# Charon Environment Configuration Example
# =========================================
# Copy this file to .env and configure with your values.
# Never commit your actual .env file to version control.

# =============================================================================
# Required Configuration
# =============================================================================

# Database encryption key - 32 bytes base64 encoded
# Generate with: openssl rand -base64 32
CHARON_ENCRYPTION_KEY=

# =============================================================================
# Emergency Reset Token (Break-Glass Recovery)
# =============================================================================

# Emergency reset token - minimum 32 characters
# Used for break-glass recovery when locked out by ACL or other security modules.
# This token allows bypassing all security mechanisms to regain access.
#
# SECURITY WARNING: Keep this token secure and rotate it periodically.
# Only use this endpoint in genuine emergency situations.
#
# Generate with: openssl rand -hex 32
CHARON_EMERGENCY_TOKEN=

# =============================================================================
# Optional Configuration
# =============================================================================

# Server port (default: 8080)
# CHARON_HTTP_PORT=8080

# Database path (default: /app/data/charon.db)
# CHARON_DB_PATH=/app/data/charon.db

# Enable debug mode (default: 0)
# CHARON_DEBUG=0

# Use ACME staging environment (default: false)
# CHARON_ACME_STAGING=false