Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
# CTIAS Lab Environment Configuration
# Copy this file to .env and update with your actual values

# Database Configuration
DATABASE_URL=postgresql://ctias:ctias_secure_password_change_me@postgres:5432/ctias_lab
POSTGRES_DB=ctias_lab
POSTGRES_USER=ctias
POSTGRES_PASSWORD=ctias_secure_password_change_me

# Redis Configuration
REDIS_URL=redis://redis:6379/0
REDIS_HOST=redis
REDIS_PORT=6379
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The .env.example file is missing the REDIS_PASSWORD environment variable, which is referenced in docs/DEPLOYMENT.md (lines 108, 119) for production deployments. This variable should be added to the template to ensure consistent configuration across environments.

Suggested change
REDIS_PORT=6379
REDIS_PORT=6379
REDIS_PASSWORD=changeme_redis_password

Copilot uses AI. Check for mistakes.

# JWT & Security
JWT_SECRET=your_jwt_secret_key_change_me_minimum_32_characters
Copy link

Copilot AI Feb 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The JWT secret default value 'your_jwt_secret_key_change_me_minimum_32_characters' is exactly 54 characters and contains only lowercase letters and underscores, making it predictable. While the documentation instructs users to change it, having a weaker pattern as the default increases risk. Consider using a randomly generated placeholder or removing the default entirely to force explicit configuration.

Suggested change
JWT_SECRET=your_jwt_secret_key_change_me_minimum_32_characters
# IMPORTANT: Set a strong, random JWT secret in your local .env file (at least 32+ characters).
JWT_SECRET=

Copilot uses AI. Check for mistakes.
JWT_ALGORITHM=HS256
JWT_EXPIRATION_MINUTES=60

# API Configuration
API_HOST=0.0.0.0
API_PORT=8000
API_WORKERS=4
API_LOG_LEVEL=info

# Frontend Configuration
REACT_APP_API_URL=http://localhost:8000

# Rate Limiting
RATE_LIMIT_ENABLED=true
RATE_LIMIT_PER_MINUTE=60

# CORS Configuration
CORS_ORIGINS=http://localhost:3000,http://localhost:8000

# Environment
ENVIRONMENT=development

# Logging
LOG_LEVEL=info
LOG_FORMAT=json

# Module Timeouts (seconds)
MODULE_TIMEOUT=30

# External API Keys (for threat intelligence feeds)
VIRUSTOTAL_API_KEY=
ABUSEIPDB_API_KEY=
SHODAN_API_KEY=

# Sentry Configuration (optional)
SENTRY_DSN=

# Admin Configuration
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=changeme_secure_password
29 changes: 29 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -205,3 +205,32 @@ cython_debug/
marimo/_static/
marimo/_lsp/
__marimo__/

# CTIAS Lab specific
# Backups
*.sql
*.sql.gz
/backups/

# Docker volumes
postgres_data/

# Local development
*.local
.DS_Store

# Secrets and credentials
secrets/
*.pem
*.key
*.crt
credentials.json

# Node modules
node_modules/
npm-debug.log*

# Java build
*.class
*.jar
target/
Loading
Loading