crewli/api/.env.example

APP_NAME="Crewli"
APP_ENV=local
APP_KEY=
# Set to true only in local development
APP_DEBUG=false
# Local API origin (no path suffix). Production: https://api.crewli.app
APP_URL=http://localhost:8000

APP_LOCALE=en
APP_FALLBACK_LOCALE=en
APP_FAKER_LOCALE=en_US

APP_MAINTENANCE_DRIVER=file

BCRYPT_ROUNDS=12

LOG_CHANNEL=stack
LOG_STACK=single
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=debug

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=crewli
DB_USERNAME=crewli
DB_PASSWORD=secret

SESSION_DRIVER=database
SESSION_LIFETIME=120
SESSION_ENCRYPT=false
SESSION_PATH=/
# In production, use: SESSION_DOMAIN=.crewli.app
SESSION_DOMAIN=localhost

BROADCAST_CONNECTION=log
FILESYSTEM_DISK=local
QUEUE_CONNECTION=redis

CACHE_STORE=redis

REDIS_CLIENT=phpredis
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

# Mail — Local development (Mailpit)
MAIL_MAILER=smtp
MAIL_HOST=127.0.0.1
MAIL_PORT=1025
MAIL_USERNAME=null
MAIL_PASSWORD=null
MAIL_ENCRYPTION=null
# App / transactional mail: use crewli.app. (crewli.nl = future marketing site only, not this stack.)
MAIL_FROM_ADDRESS="noreply@crewli.app"
MAIL_FROM_NAME="${APP_NAME}"

# --- Production mail: Amazon SES — uncomment and configure:
# MAIL_MAILER=ses
# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# AWS_DEFAULT_REGION=eu-west-1

# CORS + Sanctum — SPA origins (no trailing slash; must match the browser URL)
FRONTEND_APP_URL=http://localhost:5174
FRONTEND_PORTAL_URL=http://localhost:5175
SANCTUM_STATEFUL_DOMAINS=localhost:5174,localhost:5175

# --- Production (crewli.app) — uncomment and adjust hostnames:
# APP_URL=https://api.crewli.app
# FRONTEND_APP_URL=https://crewli.app
# FRONTEND_PORTAL_URL=https://portal.crewli.app
# SANCTUM_STATEFUL_DOMAINS=crewli.app,portal.crewli.app

# Laravel Telescope — dev-only debugging dashboard at /telescope.
# Flip to true in your local .env. Production MUST keep this false;
# the three-layer safety (composer dont-discover + AppServiceProvider
# env-gate + this flag) keeps Telescope out even if one layer is
# breached. See /dev-docs/TELESCOPE.md.
TELESCOPE_ENABLED=false