.env.example

# Flask Configuration
FLASK_APP=wsgi.py
FLASK_ENV=development
SECRET_KEY=your-secret-key-here-change-in-production

# Database
DATABASE_URL=postgresql://user:password@localhost:5432/authy2_dev
SQLALCHEMY_ECHO=False
SQLALCHEMY_LOG_LEVEL=WARNING

# Security
BCRYPT_LOG_ROUNDS=12
ENCRYPTION_KEY=your-encryption-key-here-change-in-production
SESSION_COOKIE_SECURE=False
SESSION_COOKIE_HTTPONLY=True
SESSION_COOKIE_SAMESITE=Lax
MAX_SESSION_DURATION=86400

# CORS
#CORS_ORIGINS=http://localhost:3000,http://localhost:5173,https://oidc-playpen.lovable.app/,http://localhost:8080/
CORS_ORIGINS=*


# JWT (if using JWT instead of sessions)
JWT_SECRET_KEY=your-jwt-secret-key-here
JWT_ACCESS_TOKEN_EXPIRES=3600
JWT_REFRESH_TOKEN_EXPIRES=2592000

# Redis (for session storage)
REDIS_URL=redis://localhost:6379/0

# OIDC
OIDC_ISSUER_URL=http://localhost:5000

# Logging
LOG_LEVEL=INFO
LOG_TO_STDOUT=True

# Rate Limiting
RATELIMIT_ENABLED=True
RATELIMIT_STORAGE_URL=redis://localhost:6379/1

# SSH CA
# Path to CA private key file (alternative to SSH_CA_PRIVATE_KEY env var)
SSH_CA_KEY_PATH=/path/to/ca-users
# Or set the key content directly (takes priority over SSH_CA_KEY_PATH):
# SSH_CA_PRIVATE_KEY=

EMAIL_ENABLED=
SMTP_HOST=
SMTP_PORT=
SMTP_USERNAME=
SMTP_PASSWORD=
FROM_ADDRESS=
WEBAUTHN_ORIGIN=

ZEROTIER_API_TOKEN=
ZEROTIER_API_URL=
inital 2026-01-08 01:00:26 +10:30			`# Flask Configuration`
			`FLASK_APP=wsgi.py`
			`FLASK_ENV=development`
			`SECRET_KEY=your-secret-key-here-change-in-production`

			`# Database`
			`DATABASE_URL=postgresql://user:password@localhost:5432/authy2_dev`
			`SQLALCHEMY_ECHO=False`
major checkpoint 2026-01-08 15:59:53 +10:30			`SQLALCHEMY_LOG_LEVEL=WARNING`
inital 2026-01-08 01:00:26 +10:30
			`# Security`
			`BCRYPT_LOG_ROUNDS=12`
can link google accounts! 2026-01-20 15:54:00 +10:30			`ENCRYPTION_KEY=your-encryption-key-here-change-in-production`
inital 2026-01-08 01:00:26 +10:30			`SESSION_COOKIE_SECURE=False`
			`SESSION_COOKIE_HTTPONLY=True`
			`SESSION_COOKIE_SAMESITE=Lax`
			`MAX_SESSION_DURATION=86400`

			`# CORS`
major checkpoint 2026-01-08 15:59:53 +10:30			`#CORS_ORIGINS=http://localhost:3000,http://localhost:5173,https://oidc-playpen.lovable.app/,http://localhost:8080/`
			`CORS_ORIGINS=*`

inital 2026-01-08 01:00:26 +10:30
			`# JWT (if using JWT instead of sessions)`
			`JWT_SECRET_KEY=your-jwt-secret-key-here`
			`JWT_ACCESS_TOKEN_EXPIRES=3600`
			`JWT_REFRESH_TOKEN_EXPIRES=2592000`

			`# Redis (for session storage)`
			`REDIS_URL=redis://localhost:6379/0`

			`# OIDC`
			`OIDC_ISSUER_URL=http://localhost:5000`

			`# Logging`
			`LOG_LEVEL=INFO`
			`LOG_TO_STDOUT=True`

			`# Rate Limiting`
			`RATELIMIT_ENABLED=True`
			`RATELIMIT_STORAGE_URL=redis://localhost:6379/1`

Feat(Chore): Verify Flow, Invites, Suspend, Depart Cert Policy 2026-03-01 16:50:27 +05:45			`# SSH CA`
			`# Path to CA private key file (alternative to SSH_CA_PRIVATE_KEY env var)`
			`SSH_CA_KEY_PATH=/path/to/ca-users`
			`# Or set the key content directly (takes priority over SSH_CA_KEY_PATH):`
			`# SSH_CA_PRIVATE_KEY=`

Feat(Chore, Fix): Refractor, Half Baked Deletion + Admin Privilege 2026-03-04 18:49:04 +05:45			`EMAIL_ENABLED=`
			`SMTP_HOST=`
			`SMTP_PORT=`
			`SMTP_USERNAME=`
			`SMTP_PASSWORD=`
			`FROM_ADDRESS=`
			`WEBAUTHN_ORIGIN=`
feat(zerotier): add ZeroTier network governance module 2026-03-20 21:50:20 +10:30
			`ZEROTIER_API_TOKEN=`
			`ZEROTIER_API_URL=`