stack/docker/server/.env
Bilal Godil 178b5c5a8c chore: rename STACK_* env vars to HEXCLAVE_* in env templates, with legacy dual-read
Renames every STACK_*-prefixed variable (including NEXT_PUBLIC_STACK_*) to
HEXCLAVE_* across all checked-in .env, .env.development, and .env.example
files, completing the env-var side of the Hexclave rebrand. Legacy STACK_*
names keep working everywhere so existing deployments, .env.local files, and
self-hosted setups don't need immediate migration:

- getEnvVariable already prefers HEXCLAVE_* with STACK_* fallback; fix it to
  treat empty-string values as unset so the empty HEXCLAVE_* placeholders in
  the checked-in templates can't shadow a real value under the legacy name.
- Apply the same empty-as-unset rule (|| instead of ??) to all literal
  process.env dual-reads (dashboard inline env, docs, examples, CLI) and to
  the generated SDK env getter chains via packages/template generate-env.ts.
- Add explicit HEXCLAVE_* || STACK_* dual-reads to direct process.env readers
  fed by the renamed files: prisma seed, e2e tests/helpers, internal-tool
  scripts and app, demo/convex examples.
- docker/server/entrypoint.sh: add a generic two-way HEXCLAVE_/STACK_ env
  mirror (run at startup and again before sentinel replacement), replacing the
  previous URL-trio-only mirror; accept legacy NEXT_PUBLIC_STACK_PORT_PREFIX;
  rotate-secrets.sh falls back to HEXCLAVE_DATABASE_CONNECTION_STRING.
- e2e cross-domain-auth and the internal-feedback-emails in-source test now
  override the canonical HEXCLAVE_* names (the legacy override would be
  shadowed by the renamed env files).
- docs/code-examples snippets renamed outright to the canonical names.
2026-06-11 16:23:50 -07:00

43 lines
2.2 KiB
Bash

NEXT_PUBLIC_HEXCLAVE_API_URL=# https://your-backend-domain.com
NEXT_PUBLIC_HEXCLAVE_DASHBOARD_URL=# https://your-dashboard-domain.com, this will be added as a trusted domain by the seed script
HEXCLAVE_DATABASE_CONNECTION_STRING=# postgres connection string
HEXCLAVE_SERVER_SECRET=# a 32 bytes base64url encoded random string, used for JWT encryption. can be generated with `pnpm generate-keys`
# seed script settings
HEXCLAVE_SEED_INTERNAL_PROJECT_SIGN_UP_ENABLED=# true to enable user sign up to the dashboard when seeding
HEXCLAVE_SEED_INTERNAL_PROJECT_OTP_ENABLED=# true to add OTP auth to the dashboard when seeding
HEXCLAVE_SEED_INTERNAL_PROJECT_ALLOW_LOCALHOST=# true to allow running dashboard on the localhost, set this to true only in development
HEXCLAVE_SEED_INTERNAL_PROJECT_OAUTH_PROVIDERS=# list of oauth providers to add to the dashboard when seeding, separated by comma, for example "github,google,facebook"
HEXCLAVE_SEED_INTERNAL_PROJECT_USER_EMAIL=# default user added to the dashboard
HEXCLAVE_SEED_INTERNAL_PROJECT_USER_PASSWORD=# default user's password, paired with HEXCLAVE_SEED_INTERNAL_PROJECT_USER_EMAIL
HEXCLAVE_SEED_INTERNAL_PROJECT_USER_INTERNAL_ACCESS=# if the default user has access to the internal dashboard project
HEXCLAVE_SEED_INTERNAL_PROJECT_USER_GITHUB_ID=# add github oauth id to the default user
# Set these if you want to use any email functionality
HEXCLAVE_EMAILABLE_API_KEY=disable_email_validation
HEXCLAVE_EMAIL_HOST=
HEXCLAVE_EMAIL_PORT=
HEXCLAVE_EMAIL_USERNAME=
HEXCLAVE_EMAIL_PASSWORD=
HEXCLAVE_EMAIL_SENDER=
# Set these if you want to use webhooks
HEXCLAVE_SVIX_SERVER_URL=# this is only needed if you self-host the Svix service
NEXT_PUBLIC_HEXCLAVE_SVIX_SERVER_URL=# this is only needed if you are using docker compose and the external and internal urls are different. This is the external url for the Svix service.
HEXCLAVE_SVIX_API_KEY=
HEXCLAVE_OPENROUTER_API_KEY=# enter your OpenRouter API key for AI features
HEXCLAVE_SKIP_SEED_SCRIPT=# true to skip the seed script
HEXCLAVE_S3_ENDPOINT=
HEXCLAVE_S3_REGION=
HEXCLAVE_S3_ACCESS_KEY_ID=
HEXCLAVE_S3_SECRET_ACCESS_KEY=
HEXCLAVE_S3_BUCKET=
HEXCLAVE_S3_PRIVATE_BUCKET=
HEXCLAVE_FREESTYLE_API_KEY=# enter your freestyle.sh api key