Kyle Pope
57d400c6de
- .env.example: Add WEBAUTHN_RP_ID, WEBAUTHN_RP_NAME, WEBAUTHN_ORIGIN, ENVIRONMENT, and UMBRA_URL with documentation comments - README.md: Full rewrite — remove outdated PIN/bcrypt references, document current auth stack (Argon2id + TOTP + passkeys), all 17 API route groups, security features, and Docker deployment Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
15 lines
548 B
Plaintext
15 lines
548 B
Plaintext
DATABASE_URL=postgresql+asyncpg://postgres:postgres@localhost:5432/umbra
|
|
SECRET_KEY=your-secret-key-change-in-production
|
|
ENVIRONMENT=development
|
|
|
|
# Public-facing URL (used for ntfy click links, CORS derivation)
|
|
UMBRA_URL=http://localhost
|
|
|
|
# WebAuthn / Passkey authentication
|
|
# RP_ID must be the eTLD+1 domain of the live site (e.g. umbra.ghost6.xyz)
|
|
# ORIGIN must include the scheme (https://)
|
|
# These defaults work for local development; override in production .env
|
|
WEBAUTHN_RP_ID=localhost
|
|
WEBAUTHN_RP_NAME=UMBRA
|
|
WEBAUTHN_ORIGIN=http://localhost
|