Files
documenso/packages/tsconfig/process-env.d.ts
T
Lucas Smith d5ce222482 feat: add CSC AES/QES signing (v1 instance-wide config) (#2874)
Adds Cloud Signature Consortium (CSC) integration for AES/QES signing
against a configured TSP. v1 ships as instance-wide configuration via
environment variables, with per-envelope signature level selection,
license gating, and an OAuth-driven signing flow (capture + FIFO
signers, SAD session, blocking/in-progress recipient pages).

Includes signature level compatibility checks (role, signing order,
dictate next signer), envelope mutability assertions, Prisma migration
for signature level and CSC tables, and docs for the new signing
certificate options.
2026-06-16 23:37:34 +10:00

136 lines
4.9 KiB
TypeScript

declare namespace NodeJS {
export interface ProcessEnv {
PORT?: string;
NEXT_PUBLIC_WEBAPP_URL?: string;
NEXT_PRIVATE_DOCUMENSO_LICENSE_KEY?: string;
NEXT_PRIVATE_GOOGLE_CLIENT_ID?: string;
NEXT_PRIVATE_GOOGLE_CLIENT_SECRET?: string;
NEXT_PRIVATE_OIDC_WELL_KNOWN?: string;
NEXT_PRIVATE_OIDC_CLIENT_ID?: string;
NEXT_PRIVATE_OIDC_CLIENT_SECRET?: string;
NEXT_PRIVATE_OIDC_PROVIDER_LABEL?: string;
NEXT_PRIVATE_OIDC_SKIP_VERIFY?: string;
NEXT_PRIVATE_DATABASE_URL: string;
NEXT_PRIVATE_ENCRYPTION_KEY: string;
NEXT_PRIVATE_ENCRYPTION_SECONDARY_KEY: string;
NEXT_PRIVATE_LOGGER_FILE_PATH?: string;
NEXT_PRIVATE_STRIPE_API_KEY: string;
NEXT_PRIVATE_STRIPE_WEBHOOK_SECRET: string;
NEXT_PUBLIC_UPLOAD_TRANSPORT?: 'database' | 's3' | 'azure-blob';
NEXT_PRIVATE_UPLOAD_ENDPOINT?: string;
NEXT_PRIVATE_UPLOAD_FORCE_PATH_STYLE?: string;
NEXT_PRIVATE_UPLOAD_REGION?: string;
NEXT_PRIVATE_UPLOAD_BUCKET?: string;
NEXT_PRIVATE_UPLOAD_ACCESS_KEY_ID?: string;
NEXT_PRIVATE_UPLOAD_SECRET_ACCESS_KEY?: string;
NEXT_PRIVATE_UPLOAD_DISTRIBUTION_DOMAIN?: string;
NEXT_PRIVATE_UPLOAD_DISTRIBUTION_KEY_ID?: string;
NEXT_PRIVATE_UPLOAD_DISTRIBUTION_KEY_CONTENTS?: string;
NEXT_PRIVATE_UPLOAD_AZURE_ACCOUNT_NAME?: string;
NEXT_PRIVATE_UPLOAD_AZURE_ACCOUNT_KEY?: string;
NEXT_PRIVATE_UPLOAD_AZURE_CONTAINER?: string;
NEXT_PRIVATE_UPLOAD_AZURE_ENDPOINT?: string;
NEXT_PRIVATE_SIGNING_TRANSPORT?: 'local' | 'http' | 'gcloud-hsm' | 'csc';
/**
* Derived from `NEXT_PRIVATE_SIGNING_TRANSPORT` in `createPublicEnv()`; do
* not set manually. Lets the client detect CSC mode for authoring UI gating.
*/
NEXT_PUBLIC_SIGNING_TRANSPORT_IS_CSC?: 'true' | 'false';
NEXT_PRIVATE_SIGNING_PASSPHRASE?: string;
NEXT_PRIVATE_SIGNING_LOCAL_FILE_PATH?: string;
NEXT_PRIVATE_SIGNING_LOCAL_FILE_CONTENTS?: string;
NEXT_PRIVATE_SIGNING_LOCAL_FILE_ENCODING?: string;
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_KEY_PATH?: string;
