-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy path.env.example
More file actions
159 lines (136 loc) · 5.57 KB
/
.env.example
File metadata and controls
159 lines (136 loc) · 5.57 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# ============================================
# LibreDB Studio - Environment Configuration
# ============================================
#
# LOCAL DEVELOPMENT:
# Copy this file to .env.local and fill in your values
# cp .env.example .env.local
#
# DOCKER / RENDER DEPLOYMENT:
# Set these variables in your deployment environment
#
# ============================================
# ============================================
# AUTHENTICATION (Required)
# ============================================
# Admin credentials (full access + maintenance tools)
ADMIN_EMAIL=admin@libredb.org
ADMIN_PASSWORD=your_secure_admin_password
# User credentials (query execution only)
USER_EMAIL=user@libredb.org
USER_PASSWORD=your_secure_user_password
# JWT Secret for session management (min 32 characters)
# Generate with: openssl rand -base64 32
JWT_SECRET=your_32_character_random_string_here
# ============================================
# AUTHENTICATION PROVIDER
# ============================================
# "local" (default) = email/password login (ADMIN_EMAIL/ADMIN_PASSWORD, USER_EMAIL/USER_PASSWORD)
# "oidc" = OpenID Connect SSO (Auth0, Keycloak, Okta, Azure AD, Zitadel, etc.)
NEXT_PUBLIC_AUTH_PROVIDER=local
# ============================================
# OIDC Configuration (required when NEXT_PUBLIC_AUTH_PROVIDER=oidc)
# ============================================
# Issuer URL — must serve /.well-known/openid-configuration
# OIDC_ISSUER=https://dev-xxx.auth0.com
# OIDC_CLIENT_ID=your_client_id
# OIDC_CLIENT_SECRET=your_client_secret
# Scopes to request (default: openid profile email)
# OIDC_SCOPE=openid profile email
# if using Zitadel, add this scope: urn:zitadel:iam:org:project:roles
# Role mapping (optional) — claim path for determining admin vs user role
# Supports dot-notation for nested claims (e.g. "realm_access.roles")
# OIDC_ROLE_CLAIM=
# Comma-separated values that map to admin role (default: admin)
# OIDC_ADMIN_ROLES=admin
# --- Provider-specific role claim examples ---
# Auth0: OIDC_ROLE_CLAIM=https://myapp.com/roles (via Auth0 Actions)
# Keycloak: OIDC_ROLE_CLAIM=realm_access.roles
# Okta: OIDC_ROLE_CLAIM=groups
# Azure AD: OIDC_ROLE_CLAIM=roles
# Zitadel: OIDC_ROLE_CLAIM=urn:zitadel:iam:org:project:roles
# ============================================
# STORAGE PROVIDER (Optional)
# ============================================
# Controls where application data is persisted.
# "local" (default) = browser localStorage only (zero config, great for dev)
# "sqlite" = SQLite file on server (persistent, single-node)
# "postgres" = PostgreSQL database (persistent, multi-node, enterprise)
#
# Note: NOT prefixed with NEXT_PUBLIC_ — server-side only, discovered at runtime
# via GET /api/storage/config endpoint.
STORAGE_PROVIDER=local
# SQLite storage path (required when STORAGE_PROVIDER=sqlite)
# STORAGE_SQLITE_PATH=./data/libredb-storage.db
# PostgreSQL connection URL (required when STORAGE_PROVIDER=postgres)
# Local PostgreSQL without SSL:
# STORAGE_POSTGRES_URL=postgresql://user:pass@localhost:5432/libredb?sslmode=disable
# Cloud PostgreSQL with SSL:
# STORAGE_POSTGRES_URL=postgresql://user:pass@host:5432/libredb?sslmode=require
# ===========================================
# LLM Configuration (Strategy Pattern)
# ===========================================
# Provider options: gemini, openai, ollama, custom
# The system uses Strategy Pattern to automatically select
# the appropriate provider based on this configuration.
LLM_PROVIDER=gemini
# API Key for the selected provider
# Required for: gemini, openai
# Optional for: ollama, custom (depends on endpoint)
#
# Get API keys from:
# - Gemini: https://aistudio.google.com/
# - OpenAI: https://platform.openai.com/
LLM_API_KEY=your_api_key_here
# Model name (optional - auto-defaults based on provider)
# Default models:
# - Gemini: gemini-2.5-flash
# - OpenAI: gpt-4o
# - Ollama: llama3.2
# - Custom: gpt-3.5-turbo
#
# Popular options:
# Gemini: gemini-2.5-flash, gemini-2.0-flash, gemini-1.5-flash, gemini-1.5-pro
# OpenAI: gpt-4o, gpt-4-turbo, gpt-3.5-turbo, gpt-4o-mini
# Ollama: llama3.2, mistral, codellama, deepseek-coder
LLM_MODEL=gemini-2.5-flash
# API URL (optional - only needed for ollama or custom providers)
# Default URLs:
# - Ollama: http://localhost:11434/v1
# - OpenAI: https://api.openai.com/v1
#
# Custom provider examples:
# - LiteLLM: http://localhost:4000/v1
# - LMStudio: http://localhost:1234/v1
# - vLLM: http://localhost:8000/v1
# - LocalAI: http://localhost:8080/v1
#LLM_API_URL=http://localhost:11434/v1
# ===========================================
# Provider Configuration Examples
# ===========================================
# --- Gemini (Default) ---
# LLM_PROVIDER=gemini
# LLM_API_KEY=AIzaSy...
# LLM_MODEL=gemini-2.5-flash
# --- OpenAI ---
# LLM_PROVIDER=openai
# LLM_API_KEY=sk-...
# LLM_MODEL=gpt-4o
# --- Ollama (Local) ---
# LLM_PROVIDER=ollama
# LLM_MODEL=llama3.2
# LLM_API_URL=http://localhost:11434/v1
# --- LiteLLM Proxy ---
# LLM_PROVIDER=custom
# LLM_API_KEY=your_litellm_key # optional
# LLM_MODEL=gpt-4o
# LLM_API_URL=http://localhost:4000/v1
# --- LMStudio (Local) ---
# LLM_PROVIDER=custom
# LLM_MODEL=local-model
# LLM_API_URL=http://localhost:1234/v1
# ─── Seed Connections (pre-configured databases) ─────────────────────────────
# SEED_CONFIG_PATH=/app/config/seed-connections.yaml # Path to seed config file
# SEED_CACHE_TTL_MS=60000 # Cache TTL in ms (default: 60s)
# Credential env vars referenced in seed config (e.g., ${MY_DB_PASSWORD}):
# MY_DB_PASSWORD=secret