diff --git a/.env.template b/.env.template index 4a19f24..8f134a9 100644 --- a/.env.template +++ b/.env.template @@ -103,7 +103,7 @@ # ICON_BLACKLIST_REGEX=192\.168\.1\.[0-9].*^ ## Any IP which is not defined as a global IP will be blacklisted. -## Usefull to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block +## Useful to secure your internal environment: See https://en.wikipedia.org/wiki/Reserved_IP_addresses for a list of IPs which it will block # ICON_BLACKLIST_NON_GLOBAL_IPS=true ## Disable 2FA remember @@ -111,6 +111,18 @@ ## Note that the checkbox would still be present, but ignored. # DISABLE_2FA_REMEMBER=false +## Maximum attempts before an email token is reset and a new email will need to be sent. +# EMAIL_ATTEMPTS_LIMIT=3 + +## Token expiration time +## Maximum time in seconds a token is valid. The time the user has to open email client and copy token. +# EMAIL_EXPIRATION_TIME=600 + +## Email token size +## Number of digits in an email token (min: 6, max: 19). +## Note that the Bitwarden clients are hardcoded to mention 6 digit codes regardless of this setting! +# EMAIL_TOKEN_SIZE=6 + ## Controls if new users can register # SIGNUPS_ALLOWED=true @@ -151,6 +163,16 @@ ## Invitations org admins to invite users, even when signups are disabled # INVITATIONS_ALLOWED=true +## Name shown in the invitation emails that don't come from a specific organization +# INVITATION_ORG_NAME=Bitwarden_RS + +## Per-organization attachment limit (KB) +## Limit in kilobytes for an organization attachments, once the limit is exceeded it won't be possible to upload more +# ORG_ATTACHMENT_LIMIT= +## Per-user attachment limit (KB). +## Limit in kilobytes for a users attachments, once the limit is exceeded it won't be possible to upload more +# USER_ATTACHMENT_LIMIT= + ## Controls the PBBKDF password iterations to apply on the server ## The change only applies when the password is changed @@ -166,6 +188,13 @@ ## For U2F to work, the server must use HTTPS, you can use Let's Encrypt for free certs # DOMAIN=https://bw.domain.tld:8443 +## Allowed iframe ancestors (Know the risks!) +## https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors +## Allows other domains to embed the web vault into an iframe, useful for embedding into secure intranets +## This adds the configured value to the 'Content-Security-Policy' headers 'frame-ancestors' value. +## Multiple values must be separated with a whitespace. +# ALLOWED_IFRAME_ANCESTORS= + ## Yubico (Yubikey) Settings ## Set your Client ID and Secret Key for Yubikey OTP ## You can generate it here: https://upgrade.yubico.com/getapikey/ @@ -214,10 +243,24 @@ # SMTP_EXPLICIT_TLS=true # (Implicit) - N.B. This variable configures Implicit TLS. It's currently mislabelled (see bug #851) - SMTP_SSL Needs to be set to true for this option to work. # SMTP_USERNAME=username # SMTP_PASSWORD=password +# SMTP_TIMEOUT=15 + ## Defaults for SSL is "Plain" and "Login" and nothing for Non-SSL connections. ## Possible values: ["Plain", "Login", "Xoauth2"]. ## Multiple options need to be separated by a comma ','. # SMTP_AUTH_MECHANISM="Plain" -# SMTP_TIMEOUT=15 + +## Server name sent during the SMTP HELO +## By default this value should be is on the machine's hostname, +## but might need to be changed in case it trips some anti-spam filters +# HELO_NAME= + +## Require new device emails. When a user logs in an email is required to be sent. +## If sending the email fails the login attempt will fail!! +# REQUIRE_DEVICE_EMAIL=false + +## HIBP Api Key +## HaveIBeenPwned API Key, request it here: https://haveibeenpwned.com/API/Key +# HIBP_API_KEY= # vim: syntax=ini