-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
37 lines (30 loc) · 1.56 KB
/
Copy path.env.example
File metadata and controls
37 lines (30 loc) · 1.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# ---------------------------------------------------------------------------
# MAC central auth service — environment template.
# Copy to `.env` and fill in. NEVER commit the real .env.
# Secrets live in the committee password manager under projects@monashcoding.com.
# ---------------------------------------------------------------------------
# Public base URL of this service (used as JWT issuer and OAuth redirect base).
# Locally you can use http://localhost:3000
BETTER_AUTH_URL=https://auth.monashcoding.com
# Long random secret for Better Auth (sessions, state signing).
# Generate: openssl rand -base64 32
BETTER_AUTH_SECRET=replace-me-with-openssl-rand-base64-32
# --- Postgres (self-hosted) ---
# IMPORTANT: keep the password URL/shell-safe — letters and digits only. Characters
# like $ @ : / # break Docker/Dokploy env interpolation and the assembled DATABASE_URL.
# Generate a safe one: openssl rand -hex 24
POSTGRES_USER=mac_auth
POSTGRES_PASSWORD=replace-me-hex-only-no-special-chars
POSTGRES_DB=mac_auth
# --- Google OAuth ---
# Redirect URI to register: https://auth.monashcoding.com/api/auth/callback/google
GOOGLE_CLIENT_ID=
GOOGLE_CLIENT_SECRET=
# --- Microsoft OAuth (tenant "common" — personal + work/school accounts) ---
# Redirect URI to register: https://auth.monashcoding.com/api/auth/callback/microsoft
MICROSOFT_CLIENT_ID=
MICROSOFT_CLIENT_SECRET=
# Origins allowed to initiate auth flows (comma-separated).
TRUSTED_ORIGINS=https://monmap.monashcoding.com,https://jobs.monashcoding.com
# JWT audience claim MAC apps verify against.
JWT_AUDIENCE=mac-suite