# This is a template showing what needs to be added to your encrypted secrets.yml
# Under the global section, add these variables:

global:
  # Existing global values...
  registry_token: "your-github-container-registry-token"
  repo_token: "your-github-repo-access-token"

  forgejo:
    admin_username: "your_admin_username"  # Already exists
    admin_password: "your_admin_password"  # Already exists
    admin_email: "admin@example.com"       # Already exists
    db_password: "your_db_password"        # Already exists
    api_token: "your_forgejo_api_token"    # Add this new token for API access

  argocd:
    auth_token: "your_argocd_auth_token"   # Add this new token for ArgoCD API access

  # Add Cloudflare credentials for automatic DNS management
  cloudflare:
    api_token: "your_cloudflare_api_token"      # Create in Cloudflare - needs Zone:DNS:Edit and Zone:Zone:Read permissions
    zone_id: "your_cloudflare_zone_id"          # The Zone ID for your domain in Cloudflare (32+ character string)
    router_url: "router-default.apps.hub.euw.container.mom"  # The OpenShift router URL to use as the CNAME target

  # Production environment settings
  prod:
    # Portal settings for production
    container_mom_portal:
      auth0:
        domain: "dev-a3o2jif0.us.auth0.com"
        client_id: "your_auth0_client_id"
        client_secret: "your_auth0_client_secret"
        secret: "your_auth0_secret"
      basic_auth:
        enabled: false  # Disabled by default in production
        password: "strong-random-password-for-production"  # Still stored for manual enabling if needed

  # Test environment settings
  test:
    # Portal settings for test environment
    container_mom_portal:
      auth0:
        domain: "dev-a3o2jif0.us.auth0.com"
        client_id: "your_auth0_client_id"  # Can be different from production
        client_secret: "your_auth0_client_secret"
        secret: "your_auth0_secret"
      basic_auth:
        enabled: true  # Enabled by default in test environment
        password: "strong-random-password-for-testing-only"

# You can generate a token in Forgejo under Settings > Applications > Generate New Token
# You can generate an ArgoCD token using the ArgoCD CLI: argocd account generate-token
# For basic auth password, use a secure password generator and ONLY enable in test environments
# For Cloudflare, create API tokens in the Cloudflare dashboard with appropriate permissions