# Docker TLS Configuration
# Copy this file to .env and customize for your environment

# Docker TLS Settings
DOCKER_TLS_VERIFY=1
DOCKER_CERT_PATH=./docker/certs
DOCKER_HOST=tcp://host.docker.internal:2376
DOCKER_TLS_PORT=2376

# Certificate paths (relative to project root)
DOCKER_CA_CERT=./docker/certs/ca.pem
DOCKER_CLIENT_CERT=./docker/certs/client-cert.pem
DOCKER_CLIENT_KEY=./docker/certs/client-key.pem

# Host IP for Docker daemon (use host.docker.internal for Docker Desktop)
DOCKER_HOST_IP=host.docker.internal

# Application Configuration
MCP_SERVER=http://localhost:8001
OPENAI_API_KEY=
ANTHROPIC_API_KEY=
GOOGLE_API_KEY=

# Development vs Production settings
# For production, use actual host IP and ensure certificates are properly secured
# DOCKER_HOST_IP=your-server-ip-here
# DOCKER_TLS_PORT=2376

# Security Notes:
# - Never commit certificates to version control
# - Rotate certificates regularly (every 6-12 months)
# - Store certificates securely with proper permissions (400 for keys, 444 for certs)
# - Use strong passphrases for certificate generation
# - In production, use a certificate management system like Vault or AWS Certificate Manager