-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexample.env
More file actions
45 lines (36 loc) · 2.09 KB
/
example.env
File metadata and controls
45 lines (36 loc) · 2.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Environment variable examples (DO NOT PUT SECRETS HERE)
# Format: KEY=value (no quotes). Use a dedicated secrets manager (Vault/SOPS) for prod secrets.
# Build-time (evaluated during image build) vs Runtime (injected at container start) are noted.
# NEVER commit real API keys or JWT secrets. Rotate keys on compromise.
# For local development only. Copy to .env and adjust.
# Runtime: External APIs
STEAM_API_KEY=replace_me
DEALS_API_KEY=replace_me
IGDB_CLIENT_ID=replace_me # Required for IGDB OAuth token (Client Credentials)
IGDB_CLIENT_SECRET=replace_me # Required for IGDB OAuth token (DO NOT COMMIT REAL VALUE)
IGDB_POLL_INTERVAL_SECONDS=900 # Default incremental poll cadence (15m)
IGDB_BATCH_SIZE=100 # Max game ids per incremental batch fetch (placeholder)
# Runtime: Database connection (use separate least-privilege users per service in prod)
# NOTE: Do NOT use a superuser role in production. Avoid embedding credentials for read/write outside secrets manager.
DATABASE_URL=postgres://user:pass@localhost:5432/game_insight
# Runtime: Messaging
KAFKA_BROKERS=localhost:9092
RABBITMQ_URL=amqp://guest:guest@localhost:5672/
# Runtime: Auth (dev only secret; prod via secrets manager)
JWT_SECRET=replace_me_dev_only
# Runtime: Logging / Observability
# LOG_LEVEL allowed values: trace|debug|info|warn|error
LOG_LEVEL=info
OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4317 # optional
# Runtime: Feature Flags (example placeholder)
FEATURE_FLAGS= # comma separated (e.g. recs_new_ranker)
# Runtime: Rate Limiting (optional placeholders)
RATE_LIMIT_GLOBAL_RPS=200
RATE_LIMIT_USER_RPS=20
# Runtime: Seeding / Sample Data
SAMPLE_DATA_SEED=false
# Notes:
# 1. If adding a new required variable, also document it in CONTRIBUTING.md (Environment section) and observability/versioning references if relevant.
# 2. Do not add credentials for personal accounts; prefer service accounts.
# 3. CI pipelines should validate presence of mandatory vars (non-empty) before deploy.
# 4. For production, secrets should come from: Kubernetes Secrets / Vault / SOPS-managed files (not .env files).