# ============================================
# PKI Trust Manager - Environment Variables
# ============================================
# Copy this file to .env and customize for your deployment

# ============================================
# Docker Image Tags
# ============================================
CAAPI_TAG=latest
CERTAPI_TAG=latest
PKIMAIN_TAG=latest
AGENT_TAG=latest
CERTEXPIRED_TAG=latest

# ============================================
# SQL Server Configuration - ** CUSTOMIZE THIS **
# ============================================
SQL_SA_PASSWORD=PKI_Strong@Pass123
SQL_PORT=1433
SQL_DATABASE=PKIDBEE

# ============================================
# EJBCA CONFIG OPTIONAL (** CUSTOMIZE THIS **)
# ============================================
EJBCA_DB_ROOT_PASSWORD=foo123
EJBCA_DB_NAME=ejbca
EJBCA_DB_USER=ejbca
EJBCA_DB_PASSWORD=ejbca
EJBCA_HTTP_PORT=8080
EJBCA_HTTPS_PORT=8443
EJBCA_LOG_LEVEL=INFO
EJBCA_CA_NAME=ManagementCA
EJBCA_CA_PASSWORD=ejbca

# ============================================
# Service Ports - ** CUSTOMIZE THIS **
# ============================================
CAAPI_PORT=5051
CERTAPI_PORT=5052
CERTAPI_TLS_PORT=7103
CMSWEB_PORT=5053

# ============================================
# Nginx Ports - ** CUSTOMIZE THIS **
# ============================================
NGINX_EST_CLOUD_PORT=7030
NGINX_EST_LOCAL_PORT=7031
NGINX_SCEP_HTTP_PORT=8894
NGINX_SCEP_LOCAL_PORT=8895
NGINX_SCEP_HTTPS_PORT=8943
NGINX_ACME_CLOUD_PORT=8555
NGINX_ACME_LOCAL_PORT=8556
NGINX_HTTPS_PORT=443

# ============================================
# Admin User Configuration - ** CUSTOMIZE THIS **
# ============================================
ADMIN_USERNAME=superadmin
ADMIN_PASSWORD=happy
ADMIN_EMAIL=root@local

# ============================================
# Email/SMTP Configuration (** CUSTOMIZE THIS **)
# ============================================
SMTP_SERVER=mail.smtp2go.com
SMTP_PORT=2525
SMTP_AUTH=true
SMTP_SSL=true
SMTP_USERNAME=your_smtp_username
SMTP_PASSWORD=your_smtp_password
SMTP_SENDER_NAME=PKI
SMTP_SENDER=noreply@yourdomain.com
EMAIL_VERIFICATION=false

# ============================================
# Licensing Configuration
# ============================================

# For OFFLINE/DISCONNECTED systems (recommended for on-prem):
# 1. Client receives: license.bin file
# 2. Place license.bin in ./license/ folder (will be mounted as volume)
# 3. Set LICENSE_PUBLIC_KEY below (base64-encoded public key for verification)
# 4. CONTACT https://securetron.net/contact to get a free or enterprise license or support@securetron.net

# License file location (mount ./license/ folder as volume)
LICENSE_FILE_PATH=/app/license/license.bin

# Offline mode (true for disconnected systems)
LICENSE_OFFLINE_MODE=true
LICENSE_ONLINE_VALIDATION=false

# Public Key (base64-encoded RSA public key for cryptographic validation)
# This is the PUBLIC key only
LICENSE_PUBLIC_KEY=MIIBCgKCAQEAqIzGGwqqfUOjeVLmk8d2Oa6BqzlX9PAkWqHx6XR/+Q2JaJfsVrld7cZRO3t3FubJr3aH5waLTY3GJl3awgVutu+Ggm3tTaYAudKFSVMCM5RDamZEedgiWDQ5nfs0MZRkkDgW5QbaWrT/IN/aPriRlrVxtzDki54PMPG9ugzG91MzTPPi7vdyGtBcDwM76HcKUbsfvOrggY6w2FhL1QsstYCmZcdijs8Y9YlPPQvpo1Bl+V0hPCbMuszUS9KaGIxm6oV5YE1AqDO6Axu1Xi0lTnmJJ/djwTAoW8KiK1e+WoJwOJBVFHz11TMcfhwLLIJ6xLw4e7+6R95dUU2YHz/RlQIDAQAB

# For ONLINE/CONNECTED systems (** CUSTOMIZE THIS **):
# License server URL and API key for online validation
LICENSE_SERVER_URL=http://localhost:7001
LICENSE_API_KEY=your_license_api_key_here

# Client IDs (identifies which service is using the license)
CMSWEB_CLIENT_ID=webcore-001
CERTAPI_CLIENT_ID=certapi-001

# ============================================
# API Provider Configuration (Use for hybrid mode only)
# ============================================
# CertAPI
CERTAPI_INTERNAL_URL=http://localhost:60713
CERTAPI_APP_ID=084a72b6-11d7-4e82-af11-bae943fea0a5
CERTAPI_APP_KEY=9d4e0346-2a4c-407b-bdf5-699bb68a5b61

# WebCore
CERTAPI_URL=http://localhost:60713
CMSWEB_APP_ID=b74ad6d9-6418-407a-b36e-69613d35517a
CMSWEB_APP_KEY=70803d70-3d0f-47fd-a206-cff4d0c15777

# Agent
CERTAPI_AGENT_URL=http://localhost:5052/local
AGENT_APP_ID=084a72b6-11d7-4e82-af11-bae943fea0a5
AGENT_APP_KEY=9d4e0346-2a4c-407b-bdf5-699bb68a5b61

# ============================================
# ACME Settings - ** CUSTOMIZE THIS **
# ============================================
ACME_REUSE_VALIDATION=false
ACME_ORDER_VALIDITY=60

# ============================================
# SCEP Settings - ** CUSTOMIZE THIS **
# ============================================
SCEP_OTP_VALIDITY=525600 # in minutes (1 year)

# ============================================
# Certificate Expiry Notification (in days)
# ============================================
EXPIRY_START_RANGE=30
EXPIRY_END_RANGE=1
EXPIRY_NOTIFY_INTERVAL=1
EXPIRY_SCAN_INTERVAL=1440 # in minutes (24 hours)

# ============================================
# Authentication Settings - ** CUSTOMIZE THIS **
# ============================================
LOGIN_VALIDITY=15
OTP_NAME=Securetron-PKI

# ============================================
# Environment Settings
# ============================================
ENV_MODE=Cloud
TRUST_LEVEL=Private

# ============================================
# Logging
# ============================================
LOG_LEVEL=Debug
LOG_LEVEL_MS=Warning

# ============================================
# Cloud/External Configuration (Optional)
# ============================================
CLOUD_IP=192.168.20.1


# ============================================
# Data Migration Settings
# ============================================
Environment_CanMigrateData=true
