solventum-image-metadata/.env.example

# Solventum Image Metadata Tool — Environment Configuration
# Copy this file to .env and fill in your secrets:
#   cp .env.example .env

# === Required ===
# Generate with: python3 -c "import secrets; print(secrets.token_hex(32))"
SECRET_KEY=CHANGE_ME_GENERATE_A_RANDOM_KEY
DOCKER_MODE=true
# Subpath prefix (must match Apache reverse proxy config, no trailing slash)
ROOT_PATH=/solventum-image-metadata

# === Azure AD / SSO ===
AZURE_TENANT_ID=e519c2e6-bc6d-4fdf-8d9c-923c2f002385
AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
# AZURE_CLIENT_SECRET is REQUIRED for server-side MSAL flow (get from Azure Portal > App > Certificates & secrets)
AZURE_CLIENT_SECRET=
# Must match Azure AD App Registration > Authentication > Redirect URIs EXACTLY (including /auth/callback path)
# For production: https://ai-sandbox.oliver.solutions/solventum-image-metadata/auth/callback
# For local dev: http://localhost:5001/auth/callback
REDIRECT_URI=https://ai-sandbox.oliver.solutions/solventum-image-metadata/auth/callback

# Optional: Multi-tenant support - comma-separated list of allowed tenant IDs
# Leave empty to allow any organizational tenant (after Azure Portal configuration)
# Example: tenant-id-1,tenant-id-2,tenant-id-3
ALLOWED_TENANT_IDS=

# === OpenAI (optional — for AI metadata generation) ===
OPENAI_API_KEY=

# === Admin ===
# This email will be auto-created as admin on first startup (SSO login)
SUPERADMIN_EMAIL=vadymsamoilenko@oliver.agency

# === Options ===
ENABLE_TEST_USER=false
HTTPS_ONLY=true
DEBUG=false