b1e78fe412
Some checks failed
Docs CI / lint-and-preview (push) Has been cancelled
- Added VulnTokenSigner for signing JWT tokens with specified algorithms and keys. - Introduced VulnTokenUtilities for resolving tenant and subject claims, and sanitizing context dictionaries. - Created VulnTokenVerificationUtilities for parsing tokens, verifying signatures, and deserializing payloads. - Developed VulnWorkflowAntiForgeryTokenIssuer for issuing anti-forgery tokens with configurable options. - Implemented VulnWorkflowAntiForgeryTokenVerifier for verifying anti-forgery tokens and validating payloads. - Added AuthorityVulnerabilityExplorerOptions to manage configuration for vulnerability explorer features. - Included tests for FilesystemPackRunDispatcher to ensure proper job handling under egress policy restrictions.
38 lines
1.7 KiB
Plaintext
38 lines
1.7 KiB
Plaintext
# Substitutions for docker-compose.prod.yaml
|
|
# ⚠️ Replace all placeholder secrets with values sourced from your secret manager.
|
|
MONGO_INITDB_ROOT_USERNAME=stellaops-prod
|
|
MONGO_INITDB_ROOT_PASSWORD=REPLACE_WITH_STRONG_PASSWORD
|
|
MINIO_ROOT_USER=stellaops-prod
|
|
MINIO_ROOT_PASSWORD=REPLACE_WITH_STRONG_PASSWORD
|
|
# Expose the MinIO console only to trusted operator networks.
|
|
MINIO_CONSOLE_PORT=39001
|
|
RUSTFS_HTTP_PORT=8080
|
|
AUTHORITY_ISSUER=https://authority.prod.stella-ops.org
|
|
AUTHORITY_PORT=8440
|
|
SIGNER_POE_INTROSPECT_URL=https://licensing.prod.stella-ops.org/introspect
|
|
SIGNER_PORT=8441
|
|
ATTESTOR_PORT=8442
|
|
# Secrets for Issuer Directory are provided via issuer-directory.mongo.env (see etc/secrets/issuer-directory.mongo.secret.example).
|
|
ISSUER_DIRECTORY_PORT=8447
|
|
ISSUER_DIRECTORY_MONGO_CONNECTION_STRING=mongodb://${MONGO_INITDB_ROOT_USERNAME}:${MONGO_INITDB_ROOT_PASSWORD}@mongo:27017
|
|
ISSUER_DIRECTORY_SEED_CSAF=true
|
|
CONCELIER_PORT=8445
|
|
SCANNER_WEB_PORT=8444
|
|
UI_PORT=8443
|
|
NATS_CLIENT_PORT=4222
|
|
SCANNER_QUEUE_BROKER=nats://nats:4222
|
|
# `true` enables signed scanner events for Notify ingestion.
|
|
SCANNER_EVENTS_ENABLED=true
|
|
SCANNER_EVENTS_DRIVER=redis
|
|
# Leave SCANNER_EVENTS_DSN empty to inherit the Redis queue DSN when SCANNER_QUEUE_BROKER uses redis://.
|
|
SCANNER_EVENTS_DSN=
|
|
SCANNER_EVENTS_STREAM=stella.events
|
|
SCANNER_EVENTS_PUBLISH_TIMEOUT_SECONDS=5
|
|
SCANNER_EVENTS_MAX_STREAM_LENGTH=10000
|
|
SCHEDULER_QUEUE_KIND=Nats
|
|
SCHEDULER_QUEUE_NATS_URL=nats://nats:4222
|
|
SCHEDULER_STORAGE_DATABASE=stellaops_scheduler
|
|
SCHEDULER_SCANNER_BASEADDRESS=http://scanner-web:8444
|
|
# External reverse proxy (Traefik, Envoy, etc.) that terminates TLS.
|
|
FRONTDOOR_NETWORK=stellaops_frontdoor
|