# Database (POSTGRES_PASSWORD is shared between the app and the postgres container)
POSTGRES_PASSWORD=change-me-to-a-strong-random-string

# Encryption keys (generate each with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))")
APP_MASTER_KEY=
APP_BLIND_INDEX_KEY=

# Auth secrets (generate each the same way)
TOKEN_SECRET=
JWT_SECRET=

# ALTCHA spam protection (generate the same way)
ALTCHA_HMAC_KEY=

# WebAuthn / Passkey (set these to your actual domain)
WEBAUTHN_RP_NAME=Echoboard
WEBAUTHN_RP_ID=example.com
WEBAUTHN_ORIGIN=https://example.com

# Web push notifications (generate with: npx web-push generate-vapid-keys)
VAPID_PUBLIC_KEY=
VAPID_PRIVATE_KEY=
VAPID_CONTACT=mailto:admin@example.com

# Server
PORT=3000