-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
37 lines (27 loc) · 1.09 KB
/
.env.example
File metadata and controls
37 lines (27 loc) · 1.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Latch Configuration
# Azure AD Client ID (from app registration)
LATCH_CLIENT_ID=your-client-id-here
# Azure AD Tenant ID
LATCH_TENANT_ID=your-tenant-id-here
# Azure AD Client Secret (OPTIONAL - only for confidential clients)
# If omitted, uses PKCE (public client flow) - no secret needed
# If provided, uses confidential client flow with client_secret
# IMPORTANT: Rotate every 6-12 months. See docs/AUTHENTICATION_SETUP.md
# LATCH_CLIENT_SECRET=your-client-secret-here
# Cloud environment: 'commercial' | 'gcc-high' | 'dod'
LATCH_CLOUD=gcc-high
# Scopes (space-separated)
# For GCC-High, use openid profile User.Read
LATCH_SCOPES=openid profile User.Read
# Redirect URI (must match app registration)
LATCH_REDIRECT_URI=http://localhost:3000/api/latch/callback
# Cookie encryption secret (generate with: openssl rand -base64 32)
LATCH_COOKIE_SECRET=your-32-byte-secret-here
# Optional: Enable debug logging
LATCH_DEBUG=false
# Example for Commercial Azure:
# LATCH_CLOUD=commercial
# LATCH_SCOPES=openid profile User.Read
# Example for DoD:
# LATCH_CLOUD=dod
# LATCH_SCOPES=openid profile User.Read