.env.example•4.54 kB
# ===============================================
# FastAPI + MCP Template - Environment Variables
# ===============================================
# Copy this file to .env and update the values for your environment
# ===============================================
# 🏷️ APPLICATION SETTINGS
# ===============================================
APP_NAME="My Awesome API"
APP_VERSION="0.1.0"
APP_DESCRIPTION="FastAPI와 MCP를 활용한 API 서버"
ENVIRONMENT="development" # development, production, test
# ===============================================
# 🌐 SERVER SETTINGS
# ===============================================
HOST="127.0.0.1"
PORT=8000
DEBUG=true
RELOAD=true
# ===============================================
# 🤖 MCP SERVER SETTINGS
# ===============================================
MCP_HOST="127.0.0.1"
MCP_PORT=8001
MCP_TRANSPORT="sse" # stdio, sse, streamable-http
# ===============================================
# 💾 DATABASE SETTINGS (Optional)
# ===============================================
# DATABASE_URL="sqlite:///./app.db"
# DATABASE_URL="postgresql://user:password@localhost:5432/dbname"
# DATABASE_URL="mysql://user:password@localhost:3306/dbname"
DATABASE_ECHO=false
# ===============================================
# 🔐 SECURITY SETTINGS
# ===============================================
# IMPORTANT: Generate a secure random key for production!
# You can generate one using: python -c "import secrets; print(secrets.token_urlsafe(32))"
SECRET_KEY="your-secret-key-change-this-in-production"
ALGORITHM="HS256"
ACCESS_TOKEN_EXPIRE_MINUTES=30
# ===============================================
# 🌍 CORS SETTINGS
# ===============================================
# Development (comma-separated list)
CORS_ORIGINS="http://localhost:3000,http://localhost:8080,http://127.0.0.1:3000"
# Production (specific domains only)
# CORS_ORIGINS="https://yourdomain.com,https://api.yourdomain.com"
CORS_CREDENTIALS=true
CORS_METHODS="GET,POST,PUT,DELETE,OPTIONS"
CORS_HEADERS="*"
# ===============================================
# 🔌 EXTERNAL API SETTINGS
# ===============================================
# EXTERNAL_API_URL="https://api.external-service.com"
# EXTERNAL_API_KEY="your-external-api-key"
# ===============================================
# 📝 LOGGING SETTINGS
# ===============================================
LOG_LEVEL="INFO" # DEBUG, INFO, WARNING, ERROR, CRITICAL
LOG_FORMAT="%(asctime)s - %(name)s - %(levelname)s - %(message)s"
LOG_FILE="logs/app.log"
# ===============================================
# 🧪 TESTING SETTINGS
# ===============================================
TESTING=false
# ===============================================
# 🚀 PRODUCTION EXAMPLE
# ===============================================
# For production deployment, use these settings:
#
# ENVIRONMENT="production"
# DEBUG=false
# RELOAD=false
# LOG_LEVEL="WARNING"
# SECRET_KEY="your-super-secure-random-key-here"
# CORS_ORIGINS="https://yourdomain.com"
# DATABASE_URL="postgresql://user:password@db-host:5432/production_db"
# ===============================================
# 🧪 TESTING EXAMPLE
# ===============================================
# For testing environment, use these settings:
#
# ENVIRONMENT="test"
# TESTING=true
# LOG_LEVEL="DEBUG"
# DATABASE_URL="sqlite:///./test.db"
# SECRET_KEY="test-secret-key-for-testing-purposes-only-32-chars"
# ===============================================
# 📋 ENVIRONMENT-SPECIFIC NOTES
# ===============================================
#
# 🔧 Development:
# - DEBUG=true for detailed error messages
# - RELOAD=true for auto-restart on code changes
# - LOG_LEVEL="DEBUG" for verbose logging
# - Permissive CORS settings
#
# 🚀 Production:
# - DEBUG=false for security
# - RELOAD=false for stability
# - LOG_LEVEL="WARNING" to reduce noise
# - Strict CORS settings with specific domains
# - Strong SECRET_KEY (32+ characters)
# - Secure database connection
#
# 🧪 Testing:
# - TESTING=true to enable test mode
# - Fixed SECRET_KEY for consistent tests
# - In-memory or test database
# - Verbose logging for debugging
#
# ===============================================
# 🛡️ SECURITY CHECKLIST
# ===============================================
#
# ✅ Generate a strong SECRET_KEY
# ✅ Set specific CORS_ORIGINS (not "*")
# ✅ Use HTTPS in production
# ✅ Secure database credentials
# ✅ Set appropriate LOG_LEVEL
# ✅ Review all settings before deployment
#
# ===============================================