# --- Shared env vars --- LOG_LEVEL=INFO COMPOSE_PROJECT_NAME=tracecat # --- Shared URL env vars --- PUBLIC_APP_URL=http://localhost PUBLIC_API_URL=http://localhost/api SAML_SP_ACS_URL=${PUBLIC_API_URL}/auth/saml/acs INTERNAL_API_URL=http://api:8000 # -- Caddy env vars --- BASE_DOMAIN=:80 # Note: replace with your server's IP address ADDRESS=0.0.0.0 # --- App and DB env vars --- # One of `development`, `staging`, or `production` TRACECAT__APP_ENV=development # Used to encrypt/decrypt sensitive keys in the database # Can be generated using `python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"` TRACECAT__DB_ENCRYPTION_KEY=your-tracecat-db-fernet-key # Used to authenticate with Tracecat services # Can be generated using `openssl rand -hex 32` TRACECAT__SERVICE_KEY=your-tracecat-service-key # Used to generate private webhook URLs # Can be generated using `openssl rand -hex 32` TRACECAT__SIGNING_SECRET=your-tracecat-signing-secret # API Service URL TRACECAT__API_URL=${INTERNAL_API_URL} # Root path to deal with extra path prefix behind the reverse proxy TRACECAT__API_ROOT_PATH=/api # Public Runner URL # This is the public URL for incoming webhooks # If you wish to expose your webhooks to the internet, you can use a tunneling service like ngrok. # If using ngrok, run `ngrok http --domain=INSERT_STATIC_NGROK_DOMAIN_HERE 8001` # to start ngrok and update this with the forwarding URL TRACECAT__PUBLIC_RUNNER_URL=${PUBLIC_API_URL} # CORS (comman separated string of allowed origins) TRACECAT__ALLOW_ORIGINS=http://localhost:3000,${PUBLIC_APP_URL} # Postgres SSL model TRACECAT__DB_SSLMODE=disable TRACECAT__PUBLIC_APP_URL=${PUBLIC_APP_URL} TRACECAT__PUBLIC_API_URL=${PUBLIC_API_URL} # --- Postgres --- TRACECAT__POSTGRES_USER=postgres TRACECAT__POSTGRES_PASSWORD=postgres TRACECAT__DB_URI=postgresql+psycopg://${TRACECAT__POSTGRES_USER}:${TRACECAT__POSTGRES_PASSWORD}@postgres_db:5432/postgres # --- Shared frontend env vars --- # Important: environment variables prefixed with `NEXT_PUBLIC_` are exposed to the browser client # You may need to adjust the domain (default `localhost`) based on your setup # Containers in the same network can communicate with each other using the service name # Or you can use the host.docker.internal to communicate with the host machine NODE_ENV=development NEXT_PUBLIC_APP_ENV=development # The frontend app URL NEXT_PUBLIC_APP_URL=${PUBLIC_APP_URL} # Allows the browser to communicate with the backend NEXT_PUBLIC_API_URL=${PUBLIC_API_URL} # Allows the frontend server (inside docker) to communicate with the backend server (inside docker) NEXT_SERVER_API_URL=${INTERNAL_API_URL} # --- Authentication --- # One or more comma-separated values from `basic`, `google_oauth`, `saml` TRACECAT__AUTH_TYPES=basic,google_oauth # Initial admin user TRACECAT__SETUP_ADMIN_EMAIL= TRACECAT__SETUP_ADMIN_PASSWORD= # OAuth OAUTH_CLIENT_ID= OAUTH_CLIENT_SECRET= USER_AUTH_SECRET=your-auth-secret # SAML SSO settings SAML_IDP_ENTITY_ID= SAML_IDP_REDIRECT_URL= SAML_IDP_CERTIFICATE= SAML_IDP_METADATA_URL= # --- Temporal --- TEMPORAL__CLUSTER_URL=temporal:7233 TEMPORAL__CLUSTER_QUEUE=tracecat-task-queue TEMPORAL__CLUSTER_NAMESPACE=default TEMPORAL__VERSION=1.24.2 TEMPORAL__POSTGRES_USER=temporal TEMPORAL__POSTGRES_PASSWORD=temporal TEMPORAL__UI_VERSION=2.26.2 # --- Cloud only --- # Tracecat Cloud only, please ignore if self-hosted: NEXT_PUBLIC_POSTHOG_KEY= NEXT_PUBLIC_POSTHOG_HOST=https://us.i.posthog.com NEXT_PUBLIC_DISABLE_SESSION_RECORDING=true # --- SMTP settings --- # Settings used by the core.send_email_smtp action SMTP_HOST=smtp.example.com SMTP_PORT=465 SMTP_STARTTLS_ENABLED=1 SMTP_SSL_ENABLED=0 SMTP_IGNORE_CERT_ERRORS=0 SMTP_AUTH_ENABLED=1 SMTP_USER=testuser SMTP_PASS=test # --- LDAP settings --- # Settings used by the integrations.ldap actions LDAP_HOST=ldap.example.com LDAP_PORT=389 LDAP_SSL=0 LDAP_TYPE=AD # --- Remote registry --- # If you wish to use a remote registry, set the URL here # This is useful if you wish to use a custom set of UDFs # or if you wish to host your own registry TRACECAT__REMOTE_REPOSITORY_URL= # If not provided, the package name will be inferred from the git remote URL (repo name) TRACECAT__REMOTE_REPOSITORY_PACKAGE_NAME= # --- AI settings --- # If you wish to use open source models, add a comma-separated list of models to preload # Please see module `tracecat.llm` for the full list of available models # The models will be loaded on startup TRACECAT__PRELOAD_OSS_MODELS= # Ollama settings OLLAMA__VERSION=0.3.12 OLLAMA__API_URL=http://ollama:11434