# Rails Configuration SECRET_KEY_BASE=generate-with-bin-rails-secret RAILS_ENV=development # Database # SQLite database files are stored in the storage/ directory # In production with Docker, mount this as a persistent volume # SMTP Configuration (for sending emails) SMTP_ADDRESS=smtp.example.com SMTP_PORT=587 SMTP_DOMAIN=example.com SMTP_USERNAME=your-username SMTP_PASSWORD=your-password SMTP_AUTHENTICATION=plain SMTP_ENABLE_STARTTLS=true # Application Configuration CLINCH_HOST=http://localhost:3000 CLINCH_FROM_EMAIL=noreply@example.com # WebAuthn / Passkey Configuration # Required for passkeys to work in production (HTTPS required) # # CLINCH_RP_ID is the Relying Party Identifier - the domain that owns the passkeys # - If your site is auth.example.com, use either "auth.example.com" or "example.com" # - Using parent domain (e.g., "example.com") allows passkeys to work across all subdomains # - Using subdomain (e.g., "auth.example.com") restricts passkeys to that specific subdomain # # CLINCH_RP_NAME is shown to users when creating/using passkeys # # Examples: # For https://auth.example.com: # CLINCH_HOST=https://auth.example.com # CLINCH_RP_ID=example.com # CLINCH_RP_NAME="Example Company" # # For https://sso.mycompany.com: # CLINCH_HOST=https://sso.mycompany.com # CLINCH_RP_ID=mycompany.com # CLINCH_RP_NAME="My Company Identity" # CLINCH_RP_ID=localhost CLINCH_RP_NAME="Clinch Identity Provider" # DNS Rebinding Protection Configuration # Set to service name (e.g., 'clinch') if running in same Docker compose as Caddy CLINCH_DOCKER_SERVICE_NAME= # Allow internal IP access for cross-compose deployments (true/false) CLINCH_ALLOW_INTERNAL_IPS=true # Allow localhost access for development (true/false) CLINCH_ALLOW_LOCALHOST=true # OIDC Configuration # RSA private key for signing ID tokens (JWT) # Generate with: openssl genrsa 2048 # Important: Generate once and keep the same key across deployments # If you change this key, all existing OIDC sessions will be invalidated # OIDC_PRIVATE_KEY="-----BEGIN RSA PRIVATE KEY----- # MIIEpAIBAAKCAQEAyZ0qaICMiLVWSFs+ef9Xok3fzy0p6k/7D5TQzmxf... # ...your key content here... # -----END RSA PRIVATE KEY-----" # Optional: Force SSL in production # FORCE_SSL=true # Optional: Set custom port # PORT=9000 # Sentry Configuration (Optional) # Enable error tracking and performance monitoring # Leave SENTRY_DSN empty to disable Sentry completely # # Production: Get your DSN from https://sentry.io/settings/projects/ # SENTRY_DSN=https://your-dsn@sentry.io/project-id # # Optional: Override Sentry environment (defaults to Rails.env) # SENTRY_ENVIRONMENT=production # # Optional: Override Sentry release (defaults to Git commit hash) # SENTRY_RELEASE=v1.0.0 # # Optional: Performance monitoring sample rate (0.0 to 1.0, default 0.2) # Higher values provide more data but cost more # SENTRY_TRACES_SAMPLE_RATE=0.2 # # Optional: Continuous profiling sample rate (0.0 to 1.0, default 0.0) # Very resource intensive, only enable for performance investigations # SENTRY_PROFILES_SAMPLE_RATE=0.0 # # Development: Enable Sentry in development for testing # SENTRY_ENABLED_IN_DEVELOPMENT=true