video-accessibility/.env.production

# =============================================================================
# Production Environment Variables for Accessible Video Platform
# =============================================================================
# IMPORTANT: This file contains sensitive information. Set permissions: chmod 600
# Location on server: /opt/accessible-video/.env.production
# =============================================================================

# -----------------------------------------------------------------------------
# App Configuration
# -----------------------------------------------------------------------------
APP_ENV=prod
API_BASE_URL=https://optical-dev.oliver.solutions/video-accessibility

# -----------------------------------------------------------------------------
# Authentication & Security
# -----------------------------------------------------------------------------
# IMPORTANT: Generate a secure random secret for JWT_SECRET
# Example: openssl rand -hex 32
JWT_SECRET=d81fd31798510f53b374951908b6bedd75f7ddaabe9b4e4c4ca5bf81393f48b7
JWT_ALG=HS256
JWT_ACCESS_TTL_MIN=240
JWT_REFRESH_TTL_DAYS=7
COOKIE_DOMAIN=optical-dev.oliver.solutions
COOKIE_SECURE=true
COOKIE_SAMESITE=Lax

# -----------------------------------------------------------------------------
# MongoDB Configuration
# -----------------------------------------------------------------------------
# MongoDB runs without authentication in the internal Docker network
MONGODB_DB=accessible_video

# Note: MongoDB connection string is auto-constructed in docker-compose.yml
# Format: mongodb://mongodb:27017/${MONGODB_DB}

# -----------------------------------------------------------------------------
# Redis Configuration
# -----------------------------------------------------------------------------
# Redis runs without authentication in the internal Docker network
# No configuration needed - connection strings in docker-compose.yml
# REDIS_URL=redis://redis:6379/0

# -----------------------------------------------------------------------------
# Google Cloud Platform (GCP)
# -----------------------------------------------------------------------------
GCP_PROJECT_ID=optical-414516
GCS_BUCKET=accessible-video

# GCP credentials file will be mounted as a volume
# Location inside container: /secrets/gcp-credentials.json
# Source file on server: /opt/accessible-video/secrets/gcp-credentials.json

# -----------------------------------------------------------------------------
# AI Services
# -----------------------------------------------------------------------------
# Gemini API (Required)
GEMINI_API_KEY=AIzaSyAuuVGcvqfoP7pqX-YwieGszPsNSeAft-0

# Google Cloud Translate (Optional - for translation features)
TRANSLATE_API_KEY=

# ElevenLabs TTS (Optional - for text-to-speech)
ELEVENLABS_API_KEY=sk_c17be2768ca784f1807018420b84c7f1ee969946e698f986

# -----------------------------------------------------------------------------
# Email Configuration (Mailgun)
# -----------------------------------------------------------------------------
SENDGRID_API_KEY=
MAILGUN_API_KEY=1d8c6f38c53f237305353cc2e55f39f2-c6620443-4b9961f5
MAILGUN_DOMAIN=mg.oliver.solutions
MAILGUN_FROM=noreply@mg.oliver.solutions

# Email sender address
EMAIL_FROM=noreply@mg.oliver.solutions

# Client-facing URL (used in emails)
CLIENT_BASE_URL=https://optical-dev.oliver.solutions/video-accessibility

# -----------------------------------------------------------------------------
# Microsoft Authentication (Azure AD)
# -----------------------------------------------------------------------------
AZURE_CLIENT_ID=9079054c-9620-4757-a256-23413042f1ef
AZURE_AUTHORITY=https://login.microsoftonline.com/e519c2e6-bc6d-4fdf-8d9c-923c2f002385
AZURE_REDIRECT_URI=https://optical-dev.oliver.solutions/video-accessibility/

# -----------------------------------------------------------------------------
# CORS Configuration
# -----------------------------------------------------------------------------
# Comma-separated list of allowed origins
CORS_ORIGINS=https://optical-dev.oliver.solutions

# -----------------------------------------------------------------------------
# Observability & Monitoring (Optional)
# -----------------------------------------------------------------------------
# Sentry for error tracking (leave empty to disable)
SENTRY_DSN=

# OpenTelemetry endpoint (leave empty to disable)
OTEL_EXPORTER_OTLP_ENDPOINT=

# =============================================================================
# DEPLOYMENT CHECKLIST
# =============================================================================
# [ ] Generate secure JWT_SECRET (64 characters): openssl rand -hex 32
# [ ] Verify GCP_PROJECT_ID and GCS_BUCKET
# [ ] Copy GCP credentials JSON to /opt/accessible-video/secrets/
# [ ] Update GEMINI_API_KEY with valid key
# [ ] (Optional) Configure SENDGRID_API_KEY for email notifications
# [ ] (Optional) Configure ELEVENLABS_API_KEY for TTS
# [ ] (Optional) Configure SENTRY_DSN for error tracking
# [ ] Set file permissions: chmod 600 /opt/accessible-video/.env.production
# [ ] Verify COOKIE_DOMAIN matches your domain
# [ ] Verify API_BASE_URL and CLIENT_BASE_URL are correct
# =============================================================================
#


WHISPER_SERVICE_URL=https://whisper-http-service-bcb6ipdqka-uc.a.run.app
FFMPEG_SERVICE_URL=https://ffmpeg-http-service-bcb6ipdqka-uc.a.run.app

# optical-dev uses Celery workers (not Cloud Run Jobs) for pipeline dispatch
USE_CELERY_FALLBACK=true

# Worker Concurrency (higher values for Cloud Run mode since workers just make HTTP calls)
WHISPER_WORKER_CONCURRENCY=10
FFMPEG_WORKER_CONCURRENCY=20
WORKER_CONCURRENCY=8