# Copy to .env and fill in values before starting in production.
# Generate SESSION_SECRET with: openssl rand -hex 32

SESSION_SECRET=replace-with-a-random-64-character-hex-string
SESSION_MAX_AGE_HOURS=168   # default: 168 (7 days)
PORT=3000
DB_PATH=/app/data/check-printing.db

# OIDC / SSO (optional — omit or leave blank to disable)
OIDC_ENABLED=false
OIDC_DISCOVERY_URL=https://auth.example.com/.well-known/openid-configuration
OIDC_CLIENT_ID=
OIDC_CLIENT_SECRET=
OIDC_REDIRECT_URI=https://checks.example.com/api/auth/oidc/callback
OIDC_BUTTON_LABEL=Sign in with SSO