# MockupAWS Environment Configuration - Production # ============================================================================= # CRITICAL: This file contains sensitive configuration examples. # - NEVER commit .env.production to git # - Use proper secrets management (AWS Secrets Manager, HashiCorp Vault, etc.) # - Rotate secrets regularly # ============================================================================= # ============================================================================= # Database # ============================================================================= # Use strong passwords and SSL connections in production DATABASE_URL=postgresql+asyncpg://postgres:STRONG_PASSWORD@prod-db-host:5432/mockupaws?ssl=require # ============================================================================= # Application # ============================================================================= APP_NAME=mockupAWS DEBUG=false API_V1_STR=/api/v1 # ============================================================================= # JWT Authentication # ============================================================================= # CRITICAL: Generate a strong random secret (min 32 chars) # Run: openssl rand -hex 32 JWT_SECRET_KEY=REPLACE_WITH_STRONG_RANDOM_SECRET_MIN_32_CHARS JWT_ALGORITHM=HS256 ACCESS_TOKEN_EXPIRE_MINUTES=30 REFRESH_TOKEN_EXPIRE_DAYS=7 # ============================================================================= # Security # ============================================================================= BCRYPT_ROUNDS=12 API_KEY_PREFIX=mk_ # CORS - Restrict to your domain FRONTEND_URL=https://app.mockupaws.com ALLOWED_HOSTS=app.mockupaws.com,api.mockupaws.com # Rate Limiting (requests per minute) RATE_LIMIT_AUTH=5 RATE_LIMIT_API_KEYS=10 RATE_LIMIT_GENERAL=100 # ============================================================================= # Email Configuration # ============================================================================= # Provider: sendgrid or ses EMAIL_PROVIDER=sendgrid EMAIL_FROM=noreply@mockupaws.com # SendGrid Configuration # Store in secrets manager, not here SENDGRID_API_KEY=sg_production_api_key_from_secrets_manager # AWS SES Configuration (alternative to SendGrid) # Use IAM roles instead of hardcoded credentials when possible AWS_ACCESS_KEY_ID=AKIA... AWS_SECRET_ACCESS_KEY=from_secrets_manager AWS_REGION=us-east-1 # ============================================================================= # Reports & Storage # ============================================================================= # Use S3 or other cloud storage in production REPORTS_STORAGE_PATH=/app/storage/reports REPORTS_MAX_FILE_SIZE_MB=50 REPORTS_CLEANUP_DAYS=90 REPORTS_RATE_LIMIT_PER_MINUTE=10 # S3 Configuration (optional) # AWS_S3_BUCKET=mockupaws-reports # AWS_S3_REGION=us-east-1 # ============================================================================= # Scheduler (Cron Jobs) # ============================================================================= SCHEDULER_ENABLED=true SCHEDULER_INTERVAL_MINUTES=5 # Redis for Celery (recommended for production) REDIS_URL=redis://redis:6379/0 CELERY_BROKER_URL=redis://redis:6379/0 CELERY_RESULT_BACKEND=redis://redis:6379/0 # ============================================================================= # Monitoring & Logging # ============================================================================= LOG_LEVEL=INFO SENTRY_DSN=https://your-sentry-dsn@sentry.io/project # ============================================================================= # SSL/TLS # ============================================================================= SSL_CERT_PATH=/etc/ssl/certs/mockupaws.crt SSL_KEY_PATH=/etc/ssl/private/mockupaws.key