# Charon Environment Configuration Example
# =========================================
# Copy this file to .env and configure with your values.
# Never commit your actual .env file to version control.

# =============================================================================
# Required Configuration
# =============================================================================

# Database encryption key - 32 bytes base64 encoded
# Generate with: openssl rand -base64 32
CHARON_ENCRYPTION_KEY=

# =============================================================================
# Emergency Reset Token (Break-Glass Recovery)
# =============================================================================

# Emergency reset token - REQUIRED for E2E tests (64 characters minimum)
# Used for break-glass recovery when locked out by ACL or other security modules.
# This token allows bypassing all security mechanisms to regain access.
#
# SECURITY WARNING: Keep this token secure and rotate it periodically (quarterly recommended).
# Only use this endpoint in genuine emergency situations.
# Never commit actual token values to the repository.
#
# Generate with (Linux/macOS):
#   openssl rand -hex 32
#
# Generate with (Windows PowerShell):
#   [Convert]::ToBase64String([System.Security.Cryptography.RandomNumberGenerator]::GetBytes(32))
#
# Generate with (Node.js - all platforms):
#   node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
#
# REQUIRED for E2E tests - add to .env file (gitignored) or CI/CD secrets
CHARON_EMERGENCY_TOKEN=

# =============================================================================
# Optional Configuration
# =============================================================================

# Server port (default: 8080)
# CHARON_HTTP_PORT=8080

# Database path (default: /app/data/charon.db)
# CHARON_DB_PATH=/app/data/charon.db

# Enable debug mode (default: 0)
# CHARON_DEBUG=0

# Use ACME staging environment (default: false)
# CHARON_ACME_STAGING=false