# Environment Configuration Copy `.env.example` files and configure for your environment: ## Backend (.env) ```env # MongoDB MONGODB_URI=mongodb://admin:password@localhost:27017/noteapp?authSource=admin # JWT Configuration JWT_SECRET=your-super-secret-jwt-key-minimum-32-characters JWT_ISSUER=noteapp # Encryption (32 bytes = 32 characters) ENCRYPTION_KEY=00000000000000000000000000000000 # Server PORT=8080 ENV=development LOG_LEVEL=info # CORS (comma-separated for multiple origins) CORS_ALLOWED_ORIGINS=http://localhost:5173,http://localhost:3000 # Rate Limiting RATE_LIMIT_REQUESTS=50 RATE_LIMIT_WINDOW=1s ``` ## Frontend (.env) ```env VITE_API_BASE_URL=http://localhost:8080 VITE_ENV=development ``` ## Development vs Production ### Development (.env.development) - Less strict security (for easier testing) - Localhost CORS allowed - JWT secrets can be simple - Logging more verbose ### Production (.env.production) - Strict security requirements - Specific CORS origins only - Strong random JWT secrets - Limited logging (performance) - All environment variables must be set ## Generating Secrets ```bash # JWT Secret (32+ characters) openssl rand -base64 32 # Encryption Key (32 bytes) openssl rand -hex 16 # outputs 32 characters # Random token openssl rand -hex 32 ``` ## Docker Compose Environment variables are defined in `docker-compose.yml` and will override `.env` files. Update the file for your deployment: ```yaml environment: MONGODB_URI: mongodb://admin:password@mongodb:27017/noteapp?authSource=admin JWT_SECRET: your-secret-key-change-in-production # ... other vars ``` ## Kubernetes Use `kubectl create secret` for sensitive data: ```bash # Create secret from literal values kubectl create secret generic app-secrets \ --from-literal=mongodb-uri="..." \ --from-literal=jwt-secret="..." \ -n noteapp # Or use ConfigMap for non-sensitive config kubectl create configmap app-config \ --from-file=config.yaml \ -n noteapp ``` --- **IMPORTANT**: Never commit .env files or secrets to version control!