# Database
POSTGRES_USER=umbra
POSTGRES_PASSWORD=changeme_in_production
POSTGRES_DB=umbra

# Backend
DATABASE_URL=postgresql+asyncpg://umbra:changeme_in_production@db:5432/umbra
SECRET_KEY=change-this-to-a-random-secret-key-in-production

# Environment (development|production — controls Swagger/ReDoc visibility)
# ENVIRONMENT=development

# CORS allowed origins (comma-separated, default: http://localhost:5173)
# CORS_ORIGINS=http://localhost:5173

# Timezone (applied to backend + db containers via env_file)
TZ=Australia/Perth

# Session cookie security
# Set to true when serving over HTTPS. Required before any TLS deployment.
# COOKIE_SECURE=true

# Integrations
OPENWEATHERMAP_API_KEY=your-openweathermap-api-key

# Production security checklist (enable all before any non-internal deployment):
#   1. Set SECRET_KEY to output of: openssl rand -hex 32
#   2. Set POSTGRES_PASSWORD to a strong unique value
#   3. Set ENVIRONMENT=production (disables Swagger/ReDoc on backend:8000)
#   4. Set COOKIE_SECURE=true (requires TLS termination at nginx or upstream)
#   5. Add HSTS to nginx.conf: add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
#   6. Complete user_id migration (migration 026) before enabling multi-user accounts