# Certctl Configuration Example
# Copy this file to .env and configure for your environment
# DO NOT commit .env with real secrets to version control

# ==============================================================================
# PostgreSQL (used by Docker Compose for the postgres container)
# ==============================================================================
POSTGRES_DB=certctl
POSTGRES_USER=certctl
POSTGRES_PASSWORD=change-me-in-production

# ==============================================================================
# Certctl Server
# All server vars use the CERTCTL_ prefix (see internal/config/config.go)
# ==============================================================================
CERTCTL_DATABASE_URL=postgres://certctl:certctl@postgres:5432/certctl?sslmode=disable
CERTCTL_SERVER_HOST=0.0.0.0
CERTCTL_SERVER_PORT=8443
CERTCTL_LOG_LEVEL=info
CERTCTL_LOG_FORMAT=json

# Auth type: "api-key", "jwt", or "none" (for demo/development)
CERTCTL_AUTH_TYPE=none
# Required when CERTCTL_AUTH_TYPE is "api-key" or "jwt"
# Generate with: openssl rand -base64 32
# CERTCTL_AUTH_SECRET=change-me-in-production

# ==============================================================================
# Certctl Agent
# ==============================================================================
CERTCTL_SERVER_URL=http://localhost:8443
CERTCTL_API_KEY=change-me-in-production
CERTCTL_AGENT_NAME=local-agent

# ==============================================================================
# Optional: Scheduler Tuning (defaults are usually fine)
# ==============================================================================
# CERTCTL_SCHEDULER_RENEWAL_CHECK_INTERVAL=1h
# CERTCTL_SCHEDULER_JOB_PROCESSOR_INTERVAL=30s
# CERTCTL_SCHEDULER_AGENT_HEALTH_CHECK_INTERVAL=2m
# CERTCTL_SCHEDULER_NOTIFICATION_PROCESS_INTERVAL=1m
# CERTCTL_DATABASE_MAX_CONNS=25