# The .env configuration file # Please DO NOT share this file, it contains confidential data. # All variables are specified according to this rule: # DESCRIPTION - information about what the variable is responsible for # TYPE - the type of the variable (string, boolean, etc.) # Any additional information # SOME_ENV_CODE=data - default data. If specified, then the variable is optional # General # The path to save the data. # string # (optional) # Saving logs (if the full path is not specified), # databases (if Sqlite) and other data that should be saved in a place other than the place where the program is launched. # REQUIRED if the application is inside the container # If you want to change this value, you need to change the values in Settings.json and move the file itself to the desired location. PATH_TO_SAVE= # Security # JWT signature token # string (UTF8) # This token will be used to create and verify the signature of JWT tokens. # The token must be equal to 64 characters SECURITY_SIGNING_TOKEN= # Token for JWT encryption # string (UTF8) # This token will be used to encrypt and decrypt JWT tokens. # The token must be equal to 32 characters SECURITY_ENCRYPTION_TOKEN= # Time in minutes, which indicates after which time the Refresh Token will become invalid # integer # The token indicates how long after the user is inactive, he will need to log in again SECURITY_LIFE_TIME_RT=1440 # The time in a minute, which indicates that this is exactly what it takes to become a non-state # integer # Do not specify a time that is too long or too short. Optimally 5 > x > 60 SECURITY_LIFE_TIME_JWT=15 # Time in minutes, which indicates after which time the token of the first factor will become invalid # integer # Do not specify a short time. The user must be able to log in using the second factor SECURITY_LIFE_TIME_1_FA=15 # An identifier that points to the server that created the token # string SECURITY_JWT_ISSUER= # ID of the audience for which the token is intended # string SECURITY_JWT_AUDIENCE= ### Hashing # In order to set up hashing correctly, you need to start from the security requirements # You can use the settings that were used in https://github.com/P-H-C/phc-winner-argon2 # These parameters have a STRONG impact on performance # When testing the system, these values were used: # 10 <= SECURITY_HASH_ITERATION <= 25 iterations # 16384 <= SECURITY_HASH_MEMORY <= 32768 KB # 4 <= SECURITY_HASH_PARALLELISM <= 8 lines # If we take all the large values, it will take a little more than 1 second to get the hash. If this time is critical, reduce the parameters # The number of iterations used to hash passwords in the Argon2 algorithm # integer # This parameter determines the number of iterations that the Argon2 algorithm goes through when hashing passwords. # Increasing this value can improve security by increasing the time it takes to calculate the password hash. # The average number of iterations to increase the security level should be set to at least 10. SECURITY_HASH_ITERATION= # The amount of memory used to hash passwords in the Argon2 algorithm # integer # 65536 # This parameter determines the number of kilobytes of memory that will be used for the password hashing process. # Increasing this value may increase security, but it may also require more system resources. SECURITY_HASH_MEMORY= # Parallelism determines how many of the memory fragments divided into strips will be used to generate a hash # integer # This value affects the hash itself, but can be changed to achieve an ideal execution time, taking into account the processor and the number of cores. SECURITY_HASH_PARALLELISM= # The size of the output hash generated by the password hashing algorithm # integer SECURITY_HASH_SIZE=32 # Additional protection for Argon2 # string (BASE64) # (optional) # We recommend installing a token so that even if the data is compromised, an attacker cannot brute force a password without a token SECURITY_HASH_TOKEN= # The size of the salt used to hash passwords # integer # The salt is a random value added to the password before hashing to prevent the use of rainbow hash tables and other attacks. SECURITY_SALT_SIZE=16