Skip to content

Document .env variables #1188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
1 of 2 tasks
arkid15r opened this issue Mar 27, 2025 · 5 comments · Fixed by #1213
Closed
1 of 2 tasks

Document .env variables #1188

arkid15r opened this issue Mar 27, 2025 · 5 comments · Fixed by #1213
Assignees
@rishyym0927
Labels
docs Improvements or additions to documentation enhancement question

Comments

@arkid15r
Copy link
Collaborator

Describe the solution you'd like
Update documentation with meaning of all existing .env variables for OWASP Nest backend/frontend.

Are you going to work on implementing this?

  • Yes
  • No

Additional context
Consider using @coderabbitai's help for that.
@arkid15r arkid15r added docs Improvements or additions to documentation enhancement labels Mar 27, 2025
@github-project-automation github-project-automation bot moved this to Backlog in Project Nest Mar 27, 2025
@rishyym0927
Copy link
Contributor

Hey @arkid15r since I have worked with repo , I have good idea regarding this so can I work on it?

@arkid15r
Copy link
Collaborator Author

@coderabbitai help us here, create drafts for https://github.com/OWASP/Nest/blob/main/frontend/.env.example and https://github.com/OWASP/Nest/blob/main/backend/.env.example variables documenation

@arkid15r arkid15r moved this from Backlog to In progress in Project Nest Mar 27, 2025
@coderabbitai coderabbitai
Copy link
Contributor

coderabbitai bot commented Mar 27, 2025

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Get content of frontend/.env.example file
echo "Frontend .env.example file:"
cat frontend/.env.example

# Get content of backend/.env.example file
echo -e "\nBackend .env.example file:"
cat backend/.env.example

Length of output: 1035

🏁 Script executed:

#!/bin/bash
# Search for usage of frontend environment variables
echo "Searching for frontend environment variable usage..."
grep -r "VITE_API_URL" frontend/ --include="*.ts" --include="*.js" --include="*.tsx" --include="*.jsx" || echo "No direct references found for VITE_API_URL"

echo -e "\nSearch for how environment variables are loaded in frontend:"
find frontend -type f -name "*.ts" -o -name "*.js" -o -name "*.tsx" -o -name "*.jsx" | xargs grep -l "import.meta.env" | head -5

# Check if there's a config file in frontend that might explain environment variables
echo -e "\nLooking for config files in frontend:"
find frontend -name "*config*" -type f | head -5

# Search for usage of backend environment variables
echo -e "\nSearching for backend environment variable usage..."
grep -r "DJANGO_ALGOLIA" backend/ --include="*.py" || echo "No direct references found for DJANGO_ALGOLIA"

# Check if there are documentation files that might explain these variables
echo -e "\nLooking for documentation files:"
find . -name "*.md" | grep -i "env\|config\|setup\|install" | head -10

# Look at Django settings file which likely contains environment variable usage
echo -e "\nLooking for Django settings files:"
find backend -name "settings.py" -o -name "*settings*.py"

Length of output: 1483

🏁 Script executed:

#!/bin/bash
# Let's check for settings files in the Django project structure
echo "Checking for Django settings..."
find backend -path "*/settings/*" -type f -name "*.py"

# Check for API files that might use the VITE_API_URL
echo -e "\nChecking for API usage in frontend..."
grep -r "API_URL" frontend/src/ --include="*.ts" --include="*.js" --include="*.tsx" --include="*.jsx"

# Look for GraphQL usage
echo -e "\nChecking for GraphQL usage..."
grep -r "GRAPHQL_URL" frontend/src/ --include="*.ts" --include="*.js" --include="*.tsx" --include="*.jsx"

# Check for Sentry configuration
echo -e "\nChecking for Sentry configuration..."
grep -r "SENTRY_DSN" frontend/src/ --include="*.ts" --include="*.js" --include="*.tsx" --include="*.jsx"
grep -r "SENTRY_DSN" backend/ --include="*.py"

# Check for GTM usage
echo -e "\nChecking for Google Tag Manager (GTM) usage..."
grep -r "GTM_" frontend/src/ --include="*.ts" --include="*.js" --include="*.tsx" --include="*.jsx"

