Environment Variables Reference
Complete reference for all SecureHealth environment variables, including setup instructions and examples.
Required Variablesβ
Application Configurationβ
# Application Environment
APP_ENV=prod # Environment: dev, test, prod
APP_SECRET=your-secret-key-here # 32-character random string
APP_URL=https://securehealth.dev # Base URL for the application
Setup:
# Generate a secure secret key
openssl rand -hex 32
Database Configurationβ
# MongoDB Connection
DATABASE_URL=mongodb+srv://username:password@cluster.mongodb.net/securehealth?retryWrites=true&w=majority
MONGODB_DATABASE=securehealth
MONGODB_CONNECTION_TIMEOUT=30000
MONGODB_SOCKET_TIMEOUT=30000
Setup:
# Create MongoDB Atlas cluster
# Get connection string from Atlas dashboard
# Replace username, password, and cluster URL
Encryption Configurationβ
# MongoDB Queryable Encryption
MONGODB_ENCRYPTION_KEY_ID=your-key-id
MONGODB_ENCRYPTION_MASTER_KEY=your-master-key
Setup:
# Generate encryption keys
node -e "console.log(require('crypto').randomBytes(96).toString('base64'))"
Authentication Configurationβ
# JWT Configuration
JWT_SECRET=your-jwt-secret
JWT_TTL=3600
Setup:
# Generate JWT secret
openssl rand -hex 32
Email Configurationβ
# Email Service
MAILER_DSN=smtp://username:password@smtp.example.com:587
FROM_EMAIL=noreply@securehealth.dev
Setup:
# Configure SMTP server
# Use services like SendGrid, Mailgun, or AWS SES
Audit Logging Configurationβ
# Audit Logging
AUDIT_LOG_ENABLED=true
AUDIT_LOG_RETENTION_DAYS=2555
Optional Variablesβ
Application Settingsβ
# Application Details
APP_NAME=SecureHealth
APP_VERSION=1.0.0
APP_DEBUG=false
Security Settingsβ
# CORS Configuration
CORS_ALLOWED_ORIGINS=https://securehealth.dev,https://www.securehealth.dev
CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,OPTIONS
CORS_ALLOWED_HEADERS=Content-Type,Authorization,X-Requested-With
Rate Limitingβ
# Rate Limiting
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW=60
Logging Configurationβ
# Logging
LOG_LEVEL=info
LOG_FORMAT=json
LOG_FILE=/var/log/securehealth/app.log
Monitoring Configurationβ
# Monitoring
MONITORING_ENABLED=true
MONITORING_ENDPOINT=https://monitoring.securehealth.dev
Environment Setupβ
Development Environmentβ
Create a .env.local file for local development:
# .env.local
APP_ENV=dev
APP_SECRET=dev-secret-key-32-characters-long
APP_URL=http://localhost:8000
# MongoDB (use local MongoDB or Atlas)
DATABASE_URL=mongodb://localhost:27017/securehealth_dev
MONGODB_DATABASE=securehealth_dev
# Encryption (use test keys for development)
MONGODB_ENCRYPTION_KEY_ID=dev-key-id
MONGODB_ENCRYPTION_MASTER_KEY=dev-master-key
# JWT
JWT_SECRET=dev-jwt-secret-32-characters-long
JWT_TTL=3600
# Email (use MailHog or similar for development)
MAILER_DSN=smtp://localhost:1025
FROM_EMAIL=noreply@localhost
# Audit Logging
AUDIT_LOG_ENABLED=true
AUDIT_LOG_RETENTION_DAYS=30
# CORS (allow localhost for development)
CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:8000
# Logging
LOG_LEVEL=debug
LOG_FORMAT=line
LOG_FILE=var/log/dev.log
Production Environmentβ
Set environment variables in your production environment:
# Production Environment Variables
APP_ENV=prod
APP_SECRET=production-secret-key-32-characters-long
APP_URL=https://securehealth.dev
# MongoDB Atlas
DATABASE_URL=mongodb+srv://prod-user:prod-password@prod-cluster.mongodb.net/securehealth?retryWrites=true&w=majority
MONGODB_DATABASE=securehealth
# Production Encryption Keys
MONGODB_ENCRYPTION_KEY_ID=prod-key-id
MONGODB_ENCRYPTION_MASTER_KEY=prod-master-key
# JWT
JWT_SECRET=production-jwt-secret-32-characters-long
JWT_TTL=3600
# Production Email Service
MAILER_DSN=smtp://prod-user:prod-password@smtp.sendgrid.net:587
FROM_EMAIL=noreply@securehealth.dev
# Audit Logging
AUDIT_LOG_ENABLED=true
AUDIT_LOG_RETENTION_DAYS=2555
# CORS
CORS_ALLOWED_ORIGINS=https://securehealth.dev,https://www.securehealth.dev
# Rate Limiting
RATE_LIMIT_ENABLED=true
RATE_LIMIT_REQUESTS=100
RATE_LIMIT_WINDOW=60
# Logging
LOG_LEVEL=info
LOG_FORMAT=json
LOG_FILE=/var/log/securehealth/app.log
# Monitoring
MONITORING_ENABLED=true
MONITORING_ENDPOINT=https://monitoring.securehealth.dev
Docker Environmentβ
Create a docker-compose.yml file for containerized deployment:
version: '3.8'
services:
app:
build: .
