-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.env.example
More file actions
86 lines (78 loc) · 2.97 KB
/
.env.example
File metadata and controls
86 lines (78 loc) · 2.97 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
# ============================================
# Circle Faucet - Environment Variables
# ============================================
# ---------------------------------
# Circle API Keys (Default Faucet)
# ---------------------------------
# Multiple API keys for load balancing and rotation
# Comma-separated list of test API keys
# Get your keys at: https://developers.circle.com/w3s/circle-developer-account
CIRCLE_API_KEYS="TEST_API_KEY:xxx:xxx,TEST_API_KEY:yyy:yyy,TEST_API_KEY:zzz:zzz"
# ---------------------------------
# Default Faucet Password
# ---------------------------------
# SHA-256 hash of your password
# IMPORTANT: Hash the password before adding it here
#
# To generate hash (Linux/Mac):
# echo -n "your_password" | sha256sum
#
# To generate hash (Node.js):
# node -e "console.log(require('crypto').createHash('sha256').update('your_password').digest('hex'))"
#
# Example: password "securepass123" becomes:
# 9af15b336e6a9619928537df30b2e6a2376569fcf9d7e773eccede65606529a0
DEFAULT_PASSWORD_HASH="your_password_hash_here"
# ---------------------------------
# Emergency Controls
# ---------------------------------
# Set to 'true' to temporarily disable the faucet
# Useful for maintenance or if abuse is detected
FAUCET_DISABLED=false
# ---------------------------------
# Optional: Revoked API Keys
# ---------------------------------
# Comma-separated list of SHA-256 hashes of revoked user API keys
# To revoke a key, hash it and add the hash here
# REVOKED_API_KEY_HASHES="hash1,hash2,hash3"
# ---------------------------------
# Rate Limit Strategy (Updated)
# ---------------------------------
# BYO API Key Mode:
# - NO rate limiting from our side
# - Circle enforces 5-10 claims/day (varies)
# - Users can switch keys when they hit Circle's limit
#
# Default Faucet Mode:
# - IP-based: 3 claims per 24 hours
# - Wallet-based: 1 claim per network per 24 hours
#
# Infrastructure Protection:
# - 100 requests per hour per IP (all modes)
# ---------------------------------
# Vercel Deployment Notes
# ---------------------------------
# 1. Never commit this file with real values
# 2. Add these variables in Vercel dashboard:
# Project Settings → Environment Variables
# 3. Separate variables for Production/Preview/Development
# 4. Redeploy after changing environment variables
# ---------------------------------
# Development Setup
# ---------------------------------
# For local development:
# 1. Copy this file: cp .env.example .env
# 2. Fill in your actual values
# 3. Run: vercel dev
# 4. Test at: http://localhost:3000
# ---------------------------------
# Security Checklist
# ---------------------------------
# ✅ Never commit .env file to git
# ✅ Use different keys for dev/staging/production
# ✅ Rotate API keys periodically
# ✅ Use strong passwords (16+ characters)
# ✅ Monitor usage in Circle dashboard
# ✅ Enable FAUCET_DISABLED if abuse detected
# ✅ Keep this file secure on your local machine
# ✅ Remember: We don't limit BYO API keys - Circle does