Sankofa/docs/ENV_EXAMPLES.md

# Environment Variable Examples

This document provides example environment variable configurations for all components.

## API (.env)

```env
# Database Configuration
DB_HOST=localhost
DB_PORT=5432
DB_NAME=sankofa
DB_USER=postgres
DB_PASSWORD=postgres

# Server Configuration
PORT=4000
HOST=0.0.0.0
NODE_ENV=development

# JWT Authentication
JWT_SECRET=your-secret-key-change-in-production
JWT_EXPIRES_IN=7d

# Sovereign Identity (Keycloak) - NO Azure dependencies
KEYCLOAK_URL=https://keycloak.sankofa.nexus
KEYCLOAK_REALM=master
KEYCLOAK_CLIENT_ID=sankofa-api
KEYCLOAK_CLIENT_SECRET=your-keycloak-client-secret
KEYCLOAK_MULTI_REALM=true

# Multi-Tenancy
ENABLE_MULTI_TENANT=true
DEFAULT_TENANT_ID=
BLOCKCHAIN_IDENTITY_ENABLED=true

# Billing (Superior to Azure Cost Management)
BILLING_GRANULARITY=SECOND
BLOCKCHAIN_BILLING_ENABLED=true

# Blockchain Configuration
BLOCKCHAIN_RPC_URL=http://localhost:8545
BLOCKCHAIN_CHAIN_ID=2024
RESOURCE_PROVISIONING_CONTRACT_ADDRESS=
BLOCKCHAIN_PRIVATE_KEY=

# Proxmox Configuration
# Proxmox Instance 1 (192.168.11.10)
PROXMOX_1_API_URL=https://192.168.11.10:8006
PROXMOX_1_USER=root
PROXMOX_1_PASS=your-proxmox-password
PROXMOX_1_API_TOKEN=
PROXMOX_1_INSECURE_SKIP_TLS_VERIFY=false

# Proxmox Instance 2 (192.168.11.11)
PROXMOX_2_API_URL=https://192.168.11.11:8006
PROXMOX_2_USER=root
PROXMOX_2_PASS=your-proxmox-password
PROXMOX_2_API_TOKEN=
PROXMOX_2_INSECURE_SKIP_TLS_VERIFY=false

# Legacy Proxmox Configuration (defaults to Instance 1 for backward compatibility)
PROXMOX_API_URL=https://192.168.11.10:8006
PROXMOX_API_TOKEN=
PROXMOX_USER=root
PROXMOX_PASS=your-proxmox-password

# Kubernetes Configuration
KUBECONFIG=
PROMETHEUS_URL=http://localhost:9090

# Cloudflare Configuration
CLOUDFLARE_API_TOKEN=
CLOUDFLARE_ACCOUNT_ID=

# Error Tracking (Optional)
SENTRY_DSN=
ERROR_TRACKING_ENABLED=false
ERROR_TRACKING_ENDPOINT=https://errors.sankofa.nexus/api/errors
ERROR_TRACKING_API_KEY=

# Logging
LOG_LEVEL=info
LOG_FILE_PATH=
ERROR_LOG_FILE_PATH=
```

## Portal (.env.local)

```env
# Keycloak Authentication
KEYCLOAK_URL=https://keycloak.sankofa.nexus
KEYCLOAK_REALM=sankofa
KEYCLOAK_CLIENT_ID=portal-client
KEYCLOAK_CLIENT_SECRET=your-client-secret

# NextAuth Configuration
NEXTAUTH_URL=http://localhost:3000
NEXTAUTH_SECRET=your-nextauth-secret-change-in-production

# API Endpoints
NEXT_PUBLIC_GRAPHQL_ENDPOINT=http://localhost:4000/graphql
NEXT_PUBLIC_GRAPHQL_WS_ENDPOINT=ws://localhost:4000/graphql-ws

# Infrastructure Services
NEXT_PUBLIC_CROSSPLANE_API=https://crossplane.sankofa.nexus
NEXT_PUBLIC_ARGOCD_URL=https://argocd.sankofa.nexus
NEXT_PUBLIC_GRAFANA_URL=https://grafana.sankofa.nexus
NEXT_PUBLIC_LOKI_URL=https://loki.sankofa.nexus:3100
NEXT_PUBLIC_KUBERNETES_API=http://localhost:8001

# Node Environment
NODE_ENV=development
```

## Blockchain (.env)

```env
# Hyperledger Besu Configuration
BESU_RPC_URL=http://localhost:8545

# Hardhat Configuration
PRIVATE_KEY=your-private-key-for-deployment

# Network Configuration
NETWORK_ID=2024

# Contract Addresses (Set after deployment)
RESOURCE_PROVISIONING_CONTRACT_ADDRESS=
IDENTITY_MANAGEMENT_CONTRACT_ADDRESS=
BILLING_CONTRACT_ADDRESS=
COMPLIANCE_CONTRACT_ADDRESS=
```

## Root (docker-compose .env)

```env
# Database
POSTGRES_USER=postgres
POSTGRES_PASSWORD=postgres
POSTGRES_DB=sankofa

# API
JWT_SECRET=dev-secret-change-in-production
NODE_ENV=development

# Frontend
NEXT_PUBLIC_GRAPHQL_ENDPOINT=http://localhost:4000/graphql
NEXT_PUBLIC_APP_URL=http://localhost:3000

# Blockchain
BLOCKCHAIN_RPC_URL=http://localhost:8545
```

## Production Notes

1. **Never commit .env files** - Add to .gitignore
2. **Use secrets management** - Kubernetes secrets, Vault, etc.
3. **Rotate secrets regularly** - Especially JWT_SECRET
4. **Use different secrets per environment** - Dev, staging, production
5. **Validate secrets on startup** - The API now validates required secrets