# Xpeditis - Production Environment Variables # Copy this file to .env.production and fill in the values # =================================== # DOCKER REGISTRY # =================================== DOCKER_REGISTRY=docker.io BACKEND_IMAGE=xpeditis/backend BACKEND_TAG=latest FRONTEND_IMAGE=xpeditis/frontend FRONTEND_TAG=latest # =================================== # DATABASE (PostgreSQL) # =================================== POSTGRES_DB=xpeditis_prod POSTGRES_USER=xpeditis POSTGRES_PASSWORD=CHANGE_ME_SECURE_PASSWORD_64_CHARS_MINIMUM # =================================== # REDIS CACHE # =================================== REDIS_PASSWORD=CHANGE_ME_REDIS_PASSWORD_64_CHARS_MINIMUM # =================================== # JWT AUTHENTICATION # =================================== JWT_SECRET=CHANGE_ME_JWT_SECRET_512_BITS_MINIMUM # =================================== # AWS CONFIGURATION # =================================== AWS_REGION=eu-west-3 AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY AWS_SES_REGION=eu-west-1 # S3 Buckets S3_BUCKET_DOCUMENTS=xpeditis-prod-documents S3_BUCKET_UPLOADS=xpeditis-prod-uploads # =================================== # EMAIL CONFIGURATION # =================================== EMAIL_SERVICE=ses EMAIL_FROM=noreply@xpeditis.com EMAIL_FROM_NAME=Xpeditis # =================================== # MONITORING (Sentry) - REQUIRED # =================================== SENTRY_DSN=https://your-sentry-dsn@sentry.io/project-id NEXT_PUBLIC_SENTRY_DSN=https://your-sentry-dsn@sentry.io/project-id # =================================== # ANALYTICS (Google Analytics) - REQUIRED # =================================== NEXT_PUBLIC_GA_MEASUREMENT_ID=G-XXXXXXXXXX # =================================== # CARRIER APIs (Production) - REQUIRED # =================================== # Maersk Production MAERSK_API_URL=https://api.maersk.com MAERSK_API_KEY=your-maersk-production-api-key # MSC Production MSC_API_URL=https://api.msc.com MSC_API_KEY=your-msc-production-api-key # CMA CGM Production CMA_CGM_API_URL=https://api.cma-cgm.com CMA_CGM_API_KEY=your-cma-cgm-production-api-key # Hapag-Lloyd Production HAPAG_LLOYD_API_URL=https://api.hapag-lloyd.com HAPAG_LLOYD_API_KEY=your-hapag-lloyd-api-key # ONE (Ocean Network Express) ONE_API_URL=https://api.one-line.com ONE_API_KEY=your-one-api-key # =================================== # SECURITY BEST PRACTICES # =================================== # ✅ Use AWS Secrets Manager for production secrets # ✅ Rotate credentials every 90 days # ✅ Enable AWS CloudTrail for audit logs # ✅ Use IAM roles with least privilege # ✅ Enable MFA on all AWS accounts # ✅ Use strong passwords (min 64 characters, random) # ✅ Never commit this file with real credentials # ✅ Restrict database access to VPC only # ✅ Enable SSL/TLS for all connections # ✅ Monitor failed login attempts (Sentry) # ✅ Setup automated backups (daily, 30-day retention) # ✅ Test disaster recovery procedures monthly