# BotServer Environment Configuration
# =====================================
# 
# ONLY VAULT VARIABLES ARE ALLOWED IN THIS FILE!
# All secrets (DATABASE_URL, API keys, etc.) MUST be stored in Vault.
# NO LEGACY FALLBACK - Vault is mandatory.
#
# Vault paths for secrets:
#   - gbo/tables     - PostgreSQL credentials (host, port, database, username, password)
#   - gbo/drive      - MinIO/S3 credentials (accesskey, secret)
#   - gbo/cache      - Redis credentials (password)
#   - gbo/directory  - Zitadel credentials (url, project_id, client_id, client_secret)
#   - gbo/email      - Email credentials (username, password)
#   - gbo/llm        - LLM API keys (openai_key, anthropic_key, groq_key)
#   - gbo/encryption - Encryption keys (master_key)
#   - gbo/meet       - LiveKit credentials (api_key, api_secret)
#   - gbo/alm        - Forgejo credentials (url, admin_password, runner_token)
#   - gbo/vectordb   - Qdrant credentials (url, api_key)
#   - gbo/observability - InfluxDB credentials (url, org, bucket, token)

# =====================
# VAULT CONFIGURATION - ONLY THESE VARS ARE ALLOWED
# =====================

# Vault server address
VAULT_ADDR=https://localhost:8200

# Vault authentication token (generated during vault init)
# This will be populated automatically after first bootstrap
VAULT_TOKEN=

# Skip TLS verification for development (set to false in production)
VAULT_SKIP_VERIFY=true

# Cache TTL for secrets in seconds (default: 300 = 5 minutes)
VAULT_CACHE_TTL=300