# Environment Variables AuthentiKate is configured through environment variables. This page covers all available configuration options. ## Core Application Settings ### APP_URL **Required** - The URL where AuthentiKate is accessible. ```bash APP_URL=https://auth.yourdomain.com ``` ::: warning This URL must match exactly how users access AuthentiKate. OAuth redirects and JWT tokens depend on this value. ::: ### APP_ENV **Default**: `production` ```bash APP_ENV=production # or 'local' for development ``` ### APP_DEBUG **Default**: `false` ```bash APP_DEBUG=false # Set to 'true' only for debugging ``` ::: danger Never set `APP_DEBUG=true` in production as it exposes sensitive information. ::: ### APP_KEY **Auto-generated** - Laravel application key for encryption. ```bash APP_KEY=base64:generated-key-here ``` The key is automatically generated on first run. Do not change this after deployment as it will invalidate existing sessions and tokens. ## Database Configuration ### SQLite (Default) ```bash DB_CONNECTION=sqlite DB_DATABASE=/var/www/html/storage/database/database.sqlite ``` ### PostgreSQL ```bash DB_CONNECTION=pgsql DB_HOST=postgres DB_PORT=5432 DB_DATABASE=authentikate DB_USERNAME=authentikate DB_PASSWORD=secure_password ``` ### MySQL/MariaDB ```bash DB_CONNECTION=mysql DB_HOST=mysql DB_PORT=3306 DB_DATABASE=authentikate DB_USERNAME=authentikate DB_PASSWORD=secure_password ``` ## Email Configuration Email is used for user invitations, password resets, and verification. ### SMTP ```bash MAIL_MAILER=smtp MAIL_HOST=smtp.gmail.com MAIL_PORT=587 MAIL_USERNAME=your-email@gmail.com MAIL_PASSWORD=your-app-password MAIL_ENCRYPTION=tls MAIL_FROM_ADDRESS=auth@yourdomain.com MAIL_FROM_NAME="AuthentiKate" ``` ### Common SMTP Providers #### Gmail ```bash MAIL_MAILER=smtp MAIL_HOST=smtp.gmail.com MAIL_PORT=587 MAIL_USERNAME=your-email@gmail.com MAIL_PASSWORD=your-app-password # Use App Password, not regular password MAIL_ENCRYPTION=tls ``` #### Outlook/Hotmail ```bash MAIL_MAILER=smtp MAIL_HOST=smtp-mail.outlook.com MAIL_PORT=587 MAIL_USERNAME=your-email@outlook.com MAIL_PASSWORD=your-password MAIL_ENCRYPTION=tls ``` #### SendGrid ```bash MAIL_MAILER=smtp MAIL_HOST=smtp.sendgrid.net MAIL_PORT=587 MAIL_USERNAME=apikey MAIL_PASSWORD=your-sendgrid-api-key MAIL_ENCRYPTION=tls ``` #### Mailgun ```bash MAIL_MAILER=smtp MAIL_HOST=smtp.mailgun.org MAIL_PORT=587 MAIL_USERNAME=your-mailgun-username MAIL_PASSWORD=your-mailgun-password MAIL_ENCRYPTION=tls ``` ### Disable Email ```bash MAIL_MAILER=log # Emails will be written to logs instead of sent ``` ## Cache Configuration ### Redis (Recommended for Production) ```bash CACHE_DRIVER=redis REDIS_HOST=redis REDIS_PORT=6379 REDIS_PASSWORD=your-redis-password ``` ### File Cache (Default) ```bash CACHE_DRIVER=file ``` ### Database Cache ```bash CACHE_DRIVER=database ``` ## Session Configuration ### Redis Sessions (Recommended for Production) ```bash SESSION_DRIVER=redis SESSION_LIFETIME=120 # Minutes ``` ### File Sessions (Default) ```bash SESSION_DRIVER=file SESSION_LIFETIME=120 ``` ### Database Sessions ```bash SESSION_DRIVER=database ``` ## Security Settings ### SSL/HTTPS ```bash # Force HTTPS redirects FORCE_HTTPS=true # Set secure cookie settings SESSION_SECURE_COOKIE=true SANCTUM_STATEFUL_DOMAINS=auth.yourdomain.com ``` ### CORS Configuration ```bash # Allow CORS for your domains CORS_ALLOWED_ORIGINS=https://yourdomain.com,https://app.yourdomain.com ``` ## Logging ### Log Level ```bash LOG_LEVEL=info # debug, info, notice, warning, error, critical, alert, emergency ``` ### Log Channel ```bash LOG_CHANNEL=stack # single, daily, slack, syslog, errorlog ``` ### Daily Log Rotation ```bash LOG_CHANNEL=daily LOG_DAILY_DAYS=14 # Keep logs for 14 days ``` ## Queue Configuration For background job processing: ### Redis Queue ```bash QUEUE_CONNECTION=redis ``` ### Database Queue ```bash QUEUE_CONNECTION=database ``` ### Sync Queue (Default) ```bash QUEUE_CONNECTION=sync # Process jobs immediately ``` ## OAuth/OIDC Settings ### Token Lifetimes ```bash # Access token lifetime (in minutes) OAUTH_ACCESS_TOKEN_LIFETIME=60 # Refresh token lifetime (in days) OAUTH_REFRESH_TOKEN_LIFETIME=30 # Authorization code lifetime (in minutes) OAUTH_AUTHORIZATION_CODE_LIFETIME=10 ``` ### JWT Configuration ```bash # JWT algorithm (default: RS256) JWT_ALGORITHM=RS256 # Key paths (automatically set) OAUTH_PRIVATE_KEY_PATH=storage/oauth/private.pem OAUTH_PUBLIC_KEY_PATH=storage/oauth/public.pem ``` ## Performance Settings ### PHP Configuration ```bash # Memory limit PHP_MEMORY_LIMIT=256M # Upload limits PHP_UPLOAD_MAX_FILESIZE=10M PHP_POST_MAX_SIZE=10M # Execution time PHP_MAX_EXECUTION_TIME=300 ``` ### Application Optimization ```bash # Enable optimizations for production APP_OPTIMIZE=true # Cache configuration CONFIG_CACHE=true ROUTE_CACHE=true VIEW_CACHE=true ``` ## Development Settings These should only be used in development environments: ```bash APP_ENV=local APP_DEBUG=true LOG_LEVEL=debug # Disable HTTPS for local development FORCE_HTTPS=false SESSION_SECURE_COOKIE=false ``` ## Complete Production Example Here's a complete environment configuration for production: ```bash # Application APP_ENV=production APP_DEBUG=false APP_URL=https://auth.yourdomain.com FORCE_HTTPS=true # Database DB_CONNECTION=pgsql DB_HOST=postgres DB_DATABASE=authentikate DB_USERNAME=authentikate DB_PASSWORD=secure_database_password # Email MAIL_MAILER=smtp MAIL_HOST=smtp.gmail.com MAIL_PORT=587 MAIL_USERNAME=auth@yourdomain.com MAIL_PASSWORD=gmail_app_password MAIL_ENCRYPTION=tls MAIL_FROM_ADDRESS=auth@yourdomain.com MAIL_FROM_NAME="Your Company Auth" # Cache & Sessions CACHE_DRIVER=redis SESSION_DRIVER=redis REDIS_HOST=redis REDIS_PASSWORD=secure_redis_password # Security SESSION_SECURE_COOKIE=true SESSION_LIFETIME=120 SANCTUM_STATEFUL_DOMAINS=yourdomain.com # Performance LOG_LEVEL=warning LOG_CHANNEL=daily LOG_DAILY_DAYS=30 ``` ## Docker Compose Integration Add environment variables to your `docker-compose.yml`: ```yaml services: authentikate: image: authentikate/authentikate:latest environment: - APP_URL=https://auth.yourdomain.com - APP_ENV=production - DB_CONNECTION=pgsql - DB_HOST=postgres - MAIL_MAILER=smtp - MAIL_HOST=smtp.gmail.com # ... other variables env_file: - .env # Or load from file ``` ## Environment File Create a `.env` file for easier management: ```bash # Create environment file cat > .env << 'EOF' APP_URL=https://auth.yourdomain.com APP_ENV=production DB_CONNECTION=pgsql # ... other settings EOF # Reference in docker-compose.yml services: authentikate: env_file: .env ``` ::: tip Keep your `.env` file secure and never commit it to version control. :::