# ========================================== # Baron SSO - Unified Environment Configuration # ========================================== # --- General System --- APP_ENV=stage # 애플리케이션 실행 환경 (dev, stage, production) TZ=Asia/Seoul # --- Infrastructure Ports --- DB_PORT=5432 CLICKHOUSE_PORT_HTTP=8123 CLICKHOUSE_PORT_NATIVE=9000 BACKEND_PORT=3000 ADMINFRONT_PORT=5173 DEVFRONT_PORT=5174 USERFRONT_PORT=5000 # --- Database Credentials (PostgreSQL) --- DB_USER=baron DB_PASSWORD=password DB_NAME=baron_sso # --- Backend Configuration --- # Must be 32 bytes. Generate with `openssl rand -hex 32` COOKIE_SECRET=super-secret-key-must-be-32-bytes! JWT_SECRET=super-secret-key-must-be-32-bytes! REDIS_ADDR=redis:6389 # compose.infra.yaml의 redis 포트(컨테이너 내부 기준) # Descope Project ID (Required for Auth) DESCOPE_PROJECT_ID=P2t...your_descope_project_id DESCOPE_MANAGEMENT_KEY=your_descope_management_key_here DESCOPE_TEST_ACCOUNT=dyddus1210@gmail.com # 테스트 자동화용 계정(loginId). 없으면 생성 후 비밀번호 변경 시나리오 실행 DESCOPE_TEST_ACCOUNT=tester@baroncs.co.kr # --- Naver Cloud Services --- NAVER_CLOUD_ACCESS_KEY=ncp_iam_... NAVER_CLOUD_SECRET_KEY=ncp_iam_... NAVER_CLOUD_SERVICE_ID=ncp:sms:kr:...:... NAVER_SENDER_PHONE_NUMBER=... # --- AWS SES (이메일 발송용) --- AWS_REGION=ap-northeast-2 AWS_ACCESS_KEY_ID=... AWS_SECRET_ACCESS_KEY=... AWS_SES_SENDER=no-reply@baron.co.kr # --- 관리자 page pw --- ADMIN_EMAIL=admin@baron.co.kr ADMIN_PASSWORD=adminPasswordIsNotSimple # --- URLs for Proxy/Handoff --- USERFRONT_URL=https://sso.hmac.kr # 프론트엔드 접속 주소 (이메일/SMS 링크 생성 시 사용) BACKEND_URL=https://sso.hmac.kr # 프론트엔드에서 참조할 백엔드 API 주소 # IDP_PROVIDER는 우선순위 순으로 콤마 구분 (예: Kratos/Hydra 우선, Descope 백업) IDP_PROVIDER=ory,descope # ory-stack 변수들 ORY_POSTGRES_TAG=17-trixie ORY_POSTGRES_USER=ory ORY_POSTGRES_PASSWORD=EuBV5ywvXFehkggHQrnYo5727MseEi6i9 ORY_POSTGRES_DB=ory ORY_POSTGRES_PORT=5433 KRATOS_DB=ory_kratos HYDRA_DB=ory_hydra KETO_DB=ory_keto # Ory Kratos Configuration KRATOS_VERSION=v25.4.0-distroless KRATOS_PUBLIC_PORT=4433 KRATOS_ADMINFRONT_PORT=4434 KRATOS_UI_NODE_VERSION=v25.4.0 KRATOS_UI_PORT=4455 # Ory Hydra Configuration HYDRA_VERSION=v25.4.0-distroless HYDRA_PUBLIC_PORT=4441 HYDRA_ADMINFRONT_PORT=4445 # Ory Keto Configuration KETO_VERSION=v25.4.0-distroless KETO_READ_PORT=4466 KETO_WRITE_PORT=4467 # Kratos Selfservice UI upstreams (override for deployments) ORY_SDK_URL=http://kratos:4433 KRATOS_PUBLIC_URL=http://kratos:4433 KRATOS_ADMIN_URL=http://kratos:4434 # 브라우저가 접근할 Kratos Public/UI 외부 URL (리버스 프록시/도메인 환경 고려) KRATOS_BROWSER_URL=http://localhost:4433 KRATOS_UI_URL=http://localhost:4455 HYDRA_ADMIN_URL=http://hydra:4445 HYDRA_PUBLIC_URL=http://hydra:4444 JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json # Kratos Selfservice UI required secrets (local only) COOKIE_SECRET=localcookie123 CSRF_COOKIE_NAME=__HOST-baronSSO_csrf CSRF_COOKIE_SECRET=localcsrf123