keywarden/.env.example

# ============================================================
# Keywarden – Environment Configuration
# ============================================================
# Copy this file to .env and adjust the values.
#   cp .env.example .env
#
# The .env file is loaded automatically by Docker Compose
# and is excluded from version control via .gitignore.
# ============================================================

# --- Application ---
KEYWARDEN_PORT=8080
KEYWARDEN_OWNER_USER=admin
KEYWARDEN_OWNER_EMAIL=admin@keywarden.local
KEYWARDEN_SESSION_KEY=change-me-to-a-random-string
KEYWARDEN_ENCRYPTION_KEY=change-me-encryption-key-32chars

# --- Logging ---
# Log level: ERROR, WARN, INFO (default), DEBUG, TRACE
KEYWARDEN_LOG_LEVEL=INFO

# --- Paths (optional, Docker defaults are usually fine) ---
KEYWARDEN_DB_PATH=./data/keywarden.db
KEYWARDEN_DATA_DIR=./data
KEYWARDEN_KEYS_DIR=./data/keys
KEYWARDEN_MASTER_DIR=./data/master

# --- Security / Hardening (optional) ---
# Public URL used for email links and cookie config.
KEYWARDEN_BASE_URL=https://keywarden.example.com
# Comma-separated CIDRs of trusted reverse proxies.
KEYWARDEN_TRUSTED_PROXIES=10.0.0.0/8,172.16.0.0/12
# Set Secure flag on cookies (auto-derived from BASE_URL if empty).
KEYWARDEN_SECURE_COOKIES=true
# Max login POST attempts per IP per minute (0 = disabled).
KEYWARDEN_RATE_LIMIT_LOGIN=10
# Max request body size in bytes (0 = no limit, default 10 MB).
KEYWARDEN_MAX_REQUEST_SIZE=10485760

# --- SMTP / Email (optional) ---
# Leave KEYWARDEN_SMTP_HOST empty or remove it to disable email.
KEYWARDEN_SMTP_HOST=
KEYWARDEN_SMTP_PORT=587
KEYWARDEN_SMTP_USER=
KEYWARDEN_SMTP_PASSWORD=
KEYWARDEN_SMTP_FROM=keywarden@example.com
KEYWARDEN_SMTP_TLS=true