Bitwarden.env

## Bitwarden_RS Configuration File
## Uncomment any of the following lines to change the defaults
##
## Be aware that most of these settings will be overridden if they were changed
## in the admin interface. Those overrides are stored within DATA_FOLDER/config.json .

## Main data folder
DATA_FOLDER=data

## Database URL
## When using MySQL, specify an appropriate connection URI.
## Details: https://docs.diesel.rs/diesel/mysql/struct.MysqlConnection.html
DATABASE_URL=mysql://bitwarden:xkhNGmFF4vGPlctD@192.168.88.13/bitwarden

## Database max connections
## Define the size of the connection pool used for connecting to the database.
DATABASE_MAX_CONNS=10

## Web vault settings
WEB_VAULT_FOLDER=web-vault/
WEB_VAULT_ENABLED=true

## Enables websocket notifications
WEBSOCKET_ENABLED=true

## Maximum attempts before an email token is reset and a new email will need to be sent.
EMAIL_ATTEMPTS_LIMIT=3

## Token expiration time
## Maximum time in seconds a token is valid. The time the user has to open email client and copy token.
EMAIL_EXPIRATION_TIME=600

## Email token size
## Number of digits in an email token (min: 6, max: 19).
## Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting!
EMAIL_TOKEN_SIZE=6

## Controls if new users can register
SIGNUPS_ALLOWED=true

## Controls if new users need to verify their email address upon registration
## Note that setting this option to true prevents logins until the email address has been verified!
## The welcome email will include a verification link, and login attempts will periodically
## trigger another verification email to be sent.
SIGNUPS_VERIFY=true

## If SIGNUPS_VERIFY is set to true, this limits how many seconds after the last time
## an email verification link has been sent another verification email will be sent
SIGNUPS_VERIFY_RESEND_TIME=3600

## If SIGNUPS_VERIFY is set to true, this limits how many times an email verification
## email will be re-sent upon an attempted login.
SIGNUPS_VERIFY_RESEND_LIMIT=6

## Token for the admin interface, preferably use a long random string
## One option is to use 'openssl rand -base64 48'
## If not set, the admin panel is disabled
ADMIN_TOKEN=Vy2VyYTTsKPv8W5aEOWUbB/Bt3DEKePbHmI4m9VcemUMS2rEviDowNAFqYi1xjmp

## Invitations org admins to invite users, even when signups are disabled
INVITATIONS_ALLOWED=true
## Name shown in the invitation emails that don't come from a specific organization
INVITATION_ORG_NAME=FlowerHouseVault

## Controls the PBBKDF password iterations to apply on the server
## The change only applies when the password is changed
PASSWORD_ITERATIONS=100000

## Whether password hint should be sent into the error response when the client request it
SHOW_PASSWORD_HINT=false

## Domain settings
## The domain must match the address from where you access the server
## It's recommended to configure this value, otherwise certain functionality might not work,
## like attachment downloads, email links and U2F.
## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs
DOMAIN=https://vault.flowerhouse.at

## Yubico (Yubikey) Settings
## Set your Client ID and Secret Key for Yubikey OTP
## You can generate it here: https://upgrade.yubico.com/getapikey/
## You can optionally specify a custom OTP server
# YUBICO_CLIENT_ID=
# YUBICO_SECRET_KEY=
# YUBICO_SERVER=http://yourdomain.com/wsapi/2.0/verify

## Authenticator Settings
## Disable authenticator time drifted codes to be valid.
## TOTP codes of the previous and next 30 seconds will be invalid
##
## According to the RFC6238 (https://tools.ietf.org/html/rfc6238),
## we allow by default the TOTP code which was valid one step back and one in the future.
## This can however allow attackers to be a bit more lucky with there attempts because there are 3 valid codes.
## You can disable this, so that only the current TOTP Code is allowed.
## Keep in mind that when a sever drifts out of time, valid codes could be marked as invalid.
## In any case, if a code has been used it can not be used again, also codes which predates it will be invalid.
# AUTHENTICATOR_DISABLE_TIME_DRIFT = false

## Rocket specific settings, check Rocket documentation to learn more
ROCKET_PORT=80

## Mail specific settings, set SMTP_HOST and SMTP_FROM to enable the mail service.
## To make sure the email links are pointing to the correct host, set the DOMAIN variable.
## Note: if SMTP_USERNAME is specified, SMTP_PASSWORD is mandatory
SMTP_HOST=smtp.world4you.com
SMTP_FROM=vault@flowerhouse.at
SMTP_FROM_NAME=BitWarden
SMTP_PORT=587          # Ports 587 (submission) and 25 (smtp) are standard without encryption and with encryption via STARTTLS (Explicit TLS). Port 465 is outdated and used with Implicit TLS.
SMTP_SSL=true          # (Explicit) - This variable by default configures Explicit STARTTLS, it will upgrade an insecure connection to a secure one. Unless SMTP_EXPLICIT_TLS is set to true. Either port 587 or 25 are default.
SMTP_EXPLICIT_TLS=true # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this option to work. Usually port 465 is used here.
SMTP_USERNAME=vault@flowerhouse.at
SMTP_PASSWORD=XXXXXXXX
SMTP_TIMEOUT=15

## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections.
## Possible values: ["Plain", "Login", "Xoauth2"].
## Multiple options need to be separated by a comma ','.
SMTP_AUTH_MECHANISM="Plain"

## Require new device emails. When a user logs in an email is required to be sent.
## If sending the email fails the login attempt will fail!!
REQUIRE_DEVICE_EMAIL=true