32 lines
1.4 KiB
Plaintext
32 lines
1.4 KiB
Plaintext
# The best way to define each secret is to generate random strings with e.g.:
|
|
#
|
|
# openssl rand -base64 48 #this will generate a 48chars random string
|
|
#
|
|
# Please provide secret strings (do not share them) for:
|
|
#
|
|
# Secret used for JWT cryptography
|
|
DEFGUARD_AUTH_SECRET=<YOUR_AUTH_SECRET>
|
|
# Secret used for JWT cryptography in YubiBridge GRPC communication
|
|
DEFGUARD_YUBIBRIDGE_SECRET=<DEFGUARD_YUBIBRIDGE_SECRET>
|
|
# Secret used for JWT cryptography in gateway GRPC communication
|
|
DEFGUARD_GATEWAY_SECRET=<DEFGUARD_GATEWAY_SECRET>
|
|
# Secret used for private cookies cryptography; must be at least 64 characters long
|
|
DEFGUARD_SECRET_KEY=<DEFGUARD_SECRET_KEY>
|
|
# Database password
|
|
DEFGUARD_DB_PASSWORD=<YOUR_DB_PASSWORD>
|
|
# Public URL of your Defguard instance
|
|
# E.g.: https://defguard.mycompany.com
|
|
DEFGUARD_URL=<YOUR_DEFGUARD_URL>
|
|
# Webauthn RP ID (https://w3c.github.io/webauthn/#rp-id)
|
|
# E.g.: defguard.mycompany.com (without http/https)
|
|
DEFGUARD_WEBAUTHN_RP_ID=<YOUR_DEFGUARD_WEBAUTHN_RP_ID>
|
|
# Public URL of your defguard proxy gRPC server
|
|
# DEFGUARD_PROXY_URL=<YOUR_PROXY_GRPC_URL>
|
|
# Public URL of your enrollment service
|
|
# E.g.: https://enrollment.mycompany.com
|
|
# DEFGUARD_ENROLLMENT_URL=<YOUR_PROXY_URL> # [ENROLLMENT]
|
|
# Token used for VPN gateway authorization
|
|
# DEFGUARD_TOKEN=<GATEWAY_TOKEN> # [VPN]
|
|
# Enable insecure cookies when not using HTTPS
|
|
# DEFGUARD_COOKIE_INSECURE=true # [HTTP]
|