# Environment Variables Template # Copy this file to .env and fill in your values # ====================== # ENVIRONMENT # ====================== ENVIRONMENT=development # development, staging, production # ====================== # DATABASE # ====================== DATABASE_URL=postgresql://user:password@localhost:5432/fraud_db # For testing TEST_DATABASE_URL=postgresql://user:password@localhost:5432/test_db # ====================== # SECURITY # ====================== SECRET_KEY=your-secret-key-change-in-production-min-32-chars JWT_SECRET_KEY=your-jwt-secret-key-change-in-production CSRF_SECRET=your-csrf-secret-change-in-production # Session settings SESSION_TIMEOUT_MINUTES=15 ADMIN_SESSION_TIMEOUT_MINUTES=10 # ====================== # REDIS (Optional) # ====================== REDIS_URL=redis://localhost:6379/0 # Leave empty if not using Redis # ====================== # MONITORING & APM # ====================== # Sentry (Error Tracking) SENTRY_DSN= # https://your-sentry-dsn-here SENTRY_ENVIRONMENT=${ENVIRONMENT} SENTRY_TRACES_SAMPLE_RATE=0.1 # Prometheus (Metrics) ENABLE_PROMETHEUS=true # ====================== # CORS # ====================== CORS_ORIGINS=http://localhost:3000,http://localhost:8000,http://127.0.0.1:3000 # Comma-separated list of allowed origins # ====================== # RATE LIMITING # ====================== RATE_LIMIT_PER_MINUTE=60 RATE_LIMIT_PER_HOUR=1000 ADMIN_RATE_LIMIT_PER_MINUTE=30 # ====================== # AUTHENTICATION # ====================== ACCESS_TOKEN_EXPIRE_MINUTES=30 REFRESH_TOKEN_EXPIRE_DAYS=7 MAX_FAILED_LOGIN_ATTEMPTS=5 LOCKOUT_DURATION_MINUTES=15 # OAuth (Optional) # GOOGLE_CLIENT_ID= # GOOGLE_CLIENT_SECRET= # GITHUB_CLIENT_ID= # GITHUB_CLIENT_SECRET= # ====================== # EMAIL (Optional) # ====================== # SMTP_HOST=smtp.gmail.com # SMTP_PORT=587 # SMTP_USER=your-email@gmail.com # SMTP_PASSWORD=your-app-password # EMAIL_FROM=noreply@yourdomain.com # ====================== # STORAGE (Optional) # ====================== # AWS_ACCESS_KEY_ID= # AWS_SECRET_ACCESS_KEY= # AWS_S3_BUCKET=fraud-detection-evidence # AWS_REGION=us-east-1 # ====================== # AI/ML SERVICES # ====================== # ChromaDB Vector Store (Optional - falls back to TF-IDF if not set) CHROMA_DB_URL=http://localhost:8001 # LLM Providers (Optional - for code review and advanced features) OPENAI_API_KEY=sk-your-openai-key ANTHROPIC_API_KEY=sk-ant-your-anthropic-key # Local LLM (Ollama) OLLAMA_HOST=http://localhost:11434 OLLAMA_MODEL=codellama # MLflow Tracking MLFLOW_TRACKING_URI=http://localhost:5000 MLFLOW_EXPERIMENT_NAME=zenith-production # ====================== # CDN CONFIGURATION # ====================== CDN_PROVIDER=cloudfront # Options: cloudfront, cloudflare, generic CDN_BASE_URL=https://your-cdn.cloudfront.net CDN_ENABLE_SIGNING=false CDN_PRIVATE_KEY_PATH=/path/to/private-key.pem CDN_KEY_PAIR_ID=your-key-pair-id # ====================== # EXTERNAL SERVICES # ====================== # OpenAI API (for AI features) # OPENAI_API_KEY= # Twilio (for SMS notifications) # TWILIO_ACCOUNT_SID= # TWILIO_AUTH_TOKEN= # TWILIO_PHONE_NUMBER= # Corporate Registry APIs for UBO tracing OPEN_CORPORATES_API_KEY= ORBIS_API_KEY= # Document Processing TESSERACT_PATH=/usr/local/bin/tesseract # ====================== # FEATURE FLAGS # ====================== ENABLE_MFA=false ENABLE_EMAIL_NOTIFICATIONS=false ENABLE_SMS_NOTIFICATIONS=false ENABLE_WEBSOCKET=true ENABLE_AI_FEATURES=true ENABLE_CHROMA_DB=false ENABLE_MLFLOW_TRACKING=false # ====================== # LOGGING # ====================== LOG_LEVEL=INFO # DEBUG, INFO, WARNING, ERROR, CRITICAL LOG_FILE_PATH=logs/app.log # CloudWatch (Optional) # AWS_CLOUDWATCH_LOG_GROUP=fraud-detection-api # AWS_CLOUDWATCH_LOG_STREAM=${ENVIRONMENT} # ====================== # DEVELOPMENT # ====================== DEBUG=false # Set to true for local development only RELOAD=false # Auto-reload on code changes (development only) # ====================== # CI/CD # ====================== # These are typically set by CI/CD platform # CI=false # GITHUB_ACTIONS=false # BUILD_NUMBER= # COMMIT_SHA=