# The best way to define each secret is to generate random strings with e.g.:
#
# openssl rand -base64 48 #this will generate a 48chars random string
#
# Please provide secret strings (do not share them) for:
#
# Secret used for JWT cryptography
DEFGUARD_AUTH_SECRET=A4TdI5KfAkCtmPVxIxYqWO9mTDMnccVfkxJprzieo2e9rQYzPW4PwRfa5gRMYA0J
# Secret used for JWT cryptography in YubiBridge GRPC communication
DEFGUARD_YUBIBRIDGE_SECRET=kcHtysg9Lb0VkCFRhB6PrHzgSSPoWJPzffrilTwZHgX4Q33cERhxjXfAwK5W35cM
# Secret used for JWT cryptography in gateway GRPC communication
DEFGUARD_GATEWAY_SECRET=bslHRoM6aK9Xr3iKp2tGxDSiPMGX7JXrskUzDmJU2UYbaU12mR5QVeou4YLmYOcV
# Secret used for private cookies cryptography; must be at least 64 characters long
DEFGUARD_SECRET_KEY=HxTVMLpJ5QzaMDswdfjz7FvhZWjCdkFvhY07bzzmrLGXGF8iDD28mT8mN6TA2cz7
# Database password
DEFGUARD_DB_PASSWORD=QjmXlFfcLWziUFSn
# Public URL of your Defguard instance
# E.g.: https://defguard.mycompany.com
DEFGUARD_URL=https://defguard.zacksolutions.dev
# Webauthn RP ID (https://w3c.github.io/webauthn/#rp-id)
# E.g.: defguard.mycompany.com (without http/https)
DEFGUARD_WEBAUTHN_RP_ID=defguard.zacksolutions.dev
# Public URL of your defguard proxy gRPC server
# DEFGUARD_PROXY_URL=<YOUR_PROXY_GRPC_URL>
# Public URL of your enrollment service
# E.g.: https://enrollment.mycompany.com
DEFGUARD_ENROLLMENT_URL=https://enrollement.zacksolutions.dev
# Token used for VPN gateway authorization
DEFGUARD_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJEZWZHdWFyZCIsInN1YiI6IkRFRkdVQVJELU5FVFdPUkstMSIsImNsaWVudF9pZCI6IjEiLCJleHAiOjYwMTg4MzU0NTQsIm5iZiI6MTcyMzg2ODE1OX0.2pw74EdZoKU85v4Ayx5Cj8oLgIHzhgaluf1zZ6H6yv0
# Enable insecure cookies when not using HTTPS
# DEFGUARD_COOKIE_INSECURE=true  # [HTTP]
CORE_IMAGE_TAG=latest
PROXY_IMAGE_TAG=latest
GATEWAY_IMAGE_TAG=latest
DEFGUARD_DEFAULT_ADMIN_PASSWORD=bQetqj95VMFDQhuw
