deming/.env.example at db7bab38c3226e3d3f148a14dda384682fd5e310 · wouldsmina/deming · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
##################################################
# Application
##################################################
APP_NAME=Deming
APP_ENV=production
APP_FORCE_HTTPS=false
APP_KEY=
APP_DEBUG=true
APP_URL=http://deming.yourdomain.com
APP_TIMEZONE='Europe/Paris'
APP_EDITOR=

##################################################
# Database
##################################################
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=deming
DB_USERNAME=deming_user
DB_PASSWORD=demPasssword-123

LOG_CHANNEL=stack

BROADCAST_DRIVER=log
CACHE_DRIVER=file
QUEUE_CONNECTION=sync
SESSION_DRIVER=file
SESSION_LIFETIME=120

##################################################
# Mail
##################################################
MAIL_HOST='smtp.localhost'
MAIL_PORT=2525
MAIL_AUTH=true
MAIL_SMTP_SECURE='ssl'     # 'ssl', 'tls' or null
MAIL_SMTP_AUTO_TLS=false   # true / false
MAIL_USERNAME=
MAIL_PASSWORD=

# MAIL_DKIM_DOMAIN = 'admin.local';
# MAIL_DKIM_PRIVATE = '/path/to/private/key';
# MAIL_DKIM_SELECTOR = 'default';   # Match your DKIM DNS selector
# MAIL_DKIM_PASSPHRASE = '';        # Only if your key has a passphrase

##################################################
# LDAP
##################################################
# - If LDAP_ENABLED=true => try LDAP; on success, log the mapped local user in.
#  - If LDAP fails and LDAP_FALLBACK_LOCAL=true => try local DB credentials.
#  - If LDAP_ENABLED=false => only local DB credentials.

LDAP_ENABLED=false
LDAP_FALLBACK_LOCAL=true
LDAP_AUTO_PROVISION=false

# Config
LDAP_LOGGING=false
LDAP_CONNECTION=default
LDAP_HOST=127.0.0.1
LDAP_USERNAME="cn=admin,dc=example,dc=org"
LDAP_PASSWORD=admin
LDAP_PORT=389
LDAP_BASE_DN="dc=example,dc=org"
LDAP_TIMEOUT=5
LDAP_SSL=false
LDAP_TLS=false

# Candidate attributes to identify the username entered in the form
# Order matters: the first match wins.
# OpenLDAP: uid, cn, mail ; AD: sAMAccountName, userPrincipalName, mail
LDAP_LOGIN_ATTRIBUTES="uid,cn,mail,sAMAccountName,userPrincipalName"

# Match user group or null for any group
LDAP_GROUP=

##################################################
# Socialite
##################################################

# List of socialite providers separated by a space. Possible value : keycloak, oidc
SOCIALITE_PROVIDERS=""

KEYCLAOK_DISPLAY_NAME="Keycloak"
KEYCLOAK_ALLOW_CREATE_USER=false
KEYCLOAK_ALLOW_UPDATE_USER=false
KEYCLOAK_DEFAULT_ROLE="auditee"
KEYCLOAK_ROLE_CLAIM="resource_access.deming.roles.0"
KEYCLOAK_ADDITIONAL_SCOPES="roles"

KEYCLOAK_CLIENT_ID=deming
KEYCLOAK_CLIENT_SECRET=secret
KEYCLOAK_REDIRECT_URI=${APP_URL}auth/callback/keycloak
KEYCLOAK_BASE_URL=https://keycloak.local
KEYCLOAK_REALM=main

OIDC_DISPLAY_NAME="Generic OIDC"
OIDC_ALLOW_CREATE_USER=false
OIDC_ALLOW_UPDATE_USER=false
OIDC_DEFAULT_ROLE="auditee"
OIDC_ROLE_CLAIM=""
OIDC_ADDITIONAL_SCOPES="deming_role"

OIDC_CLIENT_ID=deming
OIDC_CLIENT_SECRET=deming
OIDC_BASE_URL=http://auth.lan
OIDC_SUFFIX=""
OIDC_USE_ID_TOKEN=false     # true pour décoder le JWT
OIDC_JWT_ALG=RS256          # RS256 ou HS256. utile uniquement avec OIDC_USE_ID_TOKEN=true
OIDC_JWT_SECRET_OR_KEY=""   # secret pour HS256 ou clé au format PEM pour RS256
OIDC_REDIRECT_URI=${APP_URL}auth/callback/oidc
APP_VERSION=2025.08.13