PORT=3002
BASE_URL=https://hl.cast.ph

# nginx-proxy / Let's Encrypt
VIRTUAL_HOST=hl.cast.ph
LETSENCRYPT_EMAIL=ops@cast.ph

# GHL OAuth
GHL_CLIENT_ID=
GHL_CLIENT_SECRET=
# RSA public key (PKIX PEM) used to verify x-wh-signature on incoming webhooks.
# This is a static key published in GHL docs — not from your app settings.
# Paste the full multi-line PEM block, or use \n-escaped single-line format.
GHL_WEBHOOK_PUBLIC_KEY=
GHL_CONVERSATION_PROVIDER_ID=
# Ed25519 public key for X-GHL-Signature (GHL migration, expected July 2026).
# Leave empty until GHL publishes this key and activates the new header.
GHL_WEBHOOK_ED25519_KEY=

# Cast.ph
CAST_API_KEY=
CAST_API_URL=https://api.cast.ph
CAST_SENDER_ID=

# MongoDB — use a strong password; URI must include auth credentials
# Generate password: openssl rand -hex 24
MONGO_ROOT_USERNAME=castghl
MONGO_ROOT_PASSWORD=
MONGO_URI=mongodb://castghl:<password>@mongo:27017/cast-ghl?authSource=admin

# AES-256 key for encrypting per-location Cast API keys at rest in MongoDB.
# Generate: openssl rand -hex 32
# WARNING: if this key is lost without migrating records first, per-location
# API keys stored in MongoDB will be unreadable. Back this up securely.
CREDENTIALS_ENCRYPTION_KEY=

# Admin API shared secret (protects /api/admin/*)
# Generate: openssl rand -hex 32
INBOUND_API_KEY=