Environment Variables - Anthony-Bible/password-exchange GitHub Wiki
Environment Variables Reference
This document provides a comprehensive reference for all environment variables used by the Password Exchange application.
Configuration Overview
All application configuration uses environment variables with the PASSWORDEXCHANGE_ prefix. Configuration values are loaded in this priority order:
- Config file (
config.yaml) - Environment variables (
PASSWORDEXCHANGE_*) - CLI flags (reminder command only)
Required Configuration
These parameters are mandatory - the application will not start without them:
Database Connection
| Variable | Description | Example |
|---|---|---|
PASSWORDEXCHANGE_DBHOST |
Database server hostname/IP | localhost, mysql.example.com |
PASSWORDEXCHANGE_DBUSER |
Database username | passwordexchange |
PASSWORDEXCHANGE_DBPASS |
Database password | secure_password |
PASSWORDEXCHANGE_DBNAME |
Database name | passwordexchange |
PASSWORDEXCHANGE_DBPORT |
Database port | 3306 |
Email Service (Required for Reminders)
| Variable | Description | Example |
|---|---|---|
PASSWORDEXCHANGE_EMAILHOST |
SMTP server hostname | smtp.gmail.com, email-smtp.us-west-2.amazonaws.com |
PASSWORDEXCHANGE_EMAILUSER |
SMTP username | [email protected] |
PASSWORDEXCHANGE_EMAILPASS |
SMTP password | app_password |
PASSWORDEXCHANGE_EMAILFROM |
From email address | Password Exchange <[email protected]> |
PASSWORDEXCHANGE_EMAILPORT |
SMTP port | 587, 465 |
RabbitMQ (Required for Email Notifications)
| Variable | Description | Example |
|---|---|---|
PASSWORDEXCHANGE_RABHOST |
RabbitMQ server hostname | localhost, rabbitmq.example.com |
PASSWORDEXCHANGE_RABUSER |
RabbitMQ username | guest, notifications |
PASSWORDEXCHANGE_RABPASS |
RabbitMQ password | guest, secure_password |
PASSWORDEXCHANGE_RABQNAME |
Queue name for notifications | email_notifications |
PASSWORDEXCHANGE_RABPORT |
RabbitMQ port | 5672 |
Service URLs
| Variable | Description | Example |
|---|---|---|
PASSWORDEXCHANGE_PRODHOST |
Production web host URL | https://password.exchange |
PASSWORDEXCHANGE_DEVHOST |
Development web host URL | http://localhost:8080 |
PASSWORDEXCHANGE_ENCRYPTIONPRODSERVICE |
Production encryption service | encryption-service:50051 |
PASSWORDEXCHANGE_DATABASEPRODSERVICE |
Production database service | database-service:50051 |
PASSWORDEXCHANGE_ENCRYPTIONDEVSERVICE |
Development encryption service | localhost:50051 |
PASSWORDEXCHANGE_DATABASEDEVSERVICE |
Development database service | localhost:50052 |
PASSWORDEXCHANGE_RUNNINGENVIRONMENT |
Environment mode | dev, prod |
Optional Configuration
These parameters have sensible defaults and are optional:
Logging
| Variable | Default | Description | Valid Values |
|---|---|---|---|
PASSWORDEXCHANGE_LOGLEVEL |
info |
Application log level | debug, info, warn, error |
Message Defaults
| Variable | Default | Description | Range |
|---|---|---|---|
PASSWORDEXCHANGE_DEFAULTMAXVIEWCOUNT |
5 |
Default max views per message | 1-100 |
Reminder System
| Variable | Default | Description | Range |
|---|---|---|---|
PASSWORDEXCHANGE_REMINDER_ENABLED |
true |
Enable/disable reminder system | true, false |
PASSWORDEXCHANGE_REMINDER_CHECKAFTERHOURS |
24 |
Hours before first reminder | 1-8760 (1 hour to 1 year) |
PASSWORDEXCHANGE_REMINDER_MAXREMINDERS |
3 |
Max reminders per message | 1-10 |
PASSWORDEXCHANGE_REMINDER_REMINDERINTERVAL |
24 |
Hours between reminders | 1-720 (1 hour to 30 days) |
Slackbot Configuration
For Slack integration (optional component):
OAuth Database
| Variable | Description |
|---|---|
OAUTHDB_PASSWORD |
Database password for OAuth setup |
OAUTHDB_USER |
Database username for OAuth setup |
OAUTHDB_NAME |
Database name for OAuth setup |
Slack API
| Variable | Description | Location in Slack |
|---|---|---|
SLACK_SIGNING_SECRET |
Slack signing secret | App Settings > Basic Information |
SLACK_BOT_TOKEN |
Bot user OAuth token | OAuth & Permissions |
