# Satellite Provider environment configuration template.
# Copy this file to `.env` and replace placeholder values before running
# docker-compose or scripts/run-tests.sh.
#
# IMPORTANT: `.env` is gitignored on purpose. Never commit real secrets.

# Google Maps Platform API key for satellite imagery downloads.
GOOGLE_MAPS_API_KEY=

# HMAC-SHA256 signing key for JWT validation (suite-level auth contract,
# `suite/_docs/10_auth.md`). MUST be at least 32 bytes (UTF-8) — the API
# fails fast on startup if this is unset or shorter.
#
# Generate a strong secret with, for example:
#   openssl rand -hex 32
#
# Test/CI runs may use a clearly tagged TEST-ONLY value (still >=32 bytes).
JWT_SECRET=

# JWT issuer / audience claims (AZ-494). Both are REQUIRED — the API
# fails fast at startup if either is unset or whitespace-only.
#
# Production values MUST be confirmed by the admin team before deploy
# (the admin API stamps the `iss` claim; satellite-provider validates
# the `aud` claim).
#
# For local dev / CI: use the DEV-ONLY values below. The integration
# test runner and scripts/run-tests.sh read these directly from the
# environment (no appsettings fallback on the test side), so leaving
# them blank will cause run-tests.sh to refuse to start.
#
# NEVER ship these DEV-ONLY values to prod — they exist only to make
# local-dev mints validate against appsettings.Development.json:
JWT_ISSUER=DEV-ONLY-iss-admin-azaion-local
JWT_AUDIENCE=DEV-ONLY-aud-satellite-provider