-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy path.env.example
More file actions
74 lines (60 loc) · 2.82 KB
/
.env.example
File metadata and controls
74 lines (60 loc) · 2.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
# agent-bom Environment Configuration
# Copy this file to .env and fill in your values
# NVD API Key (get from https://nvd.nist.gov/developers/request-an-api-key)
# Increases rate limit from 5 req/30s to 50 req/30s
NVD_API_KEY=your-nvd-api-key-here
# Snowflake Cortex Configuration
# Auth: SSO (default) or key-pair (recommended for CI/CD). Password auth is deprecated.
SNOWFLAKE_ACCOUNT=your-account.snowflakecomputing.com
SNOWFLAKE_USER=your-username
# SNOWFLAKE_AUTHENTICATOR=externalbrowser # SSO — default when no key-pair set
# SNOWFLAKE_PRIVATE_KEY_PATH=/path/to/rsa_key.p8 # Key-pair auth (CI/CD)
# SNOWFLAKE_PRIVATE_KEY_PASSPHRASE= # Optional passphrase for key file
SNOWFLAKE_WAREHOUSE=COMPUTE_WH
SNOWFLAKE_DATABASE=CORTEX_DB
SNOWFLAKE_SCHEMA=PUBLIC
# AWS Configuration (for Bedrock scanning - future)
AWS_REGION=us-east-1
AWS_ACCESS_KEY_ID=your-access-key
AWS_SECRET_ACCESS_KEY=your-secret-key
AWS_PROFILE=default
# Azure Configuration (for OpenAI Service scanning - future)
AZURE_SUBSCRIPTION_ID=your-subscription-id
AZURE_RESOURCE_GROUP=your-resource-group
AZURE_TENANT_ID=your-tenant-id
AZURE_CLIENT_ID=your-client-id
AZURE_CLIENT_SECRET=your-client-secret
# Google Cloud Configuration (for ADK scanning - future)
GCP_PROJECT_ID=your-project-id
GCP_SERVICE_ACCOUNT_KEY=/path/to/service-account.json
# Optional: Logging
LOG_LEVEL=INFO
LOG_FILE=/var/log/agent-bom/scanner.log
# Optional: Cache configuration
CACHE_ENABLED=true
CACHE_TTL=3600
REDIS_URL=redis://localhost:6379/0
# ── PostgreSQL ──────────────────────────────────────────────────────────────
# Docker Compose requires POSTGRES_PASSWORD (will refuse to start without it).
# POSTGRES_APP_PASSWORD enables least-privilege: the app connects as agent_bom_app
# (DML only — cannot CREATE/DROP/ALTER tables). If not set, falls back to admin user.
# Admin user (owns schema, runs migrations — do NOT give to the app)
POSTGRES_PASSWORD=
POSTGRES_USER=agent_bom
POSTGRES_DB=agent_bom
POSTGRES_PORT=5432
# App user (least privilege — SELECT, INSERT, UPDATE, DELETE only)
POSTGRES_APP_PASSWORD=
POSTGRES_APP_USER=agent_bom_app
# For external/managed Postgres (Supabase, Neon, RDS), set this directly:
# AGENT_BOM_POSTGRES_URL=postgresql://agent_bom_app:<password>@<host>:5432/agent_bom
# ── Full-stack (docker-compose.fullstack.yml) ────────────────────────────────
# Port bindings
API_PORT=8422
UI_PORT=3000
# URL the Next.js UI uses to reach the FastAPI backend.
# Local dev (docker-compose): http://localhost:8422
# Production: https://api.yourdomain.com
NEXT_PUBLIC_API_URL=http://localhost:8422
# Optional: protect the API with a Bearer token
# AGENT_BOM_API_KEY=change-me-secret-key