --- Database ---
DATABASE_URL="postgresql://teh_riehl:dev_password@localhost:5432/teh_riehl?schema=public"
# --- Encryption ---
# 32 random bytes, base64-encoded. Used as the KEK (Key Encryption Key) for
# envelope encryption of all field-level encrypted columns and save blobs.
# REPLACE BEFORE DEPLOYING.
ENCRYPTION_MASTER_KEY="REPLACE_ME_BASE64_32_BYTES_xxxxxxxxxxxxxxxxxxxxxx="
# HMAC-SHA256 secret used to derive blind indexes for emails (so we can look up
# users by email without storing plaintext). REPLACE BEFORE DEPLOYING.
EMAIL_HASH_SECRET="REPLACE_ME_BASE64_32_BYTES_xxxxxxxxxxxxxxxxxxxxxx="
# --- Auth ---
JWT_SECRET="REPLACE_ME_BASE64_64_BYTES"
JWT_REFRESH_SECRET="REPLACE_ME_BASE64_64_BYTES_DIFFERENT"
JWT_ACCESS_TTL="15m"
JWT_REFRESH_TTL="7d"
# --- Server ---
PORT="3000"
NODE_ENV="development"
CORS_ORIGIN="http://localhost:5173"
# --- Client (Vite) ---
VITE_API_BASE_URL="http://localhost:3000"
Reference in New Issue View Git Blame Copy Permalink