# Database
DB_PASSWORD=change-me-to-a-random-string
DATABASE_URL=postgresql://echoboard:change-me-to-a-random-string@db:5432/echoboard

# Encryption (generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))")
APP_MASTER_KEY=
APP_BLIND_INDEX_KEY=

# Auth secrets (generate each the same way as above)
TOKEN_SECRET=
JWT_SECRET=

# ALTCHA spam protection
ALTCHA_HMAC_KEY=

# WebAuthn / Passkey
WEBAUTHN_RP_NAME=Echoboard
WEBAUTHN_RP_ID=localhost
WEBAUTHN_ORIGIN=http://localhost:3000

# Web Push (generate with: npx web-push generate-vapid-keys)
VAPID_PUBLIC_KEY=
VAPID_PRIVATE_KEY=
VAPID_CONTACT=mailto:admin@example.com

# Server
PORT=3000