itential-dev-stack/.env.example at main · itential/itential-dev-stack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
# Itential Dev Stack Configuration
# Copy to .env and customize required values: cp .env.example .env

# === REQUIRED ===
# 64-character hex encryption key (generate with: make generate-key)
ITENTIAL_ENCRYPTION_KEY=

# === IMAGES ===
# Full image URLs for Itential services (supports any registry)
# Default values (AWS ECR) are defined in defaults.env - uncomment below to override
#
# AWS ECR (default):
# PLATFORM_IMAGE=497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-platform-config-lcm:6
# GATEWAY4_IMAGE=497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway:4.3.7
# GATEWAY5_IMAGE=497639811223.dkr.ecr.us-east-2.amazonaws.com/automation-gateway5:5.1.0-amd64
#
# JFrog (requires: docker login itential.jfrog.io):
# PLATFORM_IMAGE=itential.jfrog.io/flowai/itential_flowai:v0.0.6
# GATEWAY5_IMAGE=itential.jfrog.io/flowai/itential_flowai_gateway5:5.3.0-amd64

# Dependency versions (from public registries, defaults in defaults.env)
# MONGO_VERSION=8.0
# REDIS_VERSION=7.4

# === GATEWAY MANAGER ===
GATEWAY5_CLUSTER_ID=cluster_1

# === NETWORK BINDING ===
# Controls which network interfaces services bind to
# Empty (default) = all interfaces (accessible from other machines)
# "127.0.0.1:" = localhost only (more secure for local development)
# BIND_ADDRESS=127.0.0.1:

# === PORTS ===
# Override if defaults conflict with existing services on your machine
# PLATFORM_PORT=3000
# GATEWAY_MANAGER_PORT=8080
# MONGO_PORT=27017
# REDIS_PORT=6379
# GATEWAY4_PORT=8083
# GATEWAY5_PORT=50051
# LDAP_PORT=3389
# MCP_SSE_PORT=8000
# OPENBAO_PORT=8200

# === OPTIONAL OVERRIDES ===
# LOG_LEVEL=debug

# === USER/GROUP IDS ===
# Override if using alternative images with different UIDs
# Standard Itential Platform uses UID 1001, flowai uses 1000
# To find an image's UID: docker image inspect <image> -f '{{.Config.User}}'
# PLATFORM_UID=1001
# PLATFORM_GID=1001
# Gateway4 UID/GID (default 1000):
# UID=1000
# GID=1000

# === LDAP (auto-starts with make setup/up, set to false to disable) ===
LDAP_ENABLED=true
# LDAP_PORT=3389
# LDAP_ADMIN_PASSWORD=admin

# === MCP (auto-starts with make setup/up, set to false to disable) ===
MCP_ENABLED=true
# MCP_VERSION=v0.10.0
# MCP_TRANSPORT=sse  # default is sse; use stdio for CLI tools
# MCP_SSE_PORT=8000
MCP_PLATFORM_USER=admin@itential
MCP_PLATFORM_PASSWORD=admin

# === OPENBAO (optional - set OPENBAO_ENABLED=true to auto-start with make setup/up) ===
# OpenBao is a Vault-compatible secrets management solution with persistent storage
# When enabled, Platform is automatically configured to use OpenBao
# Root token is generated on first run and saved to volumes/openbao/init-keys.json
# OPENBAO_ENABLED=true
# OPENBAO_VERSION=2
# OPENBAO_PORT=8200              # Host port mapping (change if 8200 is in use)

# === VAULT/OPENBAO PLATFORM INTEGRATION (auto-configured when OPENBAO_ENABLED=true) ===
# These are set automatically by configure-openbao.sh when OPENBAO_ENABLED=true
# You can also set these manually to connect Platform to an external Vault/OpenBao
# Note: ITENTIAL_VAULT_URL uses Docker internal network (always port 8200 internally)
# OPENBAO_PORT only affects host access (e.g., browser, CLI from host machine)
# ITENTIAL_VAULT_URL=http://openbao:8200
# ITENTIAL_VAULT_AUTH_METHOD=token
# ITENTIAL_VAULT_TOKEN=/opt/vault/token.txt  # File path to token (auto-configured)
# ITENTIAL_VAULT_SECRETS_ENDPOINT=secret/data
# ITENTIAL_VAULT_READ_ONLY=false
#
# Property Encryption Features:
# - Automatic: Adapter properties marked for encryption are stored in Vault
# - Manual: Use $SECRET_path $KEY_key syntax to reference Vault secrets
#   Example: "$SECRET_adapters/myapi $KEY_password" -> value at secret/data/adapters/myapi