# The best way to define each secret is to generate random strings with e.g.:
#
# openssl rand -base64 48 #this will generate a 48chars random string
#
# Please provide secret strings (do not share them) for:
#
# Secret used for JWT cryptography
DEFGUARD_AUTH_SECRET=<YOUR_AUTH_SECRET>
# Secret used for JWT cryptography in YubiBridge GRPC communication
DEFGUARD_YUBIBRIDGE_SECRET=<DEFGUARD_YUBIBRIDGE_SECRET>
# Secret used for JWT cryptography in gateway GRPC communication
DEFGUARD_GATEWAY_SECRET=<DEFGUARD_GATEWAY_SECRET>
# Secret used for private cookies cryptography; must be at least 64 characters long
DEFGUARD_SECRET_KEY=<DEFGUARD_SECRET_KEY>
# Database password
DEFGUARD_DB_PASSWORD=<YOUR_DB_PASSWORD>
# Public URL of your Defguard instance
# E.g.: https://defguard.mycompany.com
DEFGUARD_URL=<YOUR_DEFGUARD_URL>
# Webauthn RP ID (https://w3c.github.io/webauthn/#rp-id)
# E.g.: defguard.mycompany.com (without http/https)
DEFGUARD_WEBAUTHN_RP_ID=<YOUR_DEFGUARD_WEBAUTHN_RP_ID>
# Public URL of your defguard proxy gRPC server
# DEFGUARD_PROXY_URL=<YOUR_PROXY_GRPC_URL>
# Public URL of your enrollment service
# E.g.: https://enrollment.mycompany.com
# DEFGUARD_ENROLLMENT_URL=<YOUR_PROXY_URL>  # [ENROLLMENT]
# Token used for VPN gateway authorization
# DEFGUARD_TOKEN=<GATEWAY_TOKEN>  # [VPN]
# Enable insecure cookies when not using HTTPS
# DEFGUARD_COOKIE_INSECURE=true  # [HTTP]