marktvogt.de/.env.helm.example

# Reference values for k8s secrets in tenant-2.
# Copy to .env.helm (gitignored) and fill in real values.
# Apply with: ./scripts/k8s-secrets-sync.sh

# ─── marktvogt-backend-secrets (App secret + OAuth + Sentry) ────────────
# APP_SECRET: AES-256-GCM key for settings encryption. Generate via:
#   openssl rand -hex 32
# Backward-compat: backend also reads JWT_SECRET as fallback (deprecated).
APP_SECRET=
SENTRY_DSN=

OAUTH_GOOGLE_CLIENT_ID=
OAUTH_GOOGLE_CLIENT_SECRET=
OAUTH_APPLE_CLIENT_ID=
OAUTH_APPLE_CLIENT_SECRET=
OAUTH_FACEBOOK_CLIENT_ID=
OAUTH_FACEBOOK_CLIENT_SECRET=
OAUTH_GITHUB_CLIENT_ID=
OAUTH_GITHUB_CLIENT_SECRET=

# ─── marktvogt-backend-smtp ──────────────────────────────────────────────
SMTP_HOST=
SMTP_USER=
SMTP_PASSWORD=

# ─── marktvogt-backend-ci-secrets (Turnstile + Discovery + AI) ───────────
TURNSTILE_SECRET_KEY=
DISCOVERY_TOKEN=
AI_API_KEY=
AI_AGENT_SIMPLE=gemini-2.5-flash-lite
AI_AGENT_DISCOVERY=