# ===================================================================
# KOMPOSE - Secrets Configuration
# ===================================================================
# This file contains SENSITIVE data and should NOT be committed to git.
# Ensure secrets.env is in your .gitignore file!
#
# Generate random secrets with: ./kompose.sh secrets generate
# List all secrets with:        ./kompose.sh secrets list
# Validate configuration:       ./kompose.sh secrets validate
# Rotate a secret:              ./kompose.sh secrets rotate SECRET_NAME
# ===================================================================

# -------------------------------------------------------------------
# Shared Database Secrets
# -------------------------------------------------------------------
DB_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# Shared Admin Secrets
# -------------------------------------------------------------------
ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# Shared Email/SMTP Secrets
# -------------------------------------------------------------------
EMAIL_SMTP_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# AUTH Stack Secrets (Keycloak)
# Scope: auth.pivoine.art
# -------------------------------------------------------------------
AUTH_KC_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# CODE Stack Secrets (Gitea)
# Scope: code.pivoine.art
# -------------------------------------------------------------------
CODE_RUNNER_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# AUTO Stack Secrets (n8n)
# Scope: auto.pivoine.art
# -------------------------------------------------------------------
AUTO_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# SEXY Stack Secrets (Directus)
# Scope: sexy.pivoine.art
# -------------------------------------------------------------------
SEXY_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE
SEXY_ADMIN_PASSWORD=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# DASH Stack Secrets (NextAuth)
# Scope: dash.pivoine.art
# -------------------------------------------------------------------
DASH_NEXTAUTH_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# NEWS Stack Secrets (Letterspace)
# Scope: news.pivoine.art
# -------------------------------------------------------------------
NEWS_JWT_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# TRACK Stack Secrets (Umami)
# Scope: umami.pivoine.art
# -------------------------------------------------------------------
TRACK_APP_SECRET=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# CHAT Stack Secrets
# Scope: chat.pivoine.art
# -------------------------------------------------------------------
# CHAT_ENCRYPTION_KEY=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# VAULT Stack Secrets (Vaultwarden)
# Scope: vault.pivoine.art
# -------------------------------------------------------------------
# VAULT_ADMIN_TOKEN=CHANGE_ME_GENERATE_WITH_KOMPOSE

# -------------------------------------------------------------------
# Additional Stack Secrets
# Follow the naming convention: STACKNAME_SECRET_PURPOSE
# -------------------------------------------------------------------