# ============================================================================= # GoodGo Platform - Shared Environment Variables (EXAMPLE) # ============================================================================= # This file contains SHARED configuration for all services in the platform. # Service-specific configs (DATABASE_URL, PORT, SERVICE_NAME) are defined in # docker-compose.yml for each service. # # SETUP: Copy this file to .env.local and fill in your actual values # Command: cp env.local.example .env.local # # ============================================================================= # ============================================================================= # AUTHENTICATION - Shared across all services # ============================================================================= # CRITICAL: These secrets MUST be identical across all services for JWT validation # Generate secure secrets: openssl rand -base64 32 JWT_SECRET=your-super-secret-jwt-key-min-32-characters-change-me JWT_REFRESH_SECRET=your-super-secret-refresh-key-min-32-characters-change-me JWT_EXPIRES_IN=15m JWT_REFRESH_EXPIRES_IN=7d # ID Token (OIDC) JWT_ID_SECRET=your-super-secret-id-key-min-32-characters-change-me JWT_ID_EXPIRES_IN=1h # Data Encryption (AES-256-GCM) # Required for encrypting sensitive data at rest (MFA secrets, etc.) # Generate: openssl rand -hex 32 ENCRYPTION_KEY=your-32-byte-hex-encryption-key-must-be-64-chars # ============================================================================= # SHARED INFRASTRUCTURE # ============================================================================= # Redis Configuration (shared cache/session store) REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD= # Neon PostgreSQL (get from https://console.neon.tech) # Each service can have its own database, or share with schema isolation # Format: postgresql://user:password@host/database?sslmode=require DATABASE_URL=postgresql://username:password@host.neon.tech/database?sslmode=require # ============================================================================= # PLATFORM CONFIGURATION # ============================================================================= NODE_ENV=development LOG_LEVEL=debug API_VERSION=v1 # CORS - Allowed origins for all services CORS_ORIGIN=http://localhost:3000,http://localhost:3001,http://localhost,http://admin.localhost # ============================================================================= # OBSERVABILITY # ============================================================================= # Distributed Tracing TRACING_ENABLED=false JAEGER_ENDPOINT=http://jaeger:14268/api/traces # Prometheus Metrics (exposed by each service at /metrics) METRICS_ENABLED=true # ============================================================================= # EXTERNAL SERVICES (Optional) # ============================================================================= # Email Configuration EMAIL_FROM=noreply@goodgo.vn # EMAIL_HOST=smtp.gmail.com # EMAIL_PORT=587 # EMAIL_USER=your-email@gmail.com # EMAIL_PASSWORD=your-app-password # ============================================================================= # NOTES # ============================================================================= # # Service-Specific Configurations: # --------------------------------- # The following are defined PER SERVICE in docker-compose.yml: # - PORT: Unique port for each service (5001, 5002, 5003, etc.) # - SERVICE_NAME: Service identifier (iam-service, user-service, etc.) # - DATABASE_URL: Can override for service-specific database # # Traefik API Gateway: # -------------------- # - Configuration: infra/traefik/ # - Services auto-discovered via Docker labels # - Access services: http://localhost/api/v1/{service-name} # - Dashboard: http://localhost:8080 # # Database Strategy: # ------------------ # - Each service can have its own Neon database (microservices pattern) # - Or share database with schema isolation # - Get database URLs from: https://console.neon.tech # - Use connection pooling for better performance # # Security: # --------- # - NEVER commit .env.local to git (it's in .gitignore) # - Rotate JWT secrets regularly in production # - Use strong, unique secrets (min 32 characters) # - Enable SSL/TLS in production (Traefik handles this) # # Quick Start: # ------------ # 1. Copy this file: cp env.local.example .env.local # 2. Update JWT_SECRET and JWT_REFRESH_SECRET with secure values # 3. Update DATABASE_URL with your Neon PostgreSQL connection string # 4. Start platform: docker-compose up -d # # =============================================================================