# The best way to define each secret is to generate random strings with e.g.:
#
# openssl rand -base64 48 #this will generate a 48chars random string
#
# Please provide secret strings (do not share them) for:
#
# Secret used for JWT cryptography
DEFGUARD_AUTH_SECRET=NcbMI1ahJHi3UR4PGdaZchvLlcr0lvo9xMRuqikDlqIqlGaD02L7mUT6NdAQ4Mx1
# Secret used for JWT cryptography in YubiBridge GRPC communication
DEFGUARD_YUBIBRIDGE_SECRET=NokI3c35i6HZSfNKq1WCluA7yTQyvOla2Tr4MG56N58dGmwwSuLvFmiHwoEeYJUr
# Secret used for JWT cryptography in gateway GRPC communication
DEFGUARD_GATEWAY_SECRET=kDTUdh8Y3LEpa8NHNoter3RQGyr7bnwDptr1uhJvsG2ZXm64T7XobalQdizwlDXJ
# Secret used for private cookies cryptography; must be at least 64 characters long
DEFGUARD_SECRET_KEY=XHkQ0463B5xtQNmUA915Ueaqyr7Hg4r07LusdGxrtyXICbF6NE7No8qIsuDnAzFc
# Database password
DEFGUARD_DB_PASSWORD=2USAuHjZw14G7PcA
# Public URL of your Defguard instance
# E.g.: https://defguard.mycompany.com
DEFGUARD_URL=https://defguard.zacksolutions.dev
# Webauthn RP ID (https://w3c.github.io/webauthn/#rp-id)
# E.g.: defguard.mycompany.com (without http/https)
DEFGUARD_WEBAUTHN_RP_ID=defguard.zacksolutions.dev
# Public URL of your defguard proxy gRPC server
# DEFGUARD_PROXY_URL=<YOUR_PROXY_GRPC_URL>
# Public URL of your enrollment service
# E.g.: https://enrollment.mycompany.com
DEFGUARD_ENROLLMENT_URL=https://enrollement.zacksolutions.dev
# Token used for VPN gateway authorization
DEFGUARD_TOKEN=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJEZWZHdWFyZCIsInN1YiI6IkRFRkdVQVJELU5FVFdPUkstMSIsImNsaWVudF9pZCI6IjEiLCJleHAiOjYwMTg3NDAyNjQsIm5iZiI6MTcyMzc3Mjk2OX0.wL0UYiIECDooNVB9sYaioOnwsUS7__A0pNSpNiDqIv0
# Enable insecure cookies when not using HTTPS
DEFGUARD_COOKIE_INSECURE=true  # [HTTP]
CORE_IMAGE_TAG=latest
PROXY_IMAGE_TAG=latest
GATEWAY_IMAGE_TAG=latest
DEFGUARD_DEFAULT_ADMIN_PASSWORD=DrxLEJShMFCNKsB3