# Look for Algolia configuration in Django
echo -e "\nChecking for Algolia configuration..."
find backend -type f -name "*.py" | xargs grep -l "algolia" || echo "No Algolia references found"

# Check for OpenAI usage
echo -e "\nChecking for OpenAI usage..."
grep -r "OPEN_AI" backend/ --include="*.py" || echo "No OpenAI references found"

# Check for database configuration
echo -e "\nChecking for database configuration..."
grep -r "DATABASES" backend/ --include="*.py"

# Look for any environment variable documentation in README or docs
echo -e "\nChecking for existing documentation..."
find . -name "README.md" -o -name "CONTRIBUTING.md" | xargs grep -l "env" || echo "No environment variable documentation found in README files"

Length of output: 4088

@arkid15r I'll create documentation drafts for both the frontend and backend environment variables. Based on my analysis of the codebase, here are the draft documentations:

Frontend Environment Variables (.env.example)

# Frontend Environment Variables Documentation

This document describes all environment variables used in the OWASP Nest frontend application.

## API Configuration

### VITE_API_URL
- **Description**: URL for the backend REST API endpoints
- **Default**: `http://localhost:8000/api/v1/`
- **Used in**: API requests throughout the application
- **Example**: `https://api.example.com/api/v1/`

### VITE_GRAPHQL_URL
- **Description**: URL for the GraphQL API endpoint
- **Default**: `http://localhost:8000/graphql/`
- **Used in**: Apollo GraphQL client configuration
- **Example**: `https://api.example.com/graphql/`

### VITE_IDX_URL
- **Description**: URL for the indexing service
- **Default**: `http://localhost:8000/idx/`
- **Example**: `https://api.example.com/idx/`

## Environment Configuration

### VITE_ENVIRONMENT
- **Description**: Specifies the environment the application is running in
- **Default**: `local`
- **Valid values**: `local`, `development`, `staging`, `production`
- **Used for**: Conditionally enabling features based on environment

### VITE_RELEASE_VERSION
- **Description**: Application version for deployment tracking
- **Default**: Empty (auto-populated during CI/CD)
- **Example**: `1.0.0` or Git commit hash

## Analytics and Monitoring

### VITE_GTM_ID
- **Description**: Google Tag Manager container ID
- **Default**: `your-google-tag-manager-id`
- **Example**: `GTM-XXXXXXX`
- **Used in**: Google Tag Manager integration for analytics

### VITE_GTM_AUTH
- **Description**: Google Tag Manager authentication parameter
- **Default**: `your-google-tag-manager-auth`
- **Example**: Alphanumeric authentication string
- **Used with**: GTM environments

### VITE_GTM_PREVIEW
- **Description**: Google Tag Manager preview parameter
- **Default**: Empty
- **Example**: `env-X` where X is a number
- **Used for**: Testing GTM configurations

### VITE_SENTRY_DSN
- **Description**: Sentry Data Source Name for error tracking
- **Default**: Empty
- **Example**: `https://[email protected]/0`
- **Used in**: Error monitoring and reporting

Backend Environment Variables (.env.example)

# Backend Environment Variables Documentation

This document describes all environment variables used in the OWASP Nest backend application.

## Django Core Configuration

### DJANGO_SECRET_KEY
- **Description**: Django secret key used for cryptographic signing
- **Default**: `None`
- **Requirement**: Must be a long, random string in production
- **Security**: Critical security setting, must be kept secret

### DJANGO_ALLOWED_HOSTS
- **Description**: List of host/domain names that Django can serve
- **Default**: `*` (allows all hosts, insecure for production)
- **Example**: `example.com,www.example.com`
- **Security**: Should be set to specific domains in production

### DJANGO_CONFIGURATION
- **Description**: Django configuration class to use
- **Default**: `Test`
- **Valid values**: `Test`, `Local`, `Staging`, `Production`
- **Used in**: Application configuration management

