# Satellite Provider environment configuration template.
# Copy this file to `.env` and replace placeholder values before running
# docker-compose or scripts/run-tests.sh.
#
# IMPORTANT: `.env` is gitignored on purpose. Never commit real secrets.

# Google Maps Platform API key for satellite imagery downloads.
GOOGLE_MAPS_API_KEY=

# HMAC-SHA256 signing key for JWT validation (suite-level auth contract,
# `suite/_docs/10_auth.md`). MUST be at least 32 bytes (UTF-8) — the API
# fails fast on startup if this is unset or shorter.
#
# Generate a strong secret with, for example:
#   openssl rand -hex 32
#
# Test/CI runs may use a clearly tagged TEST-ONLY value (still >=32 bytes).
JWT_SECRET=

# JWT issuer / audience claims (AZ-494). Both are REQUIRED — the API
# fails fast at startup if either is unset or whitespace-only.
#
# Production values MUST be confirmed by the admin team before deploy
# (the admin API stamps the `iss` claim; satellite-provider validates
# the `aud` claim). For local dev these can use the DEV-ONLY values
# baked into appsettings.Development.json — leave blank to fall back.
#
# Example values (NEVER use these in prod):
#   JWT_ISSUER=DEV-ONLY-iss-admin-azaion-local
#   JWT_AUDIENCE=DEV-ONLY-aud-satellite-provider
JWT_ISSUER=
JWT_AUDIENCE=