6390174bb7
- Add CHAIN138_XDC_ZERO_BRIDGE_RUNBOOK and 07-ccip pointer doc - Add config/xdc-zero templates, parent register fragment, README - Add merge-endpointconfig-chain138.sh (jq merge, XDC_ZERO_ENDPOINT_DIR) - Add xdc-zero-chain138-preflight.sh; trim XDC URL vars in load-project-env - Wire AGENTS.md, MASTER_INDEX, verify README, .env.master.example Made-with: Cursor
286 lines
7.3 KiB
Plaintext
286 lines
7.3 KiB
Plaintext
# ============================================================================
|
|
# Master Secrets Template — ALL keys used across the workspace
|
|
# ============================================================================
|
|
# Copy to .env (repo root) or .env.master (local only). Fill values; NEVER commit.
|
|
# See: docs/04-configuration/MASTER_SECRETS.md for where each is used.
|
|
# ============================================================================
|
|
|
|
# --- Proxmox ---
|
|
PROXMOX_ML110=
|
|
PROXMOX_R630_01=
|
|
PROXMOX_R630_02=
|
|
PROXMOX_HOST=
|
|
PROXMOX_PORT=
|
|
PROXMOX_USER=
|
|
PROXMOX_TOKEN_NAME=
|
|
PROXMOX_TOKEN_VALUE=
|
|
PROXMOX_ALLOW_ELEVATED=
|
|
|
|
# --- Cloudflare ---
|
|
# Prefer CLOUDFLARE_API_TOKEN scoped to Zone:DNS:Edit on the zones you use (avoid global Account API key when possible).
|
|
# Bulk DNS script: scripts/update-all-dns-to-public-ip.sh — use --dry-run and --zone-only=sankofa.nexus (etc.) before wide updates.
