# Application NODE_ENV=development PORT=3001 API_PREFIX=api # Database # NOTE: App uses tos_app (separate from Keycloak's tos_db) DATABASE_URL="postgresql://tos_user:tos_secret_password@localhost:5432/tos_app?schema=public" # JWT / Keycloak # IMPORTANT: Change JWT_SECRET in production! Use a cryptographically secure random string. JWT_SECRET=your-super-secret-jwt-key-change-in-production KEYCLOAK_URL=http://localhost:8080 KEYCLOAK_REALM=tOS # NOTE: Client ID must match the Keycloak realm configuration in docker/keycloak/realm-export.json KEYCLOAK_CLIENT_ID=tos-backend KEYCLOAK_CLIENT_SECRET=your-keycloak-backend-client-secret # Encryption # IMPORTANT: Generate a secure 32+ character key for production! # You can generate one with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))" ENCRYPTION_KEY=your-32-byte-encryption-key-change-in-production # Redis (required for BullMQ in production) # REDIS_HOST=localhost # REDIS_PORT=6379 # ============================================================================= # Settings moved to the database (SystemSettings table) # ============================================================================= # The following env vars are no longer read by the application. # Their values are stored in the database and can be managed via the # admin UI at /admin/system-settings or via the API at PUT /api/v1/system-settings/:key. # # To seed initial values from a .env file, run the migration script: # npx ts-node prisma/migrate-env-to-db.ts # # Keys and their DB equivalents: # CORS_ORIGINS -> cors.origins (cors category) # SWAGGER_ENABLED -> feature.swagger.enabled (feature category) # ENABLE_SYNC_JOBS -> feature.syncJobs.enabled (feature category) # SYNC_INTERVAL_PLENTYONE -> sync.interval.plentyone (sync category) # SYNC_INTERVAL_ZULIP -> sync.interval.zulip (sync category) # SYNC_INTERVAL_TODOIST -> sync.interval.todoist (sync category) # SYNC_INTERVAL_FREESCOUT -> sync.interval.freescout (sync category) # SYNC_INTERVAL_NEXTCLOUD -> sync.interval.nextcloud (sync category) # SYNC_INTERVAL_ECODMS -> sync.interval.ecodms (sync category) # SYNC_INTERVAL_GEMBADOCS -> sync.interval.gembadocs (sync category) # # Integration credentials (PLENTYONE_*, ZULIP_*, TODOIST_*, FREESCOUT_*, # NEXTCLOUD_*, ECODMS_*, GEMBADOCS_*) are stored encrypted in the # IntegrationCredential table and managed via /admin/integrations.