INSIGHT-MVP/.env.example

# ============================================================
# INSIGHT MVP - Umgebungsvariablen
# ============================================================
# Kopiere diese Datei nach .env und befuelle die Werte.
# .env wird NIEMALS in Git committed!
# ============================================================

# --- Allgemein ---
NODE_ENV=development
APP_PORT=3000
APP_URL=https://insight-dev.xinion.lan
FRONTEND_URL=https://insight-dev.xinion.lan
LOG_LEVEL=info

# --- PostgreSQL ---
DB_HOST=pgbouncer
DB_PORT=6432
DB_USER=insight
DB_PASSWORD=                    # Sicheres Passwort setzen!
DB_NAME=platform_core
DATABASE_URL=postgresql://${DB_USER}:${DB_PASSWORD}@${DB_HOST}:${DB_PORT}/${DB_NAME}

# Direktverbindung (fuer Prisma Migrate, umgeht PgBouncer)
DB_DIRECT_HOST=postgres
DB_DIRECT_PORT=5432
DATABASE_URL_DIRECT=postgresql://${DB_USER}:${DB_PASSWORD}@${DB_DIRECT_HOST}:${DB_DIRECT_PORT}/${DB_NAME}

# --- Redis ---
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=                 # Optional, aber empfohlen

# --- JWT (RS256) ---
JWT_PRIVATE_KEY_PATH=/app/keys/jwt-private.pem
JWT_PUBLIC_KEY_PATH=/app/keys/jwt-public.pem
JWT_ACCESS_TOKEN_EXPIRY=15m
JWT_REFRESH_TOKEN_EXPIRY=7d
JWT_ISSUER=insight-platform

# --- Bcrypt ---
BCRYPT_COST=12

# --- CORS ---
CORS_ORIGINS=https://insight-dev.xinion.lan

# --- Rate Limiting ---
THROTTLE_TTL=60000
THROTTLE_LIMIT=200

# --- Traefik ---
TRAEFIK_DASHBOARD_USER=admin
TRAEFIK_DASHBOARD_PASSWORD=     # htpasswd Hash

# --- step-ca (mTLS) ---
STEP_CA_URL=https://step-ca:9000
STEP_CA_FINGERPRINT=            # step-ca Root CA Fingerprint

# --- SMTP (fuer Einladungs-E-Mails) ---
SMTP_HOST=
SMTP_PORT=587
SMTP_USER=
SMTP_PASSWORD=
SMTP_FROM=noreply@xinion.de

# --- Observability ---
GRAFANA_ADMIN_USER=admin
GRAFANA_ADMIN_PASSWORD=         # Sicheres Passwort setzen!

# --- MS SSO (Beta - noch nicht aktiv) ---
# MS_SSO_CLIENT_ENCRYPTION_KEY=  # AES-256 Key fuer Client Secret Verschluesselung

# --- KI-Hilfe-Chat (optional) ---
# ANTHROPIC_API_KEY=             # Claude API Key
# AI_CHAT_ENABLED=false

# --- DeepL (optional, fuer Hilfesystem-Uebersetzungen) ---
# DEEPL_API_KEY=