SLACK_CLIENT_ID |
App client ID | App Settings > Basic Information |
SLACK_CLIENT_SECRET |
App client secret | App Settings > Basic Information |
Legacy/Deprecated Variables
These variables may still be referenced but are deprecated:
| Variable | Status | Replacement |
|---|---|---|
PASSWORDEXCHANGE_HOST |
Deprecated | Use PASSWORDEXCHANGE_PRODHOST and PASSWORDEXCHANGE_DEVHOST |
PASSWORDEXCHANGE_ENCRYPTIONSERVICE |
Deprecated | Use environment-specific service URLs |
PASSWORDEXCHANGE_DATABASESERVICE |
Deprecated | Use environment-specific service URLs |
PASSWORDEXCHANGE_HCAPTCHA_SECRET |
Removed | No longer used |
PASSWORDEXCHANGE_HCAPTCHA_SITEKEY |
Removed | No longer used |
DELETEMESSAGES_PASS |
Deprecated | Handled by service account |
DELETEMESSAGES_USER |
Deprecated | Handled by service account |
Validation Rules
The application validates configuration at startup:
String Parameters
- Non-empty: Required fields cannot be empty
- Email format: RFC 5322 compliant validation
- URL format: Valid URL structure for service endpoints
Numeric Parameters
- Port range: 1-65535 for all port numbers
- Hour ranges: Enforced for reminder timing (e.g., 1-8760 for check hours)
- Count limits: Enforced for view counts and reminder limits
Environment-Specific
- Development: More lenient validation, allows localhost URLs
- Production: Stricter validation, requires HTTPS for external URLs
Configuration Examples
Minimal Development Setup
# Database
export PASSWORDEXCHANGE_DBHOST=localhost
export PASSWORDEXCHANGE_DBUSER=root
export PASSWORDEXCHANGE_DBPASS=password
export PASSWORDEXCHANGE_DBNAME=passwordexchange
export PASSWORDEXCHANGE_DBPORT=3306
# Email (using Gmail)
export PASSWORDEXCHANGE_EMAILHOST=smtp.gmail.com
export [email protected]
export PASSWORDEXCHANGE_EMAILPASS=your-app-password
export PASSWORDEXCHANGE_EMAILFROM="Password Exchange <[email protected]>"
export PASSWORDEXCHANGE_EMAILPORT=587
# RabbitMQ
export PASSWORDEXCHANGE_RABHOST=localhost
export PASSWORDEXCHANGE_RABUSER=guest
export PASSWORDEXCHANGE_RABPASS=guest
export PASSWORDEXCHANGE_RABQNAME=email_notifications
export PASSWORDEXCHANGE_RABPORT=5672
# Services
export PASSWORDEXCHANGE_PRODHOST=https://password.exchange
export PASSWORDEXCHANGE_DEVHOST=http://localhost:8080
export PASSWORDEXCHANGE_ENCRYPTIONPRODSERVICE=localhost:50051
export PASSWORDEXCHANGE_DATABASEPRODSERVICE=localhost:50052
export PASSWORDEXCHANGE_ENCRYPTIONDEVSERVICE=localhost:50051
export PASSWORDEXCHANGE_DATABASEDEVSERVICE=localhost:50052
export PASSWORDEXCHANGE_RUNNINGENVIRONMENT=dev
Production Kubernetes Deployment
# These should be stored in Kubernetes secrets
apiVersion: v1
kind: Secret
metadata:
name: password-exchange-secrets
type: Opaque
data:
db-host: <base64-encoded-hostname>
db-user: <base64-encoded-username>
db-password: <base64-encoded-password>
db-name: <base64-encoded-dbname>
email-host: <base64-encoded-smtp-host>
email-user: <base64-encoded-email>
email-password: <base64-encoded-email-password>
# ... other sensitive values
Troubleshooting
Common Configuration Issues
Application won't start:
- Check all required variables are set
- Verify database connectivity
- Test SMTP configuration
- Validate RabbitMQ connection
Reminders not working:
- Verify
PASSWORDEXCHANGE_REMINDER_ENABLED=true - Check email service configuration
- Confirm RabbitMQ is running and accessible
- Review reminder timing configuration
Database connection errors:
- Verify host, port, username, password
- Check database exists and user has permissions
- Test connectivity from application pod/container
- Review firewall and security group settings
Configuration Validation Commands
# Test configuration loading
./app reminder --config=config.yaml --dry-run
# Validate environment variables
env | grep PASSWORDEXCHANGE_ | sort
# Test database connection
./app database --config=config.yaml
# Test email configuration
./app email --config=config.yaml