36 lines
1.7 KiB
Plaintext
36 lines
1.7 KiB
Plaintext
# ──────────────────────────────────────────────
|
|
# MCP Privileged Access Service — Configuration
|
|
# Copy to .env and fill in values.
|
|
# NEVER commit .env to source control.
|
|
# ──────────────────────────────────────────────
|
|
|
|
# ── Service ───────────────────────────────────
|
|
MCP_HOST=0.0.0.0
|
|
MCP_PORT=8443
|
|
|
|
# Comma-separated API keys issued to Claude Code clients
|
|
MCP_API_KEYS=changeme-key-1,changeme-key-2
|
|
|
|
# ── Secret Handle Store ────────────────────────
|
|
# Seconds a handle remains valid after creation
|
|
HANDLE_TTL_SECONDS=300
|
|
# Invalidate handle after first resolve (true/false)
|
|
HANDLE_SINGLE_USE=true
|
|
|
|
# ── CyberArk CCP ──────────────────────────────
|
|
CYBERARK_CCP_URL=https://cyberark.internal/AIMWebService/api/Accounts
|
|
# AppID registered in CyberArk for this service
|
|
CYBERARK_APP_ID=MCP-Privileged-Service
|
|
# Path to CA bundle for verifying the CCP TLS certificate
|
|
# Set to "false" to disable verification (NOT recommended for production)
|
|
CYBERARK_VERIFY_SSL=/etc/ssl/certs/ca-certificates.crt
|
|
|
|
# ── CyberArk mTLS (future — leave empty for IP allowlist mode) ──
|
|
CYBERARK_CERT_PFX_PATH=
|
|
CYBERARK_CERT_PFX_PASSWORD=
|
|
|
|
# ── Audit Logging ─────────────────────────────
|
|
# "json" for structured log shipping, "console" for human-readable
|
|
LOG_FORMAT=json
|
|
LOG_LEVEL=INFO
|