-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy path.env.example
More file actions
96 lines (73 loc) · 3.17 KB
/
.env.example
File metadata and controls
96 lines (73 loc) · 3.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
# postgres-mcp Environment Configuration
# Copy this file to .env and customize for your deployment environment
# See README.md for full documentation of these variables
# =============================================================================
# PostgreSQL Connection
# =============================================================================
# Option 1: Connection String
# POSTGRES_URL=postgres://user:password@localhost:5432/database
# Option 2: Individual Settings
PGHOST=localhost
PGPORT=5432
PGUSER=postgres
PGPASSWORD=
PGDATABASE=postgres
# =============================================================================
# Server Configuration
# =============================================================================
# Transport type: stdio (default), http, sse
MCP_TRANSPORT=stdio
# Server bind host for http/sse transports (0.0.0.0 for containers)
# MCP_HOST=localhost
# HTTP port (for http/sse transports)
PORT=3000
# Log level: debug, info, notice, warning, error, critical, alert, emergency
LOG_LEVEL=info
# Tool filter string (e.g., "codemode" or "-vector,-postgis,+core")
# POSTGRES_TOOL_FILTER=codemode
# Performance, Security & Timeouts
# METADATA_CACHE_TTL_MS=30000
# MCP_RATE_LIMIT_MAX=100
# TRUST_PROXY=false
# MCP_ENABLE_HSTS=false
# MCP_REQUEST_TIMEOUT=300000
# MCP_HEADERS_TIMEOUT=60000
# =============================================================================
# Authentication (for HTTP/SSE transports)
# =============================================================================
# Simple Bearer Token (lightweight auth)
# MCP_AUTH_TOKEN=your-secret-token
# Enable OAuth 2.1 authentication (enterprise auth)
OAUTH_ENABLED=false
# Authorization Server / Identity Provider
# OAUTH_ISSUER=http://localhost:8080/realms/postgres-mcp
# Expected token audience
# OAUTH_AUDIENCE=postgres-mcp-client
# JWKS endpoint (auto-discovered from issuer if not set)
# OAUTH_JWKS_URI=http://localhost:8080/realms/postgres-mcp/protocol/openid-connect/certs
# Token clock tolerance in seconds
# OAUTH_CLOCK_TOLERANCE=60
# =============================================================================
# Audit Logging System
# =============================================================================
# Enable JSONL audit trail for write/admin tool calls (set to file path)
# AUDIT_LOG_PATH=/path/to/audit.jsonl
# Omit tool arguments from audit entries
# AUDIT_REDACT=false
# Enable audit logging for read-scoped tool calls (compact entries)
# AUDIT_READS=false
# Max log file size in bytes before rotation (default 10MB). Keeps up to 5 files.
# AUDIT_LOG_MAX_SIZE=10485760
# =============================================================================
# Pre-Mutation Snapshots (Audit Backup)
# =============================================================================
# Enable pre-mutation DDL snapshots for destructive operations
# AUDIT_BACKUP=false
# Include sample data rows in backup snapshots
# AUDIT_BACKUP_DATA=false
# Maximum snapshot age in days (default: 30)
# AUDIT_BACKUP_MAX_AGE=30
# Maximum number of snapshots to retain (default: 1000)
# AUDIT_BACKUP_MAX_COUNT=1000
# Maximum table size in bytes for data capture (default: 50MB)
# AUDIT_BACKUP_MAX_DATA_SIZE=52428800