mosaic/stack
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases 2 Wiki Activity
Files
f29eea429f9c37c1797f93589a9fddbe5742e02f
stack/apps/api/.env.example
Jason Woltje 06de72a355 fix(#338): Implement proper system admin role separate from workspace ownership 
- Replace workspace ownership check with explicit SYSTEM_ADMIN_IDS env var
- System admin access is now explicit and configurable via environment
- Workspace owners no longer automatically get system admin privileges
- Add 15 unit tests verifying security separation
- Add SYSTEM_ADMIN_IDS documentation to .env.example

Refs #338

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 16:44:50 -06:00

41 lines
1.8 KiB
Plaintext
Raw Blame History

# Database
DATABASE_URL=postgresql://user:password@localhost:5432/database
# System Administration
# Comma-separated list of user IDs that have system administrator privileges
# These users can perform system-level operations across all workspaces
# Note: Workspace ownership does NOT grant system admin access
# SYSTEM_ADMIN_IDS=uuid1,uuid2,uuid3
# Federation Instance Identity
# Display name for this Mosaic instance
INSTANCE_NAME=Mosaic Instance
# Publicly accessible URL for federation (must be valid HTTP/HTTPS URL)
INSTANCE_URL=http://localhost:3000
# Encryption (AES-256-GCM for sensitive data at rest)
# CRITICAL: Generate a secure random key for production!
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
ENCRYPTION_KEY=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef
# CSRF Protection (Required in production)
# Secret key for HMAC binding CSRF tokens to user sessions
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
# In development, a random key is generated if not set
CSRF_SECRET=fedcba9876543210fedcba9876543210fedcba9876543210fedcba9876543210
# OpenTelemetry Configuration
# Enable/disable OpenTelemetry tracing (default: true)
OTEL_ENABLED=true
# Service name for telemetry (default: mosaic-api)
OTEL_SERVICE_NAME=mosaic-api
# OTLP exporter endpoint (default: http://localhost:4318/v1/traces)
OTEL_EXPORTER_OTLP_ENDPOINT=http://localhost:4318/v1/traces
# Alternative: Jaeger endpoint (legacy)
# OTEL_EXPORTER_JAEGER_ENDPOINT=http://localhost:4318/v1/traces
# Deployment environment (default: development, or uses NODE_ENV)
# OTEL_DEPLOYMENT_ENVIRONMENT=production
# Trace sampling ratio: 0.0 (none) to 1.0 (all) - default: 1.0
# Use lower values in high-traffic production environments
# OTEL_TRACES_SAMPLER_ARG=1.0
Reference in New Issue View Git Blame Copy Permalink