-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
78 lines (63 loc) · 3.36 KB
/
.env.example
File metadata and controls
78 lines (63 loc) · 3.36 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# =========================================================================
# O.D.I.A. environment template
# -------------------------------------------------------------------------
# Copy this file to `.env` in the repository root, fill in real values, and
# leave that `.env` OUT of git (it is gitignored). Never commit secrets.
#
# Generate strong random values where indicated. On Linux/macOS:
# python -c "import secrets; print(secrets.token_urlsafe(32))"
# On Windows PowerShell:
# python -c "import secrets; print(secrets.token_urlsafe(32))"
# =========================================================================
# -------------------------------------------------------------------------
# n8n automation integration (Track A, v2.7.1)
# -------------------------------------------------------------------------
# Shared secret the backend verifies on every /api/v1/webhook/* call.
# Must match the `X-ODIA-Webhook-Token` header n8n's HTTP Request nodes
# send from their credential vault. If unset, register_webhook_routes()
# logs an error and refuses to expose the /webhook/* surface — this is
# intentional, failing loud beats silently exposing an open pipeline.
#
# Generate: python -c "import secrets; print(secrets.token_urlsafe(32))"
ODIA_WEBHOOK_TOKEN=
# n8n's credential encryption key. Used to encrypt stored OAuth tokens,
# API keys, etc. at rest in the n8n database. Set ONCE per deployment —
# rotating this invalidates every stored credential and requires you to
# re-enter them in the n8n UI. 32 random bytes.
#
# Generate: python -c "import secrets; print(secrets.token_hex(32))"
N8N_ENCRYPTION_KEY=
# Basic-auth credentials for the n8n editor UI at http://localhost:5678
N8N_BASIC_AUTH_USER=admin
N8N_BASIC_AUTH_PASSWORD=
# Postgres root password — shared between n8n's execution history DB
# and the optional ODIA provenance extension. Use a strong password;
# even on localhost a weak one is a pivot target for anything that
# breaks out of the container network.
POSTGRES_PASSWORD=
# -------------------------------------------------------------------------
# Optional operational knobs
# -------------------------------------------------------------------------
# Email to notify on n8n workflow failures (WF-011 Failure-Digest target)
ODIA_ALERT_EMAIL=
# Google Drive folder ID where n8n WF-010 uploads generated MAS DOCX
# reports. Obtain the ID from the folder URL:
# https://drive.google.com/drive/folders/<THIS_IS_THE_ID>
ODIA_DRIVE_MAS_FOLDER=
# Timezone for n8n CRON triggers + timestamped audit log rows. Must be a
# valid IANA zone identifier. Defaults to America/Los_Angeles because the
# platform's current deployment footprint is California jurisdictions.
TZ=America/Los_Angeles
# -------------------------------------------------------------------------
# Advanced — usually leave as defaults
# -------------------------------------------------------------------------
# n8n editor hostname + webhook URL. Change if you are reverse-proxying
# n8n behind a public domain.
# N8N_HOST=localhost
# WEBHOOK_URL=http://localhost:5678/
# Override the backend's database URL. Default is SQLite at the repo
# root (oraculus_audit.db). For the full docker-compose stack, the
# backend container auto-sets this to the shared Postgres instance via
# ODIA_DB_URL in docker-compose.n8n.yml — you do not need to set it
# here.
# DATABASE_URL=sqlite:///./oraculus_audit.db