DOCKERDIR=/opt/compose/keywarden

## Local Auth
KEYWARDEN_SECRET_KEY=<!GENERATE SECRET HERE!>
KEYWARDEN_ALLOW_LOCAL_LOGIN=true
KEYWARDEN_ACCESS_TOKEN_EXPIRE_MINUTES=60

## Optional OIDC
# KEYWARDEN_OIDC_ENABLED=true
# KEYWARDEN_OIDC_ISSUER=https://auth.example.com/application/o/<slug>
# KEYWARDEN_OIDC_CLIENT_ID=keywarden
# KEYWARDEN_OIDC_AUDIENCE=keywarden-api
# KEYWARDEN_OIDC_JWKS_URL=https://auth.example.com/application/o/<slug>/jwks

## Policy toggles
# KEYWARDEN_REQUIRE_SSO=false           # if true, local login is disabled
# KEYWARDEN_AUTO_PROVISION_OIDC=true    # JIT user creation

## Postgres
KEYWARDEN_POSTGRES_USER="postgres"
KEYWARDEN_POSTGRES_PASSWORD="postgres"
KEYWARDEN_POSTGRES_HOST="keywarden-db"
KEYWARDEN_POSTGRES_PORT=5432
KEYWARDEN_POSTGRES_DB="keywarden"