.env.example

# =============================================================================
# StreamPay Frontend Environment Configuration
# =============================================================================
# 
# SECURITY NOTES:
# - Never commit real credentials to version control
# - Use different secrets for testnet and mainnet
# - CI must use testnet only (enforced by GitHub Actions)
# - JWT_SECRET must be at least 32 characters in production
# - STELLAR_NETWORK is required - no silent fallback to mainnet
#
# =============================================================================
# REQUIRED VARIABLES
# =============================================================================

# Stellar Network Configuration
# Options: testnet, mainnet
# Required: Yes
# Purpose: Selects which Stellar network to use
# Security: CI will fail if set to 'mainnet'
STELLAR_NETWORK=testnet

# JWT Secret for Authentication
# Required: Yes
# Purpose: Signs and verifies JWT tokens for wallet authentication
# Security: Must be at least 32 characters. Do not use default in production.
# Example: Use a secure random string generator
JWT_SECRET=your-super-secret-jwt-key-min-32-chars-change-this

# Node Environment
# Required: No (defaults to development)
# Options: development, production, test
# Purpose: Controls application behavior and optimizations
NODE_ENV=development

# =============================================================================
# OPTIONAL VARIABLES
# =============================================================================

# Service Name
# Required: No (defaults to streampay-frontend)
# Purpose: Identifies service in logs and monitoring
SERVICE_NAME=streampay-frontend

# Internal Auth Token
# Required: No
# Purpose: Token for service-to-service authentication
# Security: Only set for internal service communication
INTERNAL_AUTH_TOKEN=

# Anomaly Detection Thresholds
# Required: No (defaults to 50 and 20)
# Purpose: Configures fraud detection limits
ANOMALY_CREATION_THRESHOLD=50
ANOMALY_SETTLE_THRESHOLD=20

# =============================================================================
# NETWORK PROFILES
# =============================================================================
#
# TESTNET PROFILE:
# - Horizon URL: https://horizon-testnet.stellar.org
# - Passphrase: Test SDF Network ; September 2015
# - Friendbot: Available for funding
# - Explorer: https://stellar.expert/testnet
# - Asset Label: TESTNET (for UI safety)
#
# MAINNET PROFILE:
# - Horizon URL: https://horizon.stellar.org
# - Passphrase: Public Global Stellar Network ; September 2015
# - Friendbot: Not available
# - Explorer: https://stellar.expert
# - Asset Label: (empty)
#
# =============================================================================
# ENVIRONMENT MATRIX
# =============================================================================
#
# Variable              | Testnet | Mainnet | CI | Required
# ---------------------|---------|---------|----|----------
# STELLAR_NETWORK      | testnet | mainnet | testnet only | Yes
# JWT_SECRET           | dev key | prod key | dev key | Yes
# SERVICE_NAME         | optional| optional| optional | No
# INTERNAL_AUTH_TOKEN  | optional| optional| optional | No
# ANOMALY_*_THRESHOLD  | optional| optional| optional | No
#
# =============================================================================
# SETUP INSTRUCTIONS
# =============================================================================
#
# 1. Copy this file to .env.local:
#    cp .env.example .env.local
#
# 2. For local development (testnet):
#    - Set STELLAR_NETWORK=testnet
#    - Set JWT_SECRET to a random string (can be short for dev)
#    - Start with: npm run dev
#
# 3. For production deployment (mainnet):
#    - Set STELLAR_NETWORK=mainnet
#    - Set JWT_SECRET to a secure 32+ character random string
#    - Set NODE_ENV=production
#    - Deploy via your hosting platform
#
# 4. For CI/CD:
#    - CI automatically enforces testnet-only
#    - Set secrets in GitHub Actions or your CI platform
#    - Never use production secrets in CI
#
# =============================================================================
# KMS AND SIGNING STRATEGY
# =============================================================================
#
# Provider: 'aws-kms' (production) or 'local-mock' (development)
KMS_PROVIDER=local-mock

# AWS KMS Configuration (required if provider is 'aws-kms')
KMS_KEY_ID=
KMS_REGION=us-east-1

# Local Mock Configuration
# SECURITY: Never use these in production
STELLAR_MOCK_SECRET=S_MOCK_SECRET_KEY_56_CHARS_LONG_AAAAAAAAAAAAAAAAAAAAAAA

# =============================================================================
# SECURITY CHECKLIST
# =============================================================================
#
# Before deploying to production:
# [ ] STELLAR_NETWORK is set to 'mainnet' (if deploying to mainnet)
# [ ] JWT_SECRET is at least 32 characters
# [ ] JWT_SECRET is NOT the default value
# [ ] NODE_ENV is set to 'production'
# [ ] No testnet secrets are used with mainnet configuration
# [ ] Horizon URL matches the selected network
# [ ] Internal auth tokens are set if using service mesh
# [ ] Anomaly thresholds are appropriate for your traffic
#
# =============================================================================
# TROUBLESHOOTING
# =============================================================================
#
# Error: "STELLAR_NETWORK environment variable is required"
# Fix: Set STELLAR_NETWORK=testnet or STELLAR_NETWORK=mainnet in .env.local
#
# Error: "JWT_SECRET must be at least 32 characters"
# Fix: Generate a longer secret using: openssl rand -base64 32
#
# Error: "CI environment detected with mainnet network configuration"
# Fix: CI is restricted to testnet. Use testnet in CI or deploy manually.
#
# Error: "Production environment cannot use default JWT_SECRET"
# Fix: Set a custom JWT_SECRET when NODE_ENV=production
#