SAFLA/.env.example at main · ruvnet/SAFLA · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
# JWT Authentication Configuration
# IMPORTANT: Generate a secure secret key for production use
# You can generate one using: openssl rand -base64 32

# JWT secret key for token signing (REQUIRED)
JWT_SECRET_KEY=your-secret-key-here-change-in-production

# JWT token expiration time in minutes (default: 60)
JWT_EXPIRATION_TIME=60

# JWT refresh token expiration time in days (default: 7)
JWT_REFRESH_EXPIRATION_DAYS=7

# JWT algorithm (default: HS256)
# Options: HS256, HS384, HS512, RS256, RS384, RS512
JWT_ALGORITHM=HS256

# JWT issuer (default: safla-mcp-server)
JWT_ISSUER=safla-mcp-server

# JWT audience (default: safla-client)
JWT_AUDIENCE=safla-client

# Enable JWT authentication for MCP server (default: true)
MCP_AUTH_ENABLED=true

# Require authentication for all endpoints except public ones (default: false)
MCP_AUTH_STRICT_MODE=false

# Session timeout in minutes for active sessions (default: 120)
MCP_SESSION_TIMEOUT=120

# Additional SAFLA configuration can be found in config/sample.env