|
|
CLOUDFLARE_API_TOKEN=
|
|
CLOUDFLARE_EMAIL=
|
|
CLOUDFLARE_API_KEY=
|
|
CLOUDFLARE_ZONE_ID=
|
|
CLOUDFLARE_ZONE_ID_D_BIS_ORG=
|
|
CLOUDFLARE_ZONE_ID_MIM4U_ORG=
|
|
CLOUDFLARE_ZONE_ID_SANKOFA_NEXUS=
|
|
CLOUDFLARE_ZONE_ID_DEFI_ORACLE_IO=
|
|
CLOUDFLARE_TUNNEL_TOKEN=
|
|
CLOUDFLARE_TUNNEL_ID=
|
|
CLOUDFLARE_TUNNEL_ID_ALLTRA_HYBX=
|
|
CLOUDFLARE_TUNNEL_ID_MIFOS_R630_02=
|
|
CLOUDFLARE_TUNNEL_TOKEN_MIFOS_R630_02=
|
|
CLOUDFLARE_ORIGIN_CA_KEY=
|
|
CLOUDFLARE_ACCOUNT_ID=
|
|
# Turnstile (Captcha) for IRU marketplace inquiry — Dashboard → Turnstile; NOT the DNS API key
|
|
CLOUDFLARE_TURNSTILE_SECRET_KEY=
|
|
# dbis_core Vite marketplace: VITE_CLOUDFLARE_TURNSTILE_SITE_KEY=
|
|
# Sankofa portal Next.js (sibling repo): NEXT_PUBLIC_CLOUDFLARE_TURNSTILE_SITE_KEY=
|
|
|
|
# --- ClouDNS ---
|
|
CLOUDNS_AUTH_ID=
|
|
CLOUDNS_AUTH_PASSWORD=
|
|
|
|
# --- NPM / NPMplus ---
|
|
NPM_URL=
|
|
NPM_EMAIL=
|
|
NPM_PASSWORD=
|
|
NPM_HOST=
|
|
NPM_PROXMOX_HOST=
|
|
NPMPLUS_HOST=
|
|
NPM_VMID=
|
|
NPMPLUS_VMID=
|
|
NPMPLUS_ALLTRA_HYBX_VMID=
|
|
IP_NPMPLUS_ALLTRA_HYBX=
|
|
NPM_URL_MIFOS=
|
|
|
|
# --- Keycloak Admin API (optional) ---
|
|
# For scripts/deployment/keycloak-sankofa-ensure-client-redirects.sh — merge portal/admin redirect URIs.
|
|
# KEYCLOAK_URL=https://keycloak.sankofa.nexus
|
|
# KEYCLOAK_REALM=master
|
|
# KEYCLOAK_CLIENT_ID=sankofa-portal
|
|
# KEYCLOAK_ADMIN=admin
|
|
# KEYCLOAK_ADMIN_PASSWORD=
|
|
|
|
# --- Fastly ---
|
|
FASTLY_API_TOKEN=
|
|
|
|
# --- Network / UniFi / Omada ---
|
|
PUBLIC_IP=
|
|
PROXMOX_HOST_FOR_TEST=
|
|
UNIFI_UDM_URL=
|
|
UNIFI_API_KEY=
|
|
UNIFI_API_MODE=
|
|
UNIFI_SITE_ID=
|
|
UNIFI_VERIFY_SSL=
|
|
OMADA_API_KEY=
|
|
OMADA_CLIENT_SECRET=
|
|
|
|
# --- Gitea ---
|
|
GITEA_URL=
|
|
GITEA_TOKEN=
|
|
GITEA_ORG=
|
|
|
|
# --- Database & app auth ---
|
|
DATABASE_URL=
|
|
JWT_SECRET=
|
|
JWT_REFRESH_SECRET=
|
|
JWT_EXPIRES_IN=
|
|
JWT_REFRESH_EXPIRES_IN=
|
|
SESSION_SECRET=
|
|
ADMIN_CENTRAL_API_KEY=
|
|
DBIS_CENTRAL_URL=
|
|
ADMIN_JWT_SECRET=
|
|
|
|
# --- Storage (AWS / Azure) ---
|
|
STORAGE_TYPE=
|
|
STORAGE_PATH=
|
|
AWS_REGION=
|
|
AWS_ACCESS_KEY_ID=
|
|
AWS_SECRET_ACCESS_KEY=
|
|
AWS_S3_BUCKET=
|
|
AZURE_STORAGE_CONNECTION_STRING=
|
|
AZURE_STORAGE_CONTAINER=
|
|
|
|
# --- Pinata (IPFS pinning; token logos) ---
|
|
# Dashboard: https://app.pinata.cloud — API Keys → JWT or key/secret.
|
|
# scripts/upload-token-logos-to-ipfs.sh uses PINATA_JWT only (Bearer for pinFileToIPFS).
|
|
PINATA_JWT=
|
|
PINATA_API_KEY=
|
|
PINATA_API_SECRET=
|
|
|
|
# --- Blockchain / SMOM-DBIS-138 (use smom-dbis-138/.env for PRIVATE_KEY) ---
|
|
PRIVATE_KEY=
|
|
RPC_URL_138=
|
|
RPC_URL_138_PUBLIC=
|
|
# XDC Zero — second relayer pair (XDC Network mainnet <-> Chain 138). See docs/03-deployment/CHAIN138_XDC_ZERO_BRIDGE_RUNBOOK.md and config/xdc-zero/
|
|
# Use XDC mainnet JSON-RPC only (chain id 50), not Ethereum L1. Default:
|
|
XDC_PARENTNET_URL=https://rpc.xinfin.network
|
|
# Testnet (Apothem): https://rpc.apothem.network
|
|
# Optional alias for 138 side (defaults to RPC_URL_138 in preflight if unset):
|
|
XDC_ZERO_PEER_RPC_URL=
|
|
|
|
# Ethereum L1 — used for dual-anchor attestation with scripts/omnl/omnl-chain138-attestation-tx.sh (consumes ETH gas). Alias: RPC_URL_MAINNET.
