# your FQDN or IP; used to define ALLOWED_HOSTS and CSRF_TRUSTED_ORIGINS # multiple domains or IPs supported via comma as delimiter DOMAIN=vouchervault.example.com # set to True if you use a reverse proxy with tls; enables secure cookie flag and hsts SECURE_COOKIES=False # define the maximum session age in minutes SESSION_COOKIE_AGE=30 # decide whether session cookie is invalidated on browser close SESSION_EXPIRE_AT_BROWSER_CLOSE=False # send notifications xx days prior expiry; default is 30 EXPIRY_THRESHOLD_DAYS=90 # define the timezone TZ=Europe/Berlin # comma-separated list of allowed sources for the csp `frame-ancestors` directive #CSP_FRAME_ANCESTORS="https://other.example.tld:443" # ------- PSQL DB ENVS -------- #DB_ENGINE=postgres #POSTGRES_USER=vouchervault #POSTGRES_PASSWORD=vouchervault #POSTGRES_DB=vouchervault #POSTGRES_HOST=vouchervault-psql # ------- OPTIONAL OIDC AUTH -------- # Set to 'True' to enable OIDC authentication #OIDC_ENABLED=True # Decide whether login area triggers automatic OIDC login flow #OIDC_AUTOLOGIN=False # Set to 'True' to allow the creation of new users through OIDC #OIDC_CREATE_USER=True # The signing algorithm used by the OIDC provider (e.g., RS256, HS256) #OIDC_RP_SIGN_ALGO=RS256 # URL of the JWKS endpoint for the OIDC provider #OIDC_OP_JWKS_ENDPOINT=https://authentik.example.com/application/o/vouchervault/jwks/ # Client ID for your OIDC RP #OIDC_RP_CLIENT_ID=vouchervault # Client secret for your OIDC RP #OIDC_RP_CLIENT_SECRET=super-secure-secret-key # Authorization endpoint URL of the OIDC provider #OIDC_OP_AUTHORIZATION_ENDPOINT=https://authentik.example.com/application/o/authorize/ # Token endpoint URL of the OIDC provider #OIDC_OP_TOKEN_ENDPOINT=https://authentik.example.com/application/o/token/ # User info endpoint URL of the OIDC provider #OIDC_OP_USER_ENDPOINT=https://authentik.example.com/application/o/userinfo/ # ------- OTHER OPTIONAL ENVS -------- # optional; if not defined, a secure secret is auto-generated #SECRET_KEY=ChooseSuperSecretKey # optional; only relevant if you use a custom port; used to define CSRF_TRUSTED_ORIGINS #PORT=8000 # optional; only change if you use another redis container #REDIS_URL=redis://redis:6379/0