till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 20:21:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/services/mana-core-auth/.env.example
Wuesteon 4d15d9e764 🔒 security(auth): migrate to EdDSA JWT and add automated monitoring 
BREAKING: JWT keys are now auto-managed by Better Auth (EdDSA/Ed25519)
- Remove all JWT_PRIVATE_KEY, JWT_PUBLIC_KEY, JWT_SECRET references
- Keys stored in auth.jwks database table (auto-generated on first run)
- Delete obsolete generate-keys.sh and generate-staging-secrets.sh scripts
- Clean up legacy AUTH_*.md analysis files from root

Security Improvements:
- Add security_events table for audit logging
- Add SecurityEventsService for tracking auth events
- Enhanced security headers (HSTS, CSP, X-Frame-Options)
- Rate limiting configuration

Monitoring Setup:
- Add auth-health-check.sh for automated testing
- Add generate-dashboard.sh for HTML status dashboard
- Tests: health endpoint, JWKS (EdDSA), security headers, response time
- Ready for Hetzner cron deployment

Documentation:
- Update deployment docs with Better Auth notes
- Update environment variable references
- Add security improvements documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-18 21:42:47 +01:00

49 lines
1.2 KiB
Text
Raw Blame History

# Mana Core Auth - Development Environment
NODE_ENV=development
PORT=3001
# Database
DATABASE_URL=postgresql://manacore:password@localhost:5432/manacore
# Redis
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_PASSWORD=
# JWT Configuration
# Note: JWT signing keys are managed automatically by Better Auth (EdDSA/Ed25519)
# Keys are stored in the auth.jwks database table - no manual configuration needed
JWT_ACCESS_TOKEN_EXPIRY=15m
JWT_REFRESH_TOKEN_EXPIRY=7d
JWT_ISSUER=manacore
JWT_AUDIENCE=manacore
# Stripe (use test keys)
STRIPE_SECRET_KEY=sk_test_...
STRIPE_PUBLISHABLE_KEY=pk_test_...
STRIPE_WEBHOOK_SECRET=whsec_...
# CORS
CORS_ORIGINS=http://localhost:3000,http://localhost:8081
# Credits
CREDITS_SIGNUP_BONUS=150
CREDITS_DAILY_FREE=5
# Rate Limiting
RATE_LIMIT_TTL=60
RATE_LIMIT_MAX=100
# Email (Brevo)
# Get your API key from: https://app.brevo.com/settings/keys/api
# Without this key, emails are logged to console only (dev mode)
BREVO_API_KEY=
EMAIL_SENDER_ADDRESS=noreply@manacore.ai
EMAIL_SENDER_NAME=ManaCore
# URLs
# BASE_URL: Used by Better Auth for internal callbacks
# FRONTEND_URL: Used for password reset and email verification links
BASE_URL=http://localhost:3001
FRONTEND_URL=http://localhost:5173
Reference in a new issue View git blame Copy permalink