-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathenv_example
More file actions
132 lines (103 loc) · 4.83 KB
/
env_example
File metadata and controls
132 lines (103 loc) · 4.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
# MyDB Environment Variables Configuration
# Copy this file to .env and configure with your actual values
# cp env_example .env
# =============================================================================
# Support and Notifications
# =============================================================================
# Email address for administrative notifications and alerts
supportAdmin="admin@example.org"
# =============================================================================
# Flask Application Settings
# =============================================================================
# Enable Flask debug mode (1=enabled, 0=disabled)
# WARNING: Set to 0 in production environments
FLASK_DEBUG=0
# Flask secret key for session encryption
# Generate a strong random key: python -c 'import secrets; print(secrets.token_urlsafe(32))'
FLASK_SECRET='CHANGE_ME_TO_A_RANDOM_SECRET_KEY'
# =============================================================================
# PostgreSQL Admin Database Credentials
# =============================================================================
# MyDB admin database user (for production admin database)
MYDB_ADMIN_USER='mydbadmin'
# MyDB admin database password (for production admin database)
MYDB_ADMIN_PASSWORD='CHANGE_ME_ADMIN_PASSWORD'
# MyDB migrate database password (for migration/staging database)
MYDB_MIGRATE_PASSWORD='CHANGE_ME_MIGRATE_PASSWORD'
# =============================================================================
# SQLAlchemy Database Connection Strings
# =============================================================================
# Production admin database connection
# Format: postgresql+psycopg://USER:PASSWORD@HOST:PORT/DATABASE
# Note: URL-encode special characters in password (e.g., @ becomes %40)
SQLALCHEMY_ADMIN_URI="postgresql+psycopg://mydbadmin:CHANGE_ME_ADMIN_PASSWORD@db-host.example.org:5432/mydb_admin"
# Migration/staging database connection (optional)
# Used for migrating databases from v1 to v2 or cross-environment operations
SQLALCHEMY_MIGRATE_URI="postgresql+psycopg://mydbadmin:CHANGE_ME_MIGRATE_PASSWORD@migrate-host.example.org:5432/mydb_migrate"
# =============================================================================
# MyDB Container Host Configuration
# =============================================================================
# Environment identifier (dev, staging, prod)
DBAAS_ENV='prod'
# Hostname where MyDB and database containers run
# This is the publicly accessible hostname that users will connect to
DBAAS_HOST=mydb-host
# Domain name for the MyDB host
DBAAS_DOMAIN=example.org
# =============================================================================
# Active Directory / LDAP Authentication
# =============================================================================
# Active Directory server hostname or IP
ADServer=dc.example.org
# Active Directory domain
ADDomain=example.org
# LDAP search base for user lookups
# Format: dc=domain,dc=tld (e.g., "dc=example,dc=org")
ADSearchBase="dc=example,dc=org"
# =============================================================================
# AWS S3 Backup Storage
# =============================================================================
# S3 bucket URL for database backups
# Format: s3://bucket-name
AWS_BUCKET_NAME="s3://your-org-mydb-backups"
# AWS IAM credentials with S3 access
# Required permissions: s3:PutObject, s3:GetObject, s3:ListBucket
AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE
# AWS secret access key (keep this secure!)
AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
# =============================================================================
# Email Configuration (Optional)
# =============================================================================
# SMTP server for sending email notifications
# Uncomment and configure if different from defaults in mydb_config.py
# MAIL_SERVER=smtp.example.org
# Email sender address
# MAIL_FROM=mydb-noreply@example.org
# Additional email recipients for notifications (comma-separated)
# MAIL_TO=dba-team@example.org,backup-alerts@example.org
# =============================================================================
# Additional Notes
# =============================================================================
#
# 1. Security Best Practices:
# - Never commit .env to version control
# - Use strong, randomly generated passwords
# - Rotate credentials regularly
# - Use IAM roles instead of AWS keys when possible
#
# 2. Docker Secrets:
# After configuring .env, create Docker secrets with:
# ./dbaas_secrets.sh
#
# 3. Testing Configuration:
# Validate your configuration before deployment:
# source .env && echo "DBAAS_HOST: $DBAAS_HOST"
#
# 4. URL Encoding:
# Special characters in passwords must be URL-encoded for SQLAlchemy:
# @ -> %40
# # -> %23
# / -> %2F
# ? -> %3F
# & -> %26
#