fix: use working dev defaults in .env.example

- POSTGRES_PASSWORD and DB URLs now match what docker-compose.override.yml and init-postgres.sql actually use (postgres/postgres, app_password) - CREDENTIAL_ENCRYPTION_KEY is now valid base64 (32 bytes) so the API actually starts instead of crashing on the Pydantic validator - JWT_SECRET_KEY is a dev-only value (insecure defaults check skips dev) - Added quick-start comment block with login credentials Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-09 20:46:33 -05:00
parent 8949a36454
commit 9510e56ced
1 changed files with 17 additions and 7 deletions
--- a/.env.example
+++ b/.env.example
@@ -1,5 +1,12 @@
 # .env.example -- Copy to .env for development, .env.prod for production
 # DO NOT commit .env or .env.prod to git
+#
+# Quick start:
+#   cp .env.example .env
+#   docker compose --profile full build api && docker compose --profile full build poller && docker compose --profile full build frontend
+#   docker compose --profile full up -d
+#   open http://localhost:3000
+#   Login: admin@mikrotik-portal.dev / changeme-in-production

 # Environment (dev | staging | production)
 ENVIRONMENT=dev
@@ -9,10 +16,10 @@ DEBUG=true
 # Database
 POSTGRES_DB=mikrotik
 POSTGRES_USER=postgres
-POSTGRES_PASSWORD=CHANGE_ME_IN_PRODUCTION
-DATABASE_URL=postgresql+asyncpg://postgres:CHANGE_ME_IN_PRODUCTION@postgres:5432/mikrotik
-SYNC_DATABASE_URL=postgresql+psycopg2://postgres:CHANGE_ME_IN_PRODUCTION@postgres:5432/mikrotik
-APP_USER_DATABASE_URL=postgresql+asyncpg://app_user:CHANGE_ME_IN_PRODUCTION@postgres:5432/mikrotik
+POSTGRES_PASSWORD=postgres
+DATABASE_URL=postgresql+asyncpg://postgres:postgres@postgres:5432/mikrotik
+SYNC_DATABASE_URL=postgresql+psycopg2://postgres:postgres@postgres:5432/mikrotik
+APP_USER_DATABASE_URL=postgresql+asyncpg://app_user:app_password@postgres:5432/mikrotik

 # Poller database (different role, no RLS)
 POLLER_DATABASE_URL=postgres://poller_user:poller_password@postgres:5432/mikrotik
@@ -23,9 +30,12 @@ REDIS_URL=redis://redis:6379/0
 # NATS
 NATS_URL=nats://nats:4222

-# Security
-JWT_SECRET_KEY=CHANGE_ME_IN_PRODUCTION
-CREDENTIAL_ENCRYPTION_KEY=CHANGE_ME_IN_PRODUCTION
+# Security — these dev defaults work out of the box.
+# For production, generate unique values:
+#   JWT:    python3 -c "import secrets; print(secrets.token_urlsafe(64))"
+#   Fernet: python3 -c "import secrets, base64; print(base64.b64encode(secrets.token_bytes(32)).decode())"
+JWT_SECRET_KEY=dev-jwt-secret-do-not-use-in-production-replace-me
+CREDENTIAL_ENCRYPTION_KEY=LLLjnfBZTSycvL2U07HDSxUeTtLxb9cZzryQl0R9E4w=

 # First admin bootstrap (dev only)
 FIRST_ADMIN_EMAIL=admin@mikrotik-portal.dev