# OTSSignsOrchestrator — environment variables # Copy to .env and fill in real values before running. # ── PostgreSQL ─────────────────────────────────────────────────────────────── # Used directly by the app. When running via docker-compose, POSTGRES_PASSWORD # is also required so the postgres service can initialise the database. ConnectionStrings__OrchestratorDb=Host=postgres;Port=5432;Database=orchestrator;Username=ots;Password=changeme POSTGRES_PASSWORD=changeme # ── JWT ────────────────────────────────────────────────────────────────────── # Key must be at least 32 characters (256-bit). Generate with: # openssl rand -base64 32 Jwt__Key=change-me-to-a-random-256-bit-key # Jwt__Issuer=OTSSignsOrchestrator # optional — has a default # Jwt__Audience=OTSSignsOrchestrator # optional — has a default # ── Bitwarden Secrets Manager ──────────────────────────────────────────────── # Machine account access token from https://vault.bitwarden.com Bitwarden__AccessToken= Bitwarden__OrganizationId= # ProjectId is the default project for orchestrator config secrets Bitwarden__ProjectId= # InstanceProjectId is optional; instance-level secrets go here when set # Bitwarden__InstanceProjectId= # Bitwarden__IdentityUrl=https://identity.bitwarden.com # optional # Bitwarden__ApiUrl=https://api.bitwarden.com # optional # ── Stripe ─────────────────────────────────────────────────────────────────── Stripe__SecretKey=sk_test_... Stripe__WebhookSecret=whsec_... # ── Authentik (SAML IdP) ───────────────────────────────────────────────────── Authentik__BaseUrl=https://auth.example.com Authentik__ApiToken= # UUID of the OTS signing certificate-key pair in Authentik Authentik__OtsSigningKpId= # Authentik__SourcePreAuthFlowSlug=default-source-pre-authentication # optional # Authentik__SourceAuthFlowSlug=default-source-authentication # optional # ── Email (SendGrid) ───────────────────────────────────────────────────────── Email__SendGridApiKey=SG.... # Email__SenderEmail=noreply@otssigns.com # optional # Email__SenderName=OTS Signs # optional # ── Git template repository ─────────────────────────────────────────────────── # These are stored in Bitwarden at runtime; set here only for local dev without BW. # Git__CacheDir=.template-cache # optional