.env.example

# --- Shared env vars ---
LOG_LEVEL=INFO
COMPOSE_PROJECT_NAME=tracecat

# --- Shared URL env vars ---
PUBLIC_APP_URL=http://localhost
PUBLIC_API_URL=http://localhost/api
INTERNAL_API_URL=http://api:8000

# -- Caddy env vars ---
BASE_DOMAIN=:80
# Note: replace with your server's IP address
ADDRESS=0.0.0.0

# --- App and DB env vars ---
# One of `development`, `staging`, or `production`
TRACECAT__APP_ENV=development
# Used to encrypt/decrypt sensitive keys in the database
# Can be generated using `python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"`
TRACECAT__DB_ENCRYPTION_KEY=your-tracecat-db-fernet-key
# Used to authenticate with Tracecat services
# Can be generated using `openssl rand -hex 32`
TRACECAT__SERVICE_KEY=your-tracecat-service-key
# Used to generate private webhook URLs
# Can be generated using `openssl rand -hex 32`
TRACECAT__SIGNING_SECRET=your-tracecat-signing-secret
# API Service URL
TRACECAT__API_URL=${INTERNAL_API_URL}
# Root path to deal with extra path prefix behind the reverse proxy
TRACECAT__API_ROOT_PATH=/api
# Public Runner URL
# This is the public URL for incoming webhooks
# If you wish to expose your webhooks to the internet, you can use a tunneling service like ngrok.
# If using ngrok, run `ngrok http --domain=INSERT_STATIC_NGROK_DOMAIN_HERE 8001`
# to start ngrok and update this with the forwarding URL
TRACECAT__PUBLIC_RUNNER_URL=${PUBLIC_API_URL}
# CORS (comman separated string of allowed origins)
TRACECAT__ALLOW_ORIGINS=http://localhost:3000,${PUBLIC_APP_URL}
# Postgres SSL model
TRACECAT__DB_SSLMODE=disable
TRACECAT__PUBLIC_APP_URL=${PUBLIC_APP_URL}
TRACECAT__PUBLIC_API_URL=${PUBLIC_API_URL}

# --- Postgres ---
TRACECAT__POSTGRES_USER=postgres
TRACECAT__POSTGRES_PASSWORD=postgres
TRACECAT__DB_URI=postgresql+psycopg://${TRACECAT__POSTGRES_USER}:${TRACECAT__POSTGRES_PASSWORD}@postgres_db:5432/postgres

# --- Shared frontend env vars ---
# Important: environment variables prefixed with `NEXT_PUBLIC_` are exposed to the browser client
# You may need to adjust the domain (default `localhost`) based on your setup
# Containers in the same network can communicate with each other using the service name
# Or you can use the host.docker.internal to communicate with the host machine
NODE_ENV=development
NEXT_PUBLIC_APP_ENV=development
# The frontend app URL
NEXT_PUBLIC_APP_URL=${PUBLIC_APP_URL}
# Allows the browser to communicate with the backend
NEXT_PUBLIC_API_URL=${PUBLIC_API_URL}
# Allows the frontend server (inside docker) to communicate with the backend server (inside docker)
NEXT_SERVER_API_URL=${INTERNAL_API_URL}

# --- Authentication ---
# One or more comma-separated values from `basic`, `google_oauth`
TRACECAT__AUTH_TYPES=basic,google_oauth

OAUTH_CLIENT_ID=
OAUTH_CLIENT_SECRET=
USER_AUTH_SECRET=your-auth-secret


# --- Temporal ---
TEMPORAL__CLUSTER_URL=temporal:7233
TEMPORAL__CLUSTER_QUEUE=tracecat-task-queue
TEMPORAL__CLUSTER_NAMESPACE=default
TEMPORAL__VERSION=1.24.2
TEMPORAL__POSTGRES_USER=temporal
TEMPORAL__POSTGRES_PASSWORD=temporal
TEMPORAL__UI_VERSION=2.26.2

# --- Cloud only ---
# Tracecat Cloud only, please ignore if self-hosted:
NEXT_PUBLIC_POSTHOG_KEY=
NEXT_PUBLIC_POSTHOG_HOST=https://us.i.posthog.com
NEXT_PUBLIC_DISABLE_SESSION_RECORDING=true

# --- SMTP settings ---
# Settings used by the core.send_email_smtp action
SMTP_HOST=smtp.example.com
SMTP_PORT=465
SMTP_STARTTLS_ENABLED=1
SMTP_SSL_ENABLED=0
SMTP_IGNORE_CERT_ERRORS=0
SMTP_AUTH_ENABLED=1
SMTP_USER=testuser
SMTP_PASS=test

# --- LDAP settings ---
# Settings used by the integrations.ldap actions
LDAP_HOST=ldap.example.com
LDAP_PORT=389
LDAP_SSL=0
LDAP_TYPE=AD