# Required: random secret used to salt IP hashes and sign sessions
# Generate with: openssl rand -hex 32
SECRET_KEY=replace_me_with_a_random_secret

# WebAuthn / YubiKey configuration
# rpID must match the domain your site is served from (no scheme, no port)
WEBAUTHN_RP_ID=hiddenden.cafe
# Full origin including scheme (and port if non-standard)
WEBAUTHN_ORIGIN=https://hiddenden.cafe
# Human-readable name shown in the YubiKey prompt
WEBAUTHN_RP_NAME=Cozy Den

# Database path (Docker mounts /data as a named volume)
DB_PATH=/data/guestbook.db

# Server binding
HOST=0.0.0.0
PORT=3000

# --- Development overrides ---
# For local dev (npm run dev), override with:
# WEBAUTHN_RP_ID=localhost
# WEBAUTHN_ORIGIN=http://localhost:4321
# DB_PATH=./data/guestbook.db