.env.example

# Version Guard Environment Variables
# Copy this file to .env and fill in your actual values

# ─── Temporal Configuration ───────────────────────────────────────────────────
TEMPORAL_ENDPOINT=localhost:7233
TEMPORAL_NAMESPACE=version-guard-dev
TEMPORAL_TASK_QUEUE=version-guard-detection

# ─── Wiz Configuration (Optional - falls back to mock data if not provided) ───
# Get these from your Wiz Service Account
WIZ_CLIENT_ID_SECRET=your-wiz-client-id-here
WIZ_CLIENT_SECRET_SECRET=your-wiz-client-secret-here
WIZ_CACHE_TTL_HOURS=1

# Wiz Report IDs (JSON map of resource ID to Wiz report ID)
# Create reports in Wiz UI and map them to your resource IDs from config/resources.yaml
# Format: {"resource-id-1":"wiz-report-id-1","resource-id-2":"wiz-report-id-2"}
WIZ_REPORT_IDS={"aurora-mysql":"your-aurora-mysql-report-id","eks":"your-eks-report-id","elasticache-redis":"your-elasticache-redis-report-id","opensearch":"your-opensearch-report-id"}

# ─── AWS Configuration ────────────────────────────────────────────────────────
# Used for EOL data APIs and S3 snapshots
# Make sure your AWS credentials are configured via:
#   - ~/.aws/credentials
#   - AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY environment variables
#   - IAM role (if running in AWS)
AWS_REGION=us-west-2

# ─── S3 Snapshot Storage ──────────────────────────────────────────────────────
S3_BUCKET=version-guard-snapshots
S3_PREFIX=snapshots/

# ─── gRPC Service ─────────────────────────────────────────────────────────────
GRPC_PORT=8080

# ─── Tag Configuration ────────────────────────────────────────────────────────
# Customize which AWS resource tags to use for extracting metadata
# Comma-separated lists - first match wins
TAG_APP_KEYS=app,application,service
TAG_ENV_KEYS=environment,env
TAG_BRAND_KEYS=brand

# ─── Logging ──────────────────────────────────────────────────────────────────
LOG_LEVEL=info