### DJANGO_PUBLIC_IP_ADDRESS
- **Description**: Public IP address of the server
- **Default**: `"127.0.0.1"`
- **Used for**: Network configuration and access control

### DJANGO_RELEASE_VERSION
- **Description**: Backend application version identifier
- **Default**: `None`
- **Example**: `1.0.0` or Git commit hash
- **Used for**: Version tracking in logs and error reports

## Database Configuration

### DJANGO_DB_NAME
- **Description**: PostgreSQL database name
- **Default**: `None`
- **Example**: `nest_db`

### DJANGO_DB_USER
- **Description**: PostgreSQL database user
- **Default**: `None`
- **Example**: `nest_user`

### DJANGO_DB_PASSWORD
- **Description**: PostgreSQL database password
- **Default**: `None`
- **Security**: Must be kept secret

### DJANGO_DB_HOST
- **Description**: PostgreSQL database host
- **Default**: `None`
- **Example**: `localhost` or `db.example.com`

### DJANGO_DB_PORT
- **Description**: PostgreSQL database port
- **Default**: `None`
- **Example**: `5432`

## Search Functionality (Algolia)

### DJANGO_ALGOLIA_APPLICATION_ID
- **Description**: Algolia application ID for search functionality
- **Default**: `None`
- **Used in**: Search indexing and querying

### DJANGO_ALGOLIA_WRITE_API_KEY
- **Description**: Algolia API key with write permissions
- **Default**: `None`
- **Security**: Must be kept secret
- **Used for**: Managing search indices

### DJANGO_ALGOLIA_EXCLUDED_LOCAL_INDEX_NAMES
- **Description**: Names of Algolia indices to exclude from local environment
- **Default**: `None`
- **Example**: `users,projects`
- **Used to**: Prevent modifying production indices during development

## External Services

### DJANGO_OPEN_AI_SECRET_KEY
- **Description**: OpenAI API key for AI-powered features
- **Default**: `None`
- **Security**: Must be kept secret
- **Used in**: AI text generation and analysis

### DJANGO_SENTRY_DSN
- **Description**: Sentry Data Source Name for error tracking
- **Default**: `None`
- **Used in**: Error monitoring and reporting in production

### DJANGO_SLACK_BOT_TOKEN
- **Description**: Slack bot token for integration with Slack
- **Default**: `None`
- **Security**: Must be kept secret
- **Used for**: Sending notifications to Slack

### DJANGO_SLACK_SIGNING_SECRET
- **Description**: Slack signing secret to verify requests
- **Default**: `None`
- **Security**: Must be kept secret
- **Used for**: Verifying Slack webhook requests

## AWS Configuration

### DJANGO_AWS_ACCESS_KEY_ID
- **Description**: AWS access key ID for AWS services access
- **Default**: `None`
- **Security**: Must be kept secret
- **Used for**: S3 and other AWS service integrations

### DJANGO_AWS_SECRET_ACCESS_KEY
- **Description**: AWS secret access key
- **Default**: `None`
- **Security**: Must be kept secret
- **Used with**: AWS access key ID for authentication

## GitHub Integration

### GITHUB_TOKEN
- **Description**: GitHub personal access token or OAuth token
- **Default**: `None`
- **Security**: Must be kept secret
- **Used for**: GitHub API interactions
- **Permissions needed**: Depends on the features using GitHub API

Would you like me to make any adjustments to these documentation drafts? I can provide more specific information about certain variables if needed.

@arkid15r
Copy link
Collaborator Author

@rishyym0927 you can use this content -- review it and add into the documentation structure.

@rishyym0927
Copy link
Contributor

Hey @arkid15r do I need to update this in readme.md only or in the docs or in the both?

@rishyym0927 rishyym0927 mentioned this issue Mar 30, 2025
Merged
3 tasks
@github-project-automation github-project-automation bot moved this from In progress to Done in Project Nest Apr 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rishyym0927 rishyym0927

Labels
docs Improvements or additions to documentation enhancement question
Projects
Project Nest
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Environment Variables Documentation rishyym0927/Nest
2 participants
@arkid15r @rishyym0927