Bert Hausmans
57e4adc69c
- Remove JIRA_SCHEMA_ID from all documentation, config files, and scripts - Update generate-schema.ts to always auto-discover schemas dynamically - Runtime application already discovers schemas via /objectschema/list API - Build script now automatically selects schema with most objects - Remove JIRA_SCHEMA_ID from docker-compose.yml, Azure setup scripts, and all docs - Application is now fully schema-agnostic and discovers schemas automatically
3.5 KiB
3.5 KiB
Authentication System Environment Variables
This document describes the new environment variables required for the authentication and authorization system.
Application Branding
# Application name displayed throughout the UI
APP_NAME=CMDB Insight
# Application tagline/subtitle displayed in header and login pages
APP_TAGLINE=Management console for Jira Assets
# Copyright text displayed in the footer (use {year} as placeholder for current year)
APP_COPYRIGHT=© {year} Zuyderland Medisch Centrum
Note: The {year} placeholder in APP_COPYRIGHT will be automatically replaced with the current year. If not set, defaults to © {current_year} Zuyderland Medisch Centrum.
Email Configuration (Nodemailer)
# SMTP Configuration
SMTP_HOST=smtp.example.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=your-email@example.com
SMTP_PASSWORD=your-password
SMTP_FROM=noreply@example.com
Encryption
# Encryption Key (32 bytes, base64 encoded)
# Generate with: openssl rand -base64 32
ENCRYPTION_KEY=your-32-byte-encryption-key-base64
Local Authentication
# Enable local authentication (email/password)
LOCAL_AUTH_ENABLED=true
# Allow public registration (optional, default: false)
REGISTRATION_ENABLED=false
Password Requirements
# Password minimum length
PASSWORD_MIN_LENGTH=8
# Password complexity requirements
PASSWORD_REQUIRE_UPPERCASE=true
PASSWORD_REQUIRE_LOWERCASE=true
PASSWORD_REQUIRE_NUMBER=true
PASSWORD_REQUIRE_SPECIAL=false
Session Configuration
# Session duration in hours
SESSION_DURATION_HOURS=24
Initial Admin User
# Create initial administrator user (optional)
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=SecurePassword123!
ADMIN_USERNAME=admin
ADMIN_DISPLAY_NAME=Administrator
Complete Example
# Email Configuration
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=your-email@gmail.com
SMTP_PASSWORD=your-app-password
SMTP_FROM=noreply@example.com
# Encryption
ENCRYPTION_KEY=$(openssl rand -base64 32)
# Local Auth
LOCAL_AUTH_ENABLED=true
REGISTRATION_ENABLED=false
# Password Requirements
PASSWORD_MIN_LENGTH=8
PASSWORD_REQUIRE_UPPERCASE=true
PASSWORD_REQUIRE_LOWERCASE=true
PASSWORD_REQUIRE_NUMBER=true
PASSWORD_REQUIRE_SPECIAL=false
# Session
SESSION_DURATION_HOURS=24
# Initial Admin
ADMIN_EMAIL=admin@example.com
ADMIN_PASSWORD=ChangeMe123!
ADMIN_USERNAME=admin
ADMIN_DISPLAY_NAME=Administrator
Important Notes
User-Specific Configuration (REMOVED from ENV)
The following environment variables have been REMOVED from the codebase and are NOT configurable via environment variables:
JIRA_PAT: Configure in User Settings > Jira PATANTHROPIC_API_KEY: Configure in User Settings > AI SettingsOPENAI_API_KEY: Configure in User Settings > AI SettingsTAVILY_API_KEY: Configure in User Settings > AI Settings
These are now user-specific settings only. Each user must configure their own API keys in their profile settings. This provides:
- Better security (keys not in shared config files)
- Per-user API key management
- Individual rate limiting per user
- Better audit trails
- Encrypted storage in the database
Required Configuration
SESSION_SECRET: Should be a secure random string in production (generate withopenssl rand -base64 32)ENCRYPTION_KEY: Must be exactly 32 bytes when base64 decoded (generate withopenssl rand -base64 32)
Application Branding
- The
{year}placeholder inAPP_COPYRIGHTwill be automatically replaced with the current year