# Mac Mini Production Environment # Copy to .env.macmini and fill in the values # ============================================ # Compose project name (pinned, do not change) # ============================================ # All Mac Mini containers were originally created under this project # name, which mismatches the current directory name (mana-monorepo). # Pinning the project name here means anyone running 'docker compose ...' # from the repo root automatically lands in the same project as the # already-running containers, instead of silently spawning a duplicate # project with the same compose file. Removing this line WILL break # the next deployment. COMPOSE_PROJECT_NAME=manacore-monorepo # ============================================ # Database (PostgreSQL) # ============================================ POSTGRES_PASSWORD=your-secure-password-here # ============================================ # Redis # ============================================ REDIS_PASSWORD=your-redis-password-here # ============================================ # JWT Keys (generate with: openssl rand -base64 32) # For EdDSA keys, use mana-auth key generation # ============================================ JWT_SECRET=your-jwt-secret-here # Leave empty to use auto-generated keys JWT_PUBLIC_KEY= JWT_PRIVATE_KEY= # ============================================ # Encryption Vault Key Encryption Key (KEK) — REQUIRED # ============================================ # Wraps every user's master key in auth.encryption_vaults. # Generate with: openssl rand -base64 32 # # Without a real value, mana-auth boots with a 32-zero-byte fallback # and prints a loud warning every startup. Production must set this. # Treat it like a database root password — store as a Docker secret, # KMS-injected env var, or Vault-served value. # # Rotation requires planned downtime today (no background re-wrap job # yet). The kek_id column on encryption_vaults is reserved for the # future migration path. MANA_AUTH_KEK= # ============================================ # Supabase (optional, for legacy features) # ============================================ SUPABASE_URL= SUPABASE_SERVICE_ROLE_KEY= # ============================================ # Azure OpenAI (for Chat AI features) # ============================================ AZURE_OPENAI_ENDPOINT=https://your-resource.openai.azure.com/ AZURE_OPENAI_API_KEY=your-api-key-here # ============================================ # Monitoring (Grafana) # ============================================ GRAFANA_PASSWORD=your-grafana-admin-password # ============================================ # Web Analytics (Umami) # ============================================ UMAMI_APP_SECRET=your-umami-secret-here