environment:
- APP_ENV=prod
- APP_SECRET=${APP_SECRET}
- APP_URL=${APP_URL}
- DATABASE_URL=${DATABASE_URL}
- MONGODB_DATABASE=${MONGODB_DATABASE}
- MONGODB_ENCRYPTION_KEY_ID=${MONGODB_ENCRYPTION_KEY_ID}
- MONGODB_ENCRYPTION_MASTER_KEY=${MONGODB_ENCRYPTION_MASTER_KEY}
- JWT_SECRET=${JWT_SECRET}
- JWT_TTL=${JWT_TTL}
- MAILER_DSN=${MAILER_DSN}
- FROM_EMAIL=${FROM_EMAIL}
- AUDIT_LOG_ENABLED=${AUDIT_LOG_ENABLED}
- AUDIT_LOG_RETENTION_DAYS=${AUDIT_LOG_RETENTION_DAYS}
- CORS_ALLOWED_ORIGINS=${CORS_ALLOWED_ORIGINS}
- RATE_LIMIT_ENABLED=${RATE_LIMIT_ENABLED}
- RATE_LIMIT_REQUESTS=${RATE_LIMIT_REQUESTS}
- RATE_LIMIT_WINDOW=${RATE_LIMIT_WINDOW}
- LOG_LEVEL=${LOG_LEVEL}
- LOG_FORMAT=${LOG_FORMAT}
- LOG_FILE=${LOG_FILE}
- MONITORING_ENABLED=${MONITORING_ENABLED}
- MONITORING_ENDPOINT=${MONITORING_ENDPOINT}
ports:
- "8000:8000"
volumes:
- ./var/log:/var/log/securehealth
Environment Validationβ
Create a validation script to check required environment variables:
<?php
// scripts/validate-env.php
$required = [
'APP_ENV',
'APP_SECRET',
'APP_URL',
'DATABASE_URL',
'MONGODB_ENCRYPTION_KEY_ID',
'MONGODB_ENCRYPTION_MASTER_KEY',
'JWT_SECRET',
'MAILER_DSN',
'FROM_EMAIL',
'AUDIT_LOG_ENABLED',
'AUDIT_LOG_RETENTION_DAYS'
];
$missing = [];
foreach ($required as $var) {
if (!getenv($var)) {
$missing[] = $var;
}
}
if (!empty($missing)) {
echo "Missing required environment variables:\n";
foreach ($missing as $var) {
echo " - $var\n";
}
exit(1);
}
echo "All required environment variables are set.\n";
Security Best Practicesβ
Environment Variable Securityβ
- Never commit secrets to version control
- Use different secrets for each environment
- Rotate secrets regularly
- Use environment variable management tools
- Encrypt sensitive environment variables
Secret Management Toolsβ
- HashiCorp Vault: Enterprise secret management
- AWS Secrets Manager: Cloud-based secret storage
- Azure Key Vault: Microsoft's secret management
- Kubernetes Secrets: Container orchestration secrets
Next Stepsβ
- Configuration Reference - All configuration options
- Troubleshooting - Common issues and solutions
- Glossary - Technical terms and definitions