-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path.env.example
More file actions
129 lines (103 loc) · 5.38 KB
/
.env.example
File metadata and controls
129 lines (103 loc) · 5.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
# SMTP_SERVER=smtp.sendgrid.net
# SMTP_PORT=587
# SMTP_USER=apikey
# SMTP_PASS=
ALLOW_REGISTRATIONS=true
SITE_URL=http://localhost:3000
FROM_EMAIL=noreply@tyk.io
DEVMODE=true
DEBUG_HTTP=false
DEBUG_HTTP_PROXY=false
DATABASE_URL=midsommar.db
DATABASE_TYPE=sqlite
ECHO_CONVERSATION=true
TYK_AI_SECRET_KEY=your-secret-key-here # Can be any string, used for encrypting secrets and SSO (if ENT)
DOCS_URL=http://localhost:8989
PROXY_URL=http://localhost:9090
# Display URLs for Tools and Datasources in the UI (optional)
# If not set, PROXY_URL is used as the fallback for all endpoint displays
# TOOL_DISPLAY_URL=http://localhost:9090
# DATASOURCE_DISPLAY_URL=http://localhost:9090
FILTER_SIGNUP_DOMAINS=tyk.io
DEFAULT_SIGNUP_MODE="both"
# ============================================================================
# Enterprise Edition - SSO Configuration
# ============================================================================
# SSO (Single Sign-On) is available exclusively in Enterprise Edition
# TIB_ENABLED is deprecated - SSO availability is determined by edition
# TYK_AI_SECRET_KEY is required for SSO functionality (see above)
# Configure SSO profiles via the Admin UI at /admin/sso-profiles
# ============================================================================
# AI Studio OCI Plugin Configuration (Optional)
# ============================================================================
# To enable OCI plugin support, set AI_STUDIO_OCI_CACHE_DIR
# If not set, AI Studio will only support local plugin binaries
# Enable OCI plugin support by setting cache directory
# AI_STUDIO_OCI_CACHE_DIR=/var/lib/ai-studio/plugins
# Cache configuration
# AI_STUDIO_OCI_MAX_CACHE_SIZE=1073741824 # 1GB default
# Security settings
# AI_STUDIO_OCI_REQUIRE_SIGNATURE=false # Default false for AI Studio (more permissive) - Enterprise Edition only
# AI_STUDIO_OCI_ALLOWED_REGISTRIES=registry1.com,registry2.com
# Network settings
# AI_STUDIO_OCI_TIMEOUT=30s
# AI_STUDIO_OCI_RETRY_ATTEMPTS=3
# Garbage collection
# AI_STUDIO_OCI_GC_INTERVAL=24h
# AI_STUDIO_OCI_KEEP_VERSIONS=3
# Advanced settings
# AI_STUDIO_OCI_INSECURE_REGISTRIES=localhost:5000,dev-registry.local
# ============================================================================
# OCI Registry Authentication (Shared with Microgateway)
# ============================================================================
# Authentication for private registries
# Replace MYREGISTRY_COM with your registry domain (dots become underscores)
# Basic authentication
# OCI_PLUGINS_REGISTRY_MYREGISTRY_COM_USERNAME=myuser
# OCI_PLUGINS_REGISTRY_MYREGISTRY_COM_TOKEN_ENV=MY_REGISTRY_TOKEN
# Alternative: Direct token (less secure)
# OCI_PLUGINS_REGISTRY_MYREGISTRY_COM_TOKEN=my-direct-token
# Password-based authentication
# OCI_PLUGINS_REGISTRY_MYREGISTRY_COM_USERNAME=myuser
# OCI_PLUGINS_REGISTRY_MYREGISTRY_COM_PASSWORD_ENV=MY_REGISTRY_PASSWORD
# ============================================================================
# OCI Public Keys for Signature Verification (Enterprise Edition Only)
# ============================================================================
# Public keys for verifying plugin signatures
# NOTE: OCI signature verification is available exclusively in Enterprise Edition
# Community Edition ignores these settings and skips signature verification
# Numbered keys (content directly in environment variable)
# OCI_PLUGINS_PUBKEY_1="-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...\n-----END PUBLIC KEY-----"
# File-based keys (path to public key file)
# OCI_PLUGINS_PUBKEY_FILE_COSIGN=/etc/ai-studio/cosign.pub
# OCI_PLUGINS_PUBKEY_FILE_COMPANY=/etc/ai-studio/company-signing.pub
# ============================================================================
# Plugin Security Configuration
# ============================================================================
# Plugin security features control network access and signature verification
# Community Edition Security (Always Available):
# - Path whitelisting (filesystem security)
# - Checksum validation (integrity checking)
# Enterprise Edition Security (Requires License):
# - GRPC host whitelisting (blocks internal network access)
# - OCI signature verification (Cosign-based supply chain security)
# GRPC Host Whitelisting (Enterprise Edition Only)
# Controls whether plugins can target internal network addresses
# Default: false (blocks 10.x, 192.168.x, 127.x, ::1, etc.)
# Set to true ONLY in development environments
# ALLOW_INTERNAL_NETWORK_ACCESS=false
# Logging
LOG_LEVEL=info # Options: trace, debug, info, warn, error
# Session Configuration
# SESSION_DURATION=6h # How long user sessions last (valid formats: "1h", "30m", "24h", "168h")
# ============================================================================
# Enterprise Edition - Licensing Configuration
# ============================================================================
# License key (JWT token) - Required for Enterprise Edition only
# TYK_AI_LICENSE=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9...
# Telemetry configuration (Enterprise Edition)
# LICENSE_TELEMETRY_URL=https://telemetry.tyk.technology/api/track
# LICENSE_TELEMETRY_PERIOD=1h # How often to send telemetry
# LICENSE_VALIDITY_CHECK_PERIOD=24h # How often to re-validate license
# LICENSE_DISABLE_TELEMETRY=false # Set to true to disable telemetry
# LICENSE_TELEMETRY_CONCURRENCY=20 # Max concurrent telemetry requests