|
|
ETHEREUM_MAINNET_RPC=
|
|
CHAIN_651940_RPC_URL=
|
|
ETHERLINK_RPC_URL=
|
|
TEZOS_RPC_URL=
|
|
ETHERSCAN_API_KEY=
|
|
ETHERLINK_CCIP_SELECTOR=
|
|
TEZOS_BRIDGE_ENABLED=
|
|
ETHERLINK_BRIDGE_ENABLED=
|
|
TEZOS_RELAY_ORACLE_KEY=
|
|
ETHERLINK_RELAY_BRIDGE=
|
|
ETHERLINK_RELAY_PRIVATE_KEY=
|
|
JUMPER_API_KEY=
|
|
ONEINCH_API_KEY=
|
|
MOONPAY_API_KEY=
|
|
MOONPAY_SECRET_KEY=
|
|
RAMP_NETWORK_API_KEY=
|
|
ONRAMPER_API_KEY=
|
|
|
|
# --- GRU Transport / cW hard-peg bridge controls (Chain 138 -> public chains) ---
|
|
# Canonical L1 bridge env used by the GRU transport overlay and token-aggregation.
|
|
CHAIN138_L1_BRIDGE=
|
|
# Legacy alias still used by some deployment helpers.
|
|
CW_L1_BRIDGE_CHAIN138=
|
|
CW_BRIDGE_MAINNET=
|
|
CW_BRIDGE_CRONOS=
|
|
CW_BRIDGE_BSC=
|
|
CW_BRIDGE_POLYGON=
|
|
CW_BRIDGE_GNOSIS=
|
|
CW_BRIDGE_AVALANCHE=
|
|
CW_BRIDGE_BASE=
|
|
CW_BRIDGE_ARBITRUM=
|
|
CW_BRIDGE_OPTIMISM=
|
|
CW_RESERVE_VERIFIER_CHAIN138=
|
|
CW_STABLECOIN_RESERVE_VAULT=
|
|
CW_RESERVE_SYSTEM=
|
|
CW_ATTACH_VERIFIER_TO_L1=1
|
|
CW_REQUIRE_VAULT_BACKING=
|
|
CW_REQUIRE_RESERVE_SYSTEM_BALANCE=
|
|
CW_REQUIRE_TOKEN_OWNER_MATCH_VAULT=
|
|
CW_CANONICAL_USDT=
|
|
CW_CANONICAL_USDC=
|
|
CW_USDT_RESERVE_ASSET=
|
|
CW_USDC_RESERVE_ASSET=
|
|
CW_MAX_OUTSTANDING_USDT_MAINNET=
|
|
CW_MAX_OUTSTANDING_USDC_MAINNET=
|
|
CW_MAX_OUTSTANDING_USDT_CRONOS=
|
|
CW_MAX_OUTSTANDING_USDC_CRONOS=
|
|
CW_MAX_OUTSTANDING_USDT_BSC=
|
|
CW_MAX_OUTSTANDING_USDC_BSC=
|
|
CW_MAX_OUTSTANDING_USDT_POLYGON=
|
|
CW_MAX_OUTSTANDING_USDC_POLYGON=
|
|
CW_MAX_OUTSTANDING_USDT_GNOSIS=
|
|
CW_MAX_OUTSTANDING_USDC_GNOSIS=
|
|
CW_MAX_OUTSTANDING_USDT_AVALANCHE=
|
|
CW_MAX_OUTSTANDING_USDC_AVALANCHE=
|
|
CW_MAX_OUTSTANDING_USDT_BASE=
|
|
CW_MAX_OUTSTANDING_USDC_BASE=
|
|
CW_MAX_OUTSTANDING_USDT_ARBITRUM=
|
|
CW_MAX_OUTSTANDING_USDC_ARBITRUM=
|
|
CW_MAX_OUTSTANDING_USDT_OPTIMISM=
|
|
CW_MAX_OUTSTANDING_USDC_OPTIMISM=
|
|
CW_FREEZE_AVAX_L2_CONFIG=
|
|
|
|
# --- Alerts & monitoring ---
|
|
SLACK_WEBHOOK_URL=
|
|
PAGERDUTY_INTEGRATION_KEY=
|
|
EMAIL_ALERT_API_URL=
|
|
EMAIL_ALERT_RECIPIENTS=
|
|
SENTRY_DSN=
|
|
|
|
# --- dbis_core IRU / marketplace outbound mail (optional; Proxmox Mail Proxy VMID 100 = 192.168.11.32) ---
|
