-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.env
69 lines (54 loc) · 2.82 KB
/
.env
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
# Please see the README.m for details on steps to be taken when updating Keycloak
KEYCLOAK_VERSION=26.0.5
# These is the master realm administrator account
KC_BOOTSTRAP_ADMIN_USERNAME=root
KC_BOOTSTRAP_ADMIN_PASSWORD=test
KEYCLOAK_BASE_URL=http://auth.openfoodfacts.localhost:5600
KEYCLOAK_REALM_NAME=open-products-facts
# The image tag to use when running as a dependency rather than using the local dev image
KEYCLOAK_TAG=main
# Docker compose settings
COMPOSE_PROJECT_NAME=openfoodfacts-auth
COMPOSE_PATH_SEPARATOR=,
# Compose file path for running as a dependency
COMPOSE_FILE_RUN=docker-compose.yml,docker-compose-run.yml
# Additional overrides used for local development
COMPOSE_FILE=${COMPOSE_FILE_RUN},docker/dev.yml
# A three step process is used to set up database accounts. Ultimately we will move the first two steps into
# shared services.
# The first step creates the local PostgreSQL instance with admin credentials that would be very secret
KC_DB_URL_HOST=keycloak_postgres
PG_ADMIN_USERNAME=postgres
PG_ADMIN_PASSWORD=SuperSecret123!
# The second step is to create a "bootstrap" user which has minimal permissions to create other users, so is less secret
PG_BOOTSTRAP_USERNAME=bootstrap
PG_BOOTSTRAP_PASSWORD=off
# The final step is to create the user account for this specific service (done using the bootstrap credentials)
KC_DB_USERNAME=keycloak
KC_DB_PASSWORD=Secret123!
# Clients are provided in a space delimited list in the form CLIENT_ID,BASE_URL
# Keycloak will create a service account user for each client in the form service-account-<client_id>
# where <client_id> is the CLIENT_ID in lower case.
# If an environment variable named <CLIENT_ID>_CLIENT_SECRET is present then this will be used to create
# the CLIENT_SECRET for the client. Otherwise a new, random secret will be generated
# NOTE: Client id's created in this way cannot include hyphens
CLIENTS=OFF,http://world.openfoodfacts.localhost OPFF,https://world.openpetfoodfacts.org OFF_PRO,http://world.pro.openfoodfacts.localhost
# Generate specific secrets for the OFF and OFF_PRO clients so that they match the configuration in Product Opener for local development
OFF_CLIENT_SECRET=Cf4NdSAjZsNO9HLcuXeuvukzFu00roQa
OFF_PRO_CLIENT_SECRET=1ILwRhBtNJJDQrHp8lR7yrP9S0N2W7al
# Redis is used to broadcast events when users are registered and deleted.
REDIS_URL=redis:6379
# Keycloak needs email for initial email address validation and "forgot password" flows.
SMTP_SERVER=smtp
# Network to expose on. To restrict to local host only use KEYCLOAK_EXPOSE=127.0.0.1:
# ends with ":"
KEYCLOAK_EXPOSE=
KEYCLOAK_HTTP_PORT=5600
KEYCLOAK_MANAGEMENT_PORT=5602
# Set to "prod" for hardened deployment or "dev" for start-dev.
KEYCLOAK_STARTUP=dev
COMMON_NET_NAME=off_shared_network
# Following are only needed for tests
SMTP4DEV_PORT=5605
TEST_CLIENT_ID=test-client
TEST_CLIENT_SECRET=test-secret123