# BFF environment template # Copy to .env (which is gitignored) and fill in actual values for local development. # Production values are managed by the platform's secret manager (see future infrastructure ADR). # Postgres connection (per ADR-0006) # Local dev default: dockerised Postgres on port 5432, schema 'public'. # Username / password / db must match infra/local/.env (POSTGRES_USER / # POSTGRES_PASSWORD / POSTGRES_DB) — those are the source of truth, # this is the BFF view of the same connection. # # IMPORTANT — URL encoding. The password is part of the URL userinfo # segment, so any of these characters must be URL-encoded: # @ → %40 # → %23 : → %3A / → %2F ? → %3F # % → %25 & → %26 = → %3D + → %2B ; → %3B # i.e. if your POSTGRES_PASSWORD is "p@ss#1", DATABASE_URL must read # "postgresql://portal:p%40ss%231@localhost:5432/portal_dev?schema=public" # The BFF aborts at boot with a clear error if it detects an unencoded # special character (see apps/portal-bff/src/config/check-database-url.ts). DATABASE_URL="postgresql://portal:portal_dev_change_me@localhost:5432/portal_dev?schema=public" # Observability (per ADR-0012) # All OTEL_* keys are honoured by the OpenTelemetry SDK directly — see # apps/portal-bff/src/observability/tracing.ts for the bootstrap. # Pino log level: 'info' in prod, 'debug' in dev (default if unset). LOG_LEVEL=debug OTEL_SERVICE_NAME=portal-bff OTEL_SERVICE_VERSION=dev # Default endpoint targets the Collector provisioned in # infra/local/dev.compose.yml. The /v1/traces suffix is required by # the HTTP/Protobuf transport. OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318/v1/traces OTEL_EXPORTER_OTLP_PROTOCOL=http/protobuf # v1 samples 100 % at the app; tail sampling is delegated to the # Collector (per ADR-0012). Override only for spike investigations. OTEL_TRACES_SAMPLER=always_on # Future env vars introduced by upcoming phases / ADRs: # # Auth flow (ADR-0009): # ENTRA_TENANT_ID # ENTRA_CLIENT_ID # ENTRA_CLIENT_SECRET (or ENTRA_CLIENT_CERT_PATH) # ENTRA_ACCEPTED_TENANT_IDS # ENTRA_REDIRECT_URI # ENTRA_POST_LOGOUT_REDIRECT_URI # SESSION_SECRET # # Sessions (ADR-0010): # REDIS_URL (or REDIS_SENTINEL_HOSTS + REDIS_SENTINEL_NAME) # REDIS_PASSWORD # REDIS_TLS ('true' in prod) # SESSION_ENCRYPTION_KEY (32-byte base64) # SESSION_IDLE_TIMEOUT_SECONDS (default 1800) # SESSION_ABSOLUTE_TIMEOUT_SECONDS (default 43200) # # MFA (ADR-0011): # MFA_FRESHNESS_SECONDS (default 600) # # Observability — additional keys to be wired as features land: # LOG_USER_ID_SALT (per-environment salt for hashing user_id # in CLS context — needed once auth lands) # # Audit trail (ADR-0013): # AUDIT_DATABASE_URL (separate creds, role 'audit_writer') # AUDIT_ARCHIVER_DATABASE_URL (role 'audit_archiver', for the retention purge job) # AUDIT_RETENTION_DAYS (default 365) # # Downstream API access (ADR-0014): # OBO_CACHE_ENCRYPTION_KEY (32-byte base64, distinct from SESSION_ENCRYPTION_KEY) # BFF_JWKS_PRIVATE_KEY_PATH # BFF_JWKS_KID # _API_BASE_URL (per integrated downstream) # _TIMEOUT_MS (optional, defaults to 5000)