|
# EMAIL_PROVIDER=smtp
|
|
# SMTP_HOST=192.168.11.32
|
|
# SMTP_PORT=587
|
|
# SMTP_SECURE=false
|
|
# SMTP_USER=
|
|
# SMTP_PASSWORD=
|
|
# EMAIL_FROM=
|
|
# EMAIL_FROM_NAME=SolaceNet
|
|
# DBIS_SALES_EMAIL=
|
|
|
|
# --- Legal / e-signature ---
|
|
E_SIGNATURE_BASE_URL=
|
|
|
|
# --- OTC / exchanges (dbis_core) ---
|
|
CRYPTO_COM_API_KEY=
|
|
CRYPTO_COM_API_SECRET=
|
|
CRYPTO_COM_ENVIRONMENT=
|
|
BINANCE_API_KEY=
|
|
BINANCE_API_SECRET=
|
|
KRAKEN_API_KEY=
|
|
KRAKEN_PRIVATE_KEY=
|
|
OANDA_API_KEY=
|
|
OANDA_ACCOUNT_ID=
|
|
OANDA_ENVIRONMENT=
|
|
FXCM_API_TOKEN=
|
|
|
|
# --- Price / market data ---
|
|
COINGECKO_API_KEY=
|
|
COINDESK_API_KEY=
|
|
COINMARKETCAP_API_KEY=
|
|
DEXSCREENER_API_KEY=
|
|
|
|
# --- Mifos / Fineract / OMNL ---
|
|
MIFOS_BASE_URL=
|
|
MIFOS_TENANT=
|
|
MIFOS_USER=
|
|
MIFOS_PASSWORD=
|
|
MIFOS_INSECURE=
|
|
OMNL_FINERACT_BASE_URL=
|
|
OMNL_FINERACT_TENANT=
|
|
OMNL_FINERACT_USER=
|
|
OMNL_FINERACT_PASSWORD=
|
|
|
|
# --- Phoenix / Sankofa / OMNIS backend ---
|
|
SANKOFA_PHOENIX_API_URL=
|
|
SANKOFA_PHOENIX_CLIENT_ID=
|
|
SANKOFA_PHOENIX_CLIENT_SECRET=
|
|
SANKOFA_PHOENIX_TENANT_ID=
|
|
# Corporate apex (sankofa.nexus) → CT 7806 when provisioned (default in ip-addresses stays portal until set)
|
|
# IP_SANKOFA_PUBLIC_WEB=192.168.11.63
|
|
|
|
# --- Frontend / MetaMask / Explorer ---
|
|
VITE_WALLETCONNECT_PROJECT_ID=
|
|
VITE_THIRDWEB_CLIENT_ID=
|
|
VITE_ETHERSCAN_API_KEY=
|
|
VITE_SENTRY_DSN=
|
|
VITE_API_URL=
|
|
VITE_API_BASE_URL=
|
|
NEXT_PUBLIC_API_URL=
|
|
NEXT_PUBLIC_CHAIN_ID=
|
|
METAMASK_API_KEY=
|
|
THIRDWEB_SECRET_KEY=
|
|
NPM_ACCESS_TOKEN=
|
|
|
|
# --- DeFi aggregators (alltra-lifi-settlement) ---
|
|
PARASWAP_API_KEY=
|
|
ZEROX_API_KEY=
|
|
|
|
# --- ProxmoxVE API (MongoDB) ---
|
|
MONGO_USER=
|
|
MONGO_PASSWORD=
|
|
MONGO_IP=
|
|
MONGO_PORT=
|
|
MONGO_DATABASE=
|
|
|
|
# --- Chain138 RPC (config) ---
|
|
CHAIN138_RPC_URL=
|
|
RPC_URL_138_FIREBLOCKS=
|
|
WS_URL_138_FIREBLOCKS=
|
|
CHAIN_ID_138=
|
|
|
|
# --- Phoenix deploy API ---
|
|
PORT=
|
|
GITEA_TOKEN=
|
|
|
|
# --- Optional / per-service ---
|
|
MARKET_REPORTING_API_KEY=
|
|
E_FILING_ENABLED=
|
|
NODE_ENV=
|