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_PATH?: string;
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_PUBLIC_CRT_FILE_CONTENTS?: string;
NEXT_PRIVATE_SIGNING_GCLOUD_APPLICATION_CREDENTIALS_CONTENTS?: string;
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_CERT_CHAIN_FILE_PATH?: string;
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_CERT_CHAIN_CONTENTS?: string;
NEXT_PRIVATE_SIGNING_GCLOUD_HSM_SECRET_MANAGER_CERT_PATH?: string;
NEXT_PRIVATE_SIGNING_CSC_PROVIDER_BASE_URL?: string;
NEXT_PRIVATE_SIGNING_CSC_OAUTH_CLIENT_ID?: string;
NEXT_PRIVATE_SIGNING_CSC_OAUTH_CLIENT_SECRET?: string;
NEXT_PRIVATE_SIGNING_CSC_SIGNATURE_LEVEL?: 'AES' | 'QES';
NEXT_PRIVATE_SIGNING_TIMESTAMP_AUTHORITY?: string;
NEXT_PUBLIC_SIGNING_CONTACT_INFO?: string;
NEXT_PRIVATE_USE_LEGACY_SIGNING_SUBFILTER?: string;
NEXT_PRIVATE_SMTP_TRANSPORT?: 'mailchannels' | 'resend' | 'smtp-auth' | 'smtp-api';
NEXT_PRIVATE_RESEND_API_KEY?: string;
NEXT_PRIVATE_MAILCHANNELS_API_KEY?: string;
NEXT_PRIVATE_MAILCHANNELS_DKIM_DOMAIN?: string;
NEXT_PRIVATE_MAILCHANNELS_DKIM_SELECTOR?: string;
NEXT_PRIVATE_MAILCHANNELS_DKIM_PRIVATE_KEY?: string;
NEXT_PRIVATE_MAILCHANNELS_ENDPOINT?: string;
NEXT_PRIVATE_SMTP_HOST?: string;
NEXT_PRIVATE_SMTP_PORT?: string;
NEXT_PRIVATE_SMTP_USERNAME?: string;
NEXT_PRIVATE_SMTP_PASSWORD?: string;
NEXT_PRIVATE_SMTP_APIKEY_USER?: string;
NEXT_PRIVATE_SMTP_APIKEY?: string;
NEXT_PRIVATE_SMTP_SECURE?: string;
NEXT_PRIVATE_SMTP_UNSAFE_IGNORE_TLS?: string;
NEXT_PRIVATE_SMTP_FROM_NAME?: string;
NEXT_PRIVATE_SMTP_FROM_ADDRESS?: string;
NEXT_PUBLIC_DISABLE_SIGNUP?: string;
NEXT_PUBLIC_DISABLE_EMAIL_PASSWORD_SIGNUP?: string;
NEXT_PUBLIC_DISABLE_GOOGLE_SIGNUP?: string;
NEXT_PUBLIC_DISABLE_MICROSOFT_SIGNUP?: string;
NEXT_PUBLIC_DISABLE_OIDC_SIGNUP?: string;
NEXT_PRIVATE_ALLOWED_SIGNUP_DOMAINS?: string;
NEXT_PRIVATE_BROWSERLESS_URL?: string;
NEXT_PRIVATE_JOBS_PROVIDER?: 'inngest' | 'local' | 'bullmq';
NEXT_PUBLIC_USE_INTERNAL_URL_BROWSERLESS?: string;
/**
* Redis / BullMQ environment variables
*/
NEXT_PRIVATE_REDIS_URL?: string;
NEXT_PRIVATE_REDIS_PREFIX?: string;
NEXT_PRIVATE_BULLMQ_CONCURRENCY?: string;
/**
* Inngest environment variables
*/
INNGEST_EVENT_KEY?: string;
INNGEST_SIGNING_KEY?: string;
NEXT_PRIVATE_INNGEST_APP_ID?: string;
NEXT_PRIVATE_INNGEST_EVENT_KEY?: string;
POSTGRES_URL?: string;
DATABASE_URL?: string;
POSTGRES_PRISMA_URL?: string;
POSTGRES_URL_NON_POOLING?: string;
/**
* Cloudflare Turnstile environment variables
*/
NEXT_PUBLIC_TURNSTILE_SITE_KEY?: string;
NEXT_PRIVATE_TURNSTILE_SECRET_KEY?: string;
/**
* Google Vertex AI environment variables
*/
GOOGLE_VERTEX_PROJECT_ID?: string;
GOOGLE_VERTEX_LOCATION?: string;
GOOGLE_VERTEX_API_KEY?: string;
}
}