git.stella-ops.org/devops/compose/env/dev.env.example

# Substitutions for docker-compose.dev.yaml

# PostgreSQL Database
POSTGRES_USER=stellaops
POSTGRES_PASSWORD=dev-postgres-password
POSTGRES_DB=stellaops_platform
POSTGRES_PORT=5432

# Valkey (Redis-compatible cache and messaging)
VALKEY_PORT=6379

# RustFS Object Storage
RUSTFS_HTTP_PORT=8080

# Authority (OAuth2/OIDC)
AUTHORITY_ISSUER=https://authority.localtest.me
AUTHORITY_PORT=8440

# Signer
SIGNER_POE_INTROSPECT_URL=https://licensing.svc.local/introspect
SIGNER_PORT=8441

# Attestor
ATTESTOR_PORT=8442

# Rekor Configuration (Attestor/Scanner)
# Server URL - default is public Sigstore Rekor
REKOR_SERVER_URL=https://rekor.sigstore.dev
# Log version: Auto, V1, or V2 (V2 uses tile-based Sunlight format)
REKOR_VERSION=Auto
# Tile base URL for V2 (optional, defaults to {REKOR_SERVER_URL}/tile/)
REKOR_TILE_BASE_URL=
# Log ID for multi-log environments (Sigstore production log ID)
REKOR_LOG_ID=c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d
# Prefer tile proofs when Version=Auto
REKOR_PREFER_TILE_PROOFS=false

# Issuer Directory
ISSUER_DIRECTORY_PORT=8447
ISSUER_DIRECTORY_SEED_CSAF=true

# Concelier
CONCELIER_PORT=8445

# Scanner
SCANNER_WEB_PORT=8444
SCANNER_QUEUE_BROKER=nats://nats:4222
SCANNER_EVENTS_ENABLED=false
SCANNER_EVENTS_DRIVER=valkey
SCANNER_EVENTS_DSN=valkey:6379
SCANNER_EVENTS_STREAM=stella.events
SCANNER_EVENTS_PUBLISH_TIMEOUT_SECONDS=5
SCANNER_EVENTS_MAX_STREAM_LENGTH=10000

# Surface.Env defaults keep worker/web service aligned with local RustFS and inline secrets
SCANNER_SURFACE_FS_ENDPOINT=http://rustfs:8080/api/v1
SCANNER_SURFACE_CACHE_ROOT=/var/lib/stellaops/surface
SCANNER_SURFACE_SECRETS_PROVIDER=inline
SCANNER_SURFACE_SECRETS_ROOT=

# Zastava inherits Scanner defaults; override if Observer/Webhook diverge
ZASTAVA_SURFACE_FS_ENDPOINT=${SCANNER_SURFACE_FS_ENDPOINT}
ZASTAVA_SURFACE_CACHE_ROOT=${SCANNER_SURFACE_CACHE_ROOT}
ZASTAVA_SURFACE_SECRETS_PROVIDER=${SCANNER_SURFACE_SECRETS_PROVIDER}
ZASTAVA_SURFACE_SECRETS_ROOT=${SCANNER_SURFACE_SECRETS_ROOT}

# Scheduler
SCHEDULER_QUEUE_KIND=Nats
SCHEDULER_QUEUE_NATS_URL=nats://nats:4222
SCHEDULER_SCANNER_BASEADDRESS=http://scanner-web:8444

# Notify
NOTIFY_WEB_PORT=8446

# Advisory AI
ADVISORY_AI_WEB_PORT=8448
ADVISORY_AI_SBOM_BASEADDRESS=http://scanner-web:8444
ADVISORY_AI_INFERENCE_MODE=Local
ADVISORY_AI_REMOTE_BASEADDRESS=
ADVISORY_AI_REMOTE_APIKEY=

# Web UI
UI_PORT=8443

# NATS
NATS_CLIENT_PORT=4222

# CryptoPro (optional)
CRYPTOPRO_PORT=18080
CRYPTOPRO_ACCEPT_EULA=0