shareyourthoughtswith.me

Configuration

All runtime configuration is environment variables prefixed SYTWM_. In production every secret originates in Azure Key Vault; the Container App references the Key Vault secret and exports it under the name below.

| Variable | Required | Purpose | |----------|----------|---------| | SYTWM_DATABASE_URL | yes | Postgres DSN. Use postgresql+asyncpg://... for the app. | | SYTWM_ADMIN_EMAIL | no | Single-admin email back-compat (default dan.driscoll@hotmail.com). Used when SYTWM_ADMIN_EMAILS is unset. | | SYTWM_ADMIN_EMAILS | no | Comma-separated allowlist of emails that get admin privileges. Any manager whose email is on the list is treated as admin on /admin/* routes. Falls back to [SYTWM_ADMIN_EMAIL] when unset. | | SYTWM_ADMIN_TOKEN | yes | Initial password for the admin's manager account, used by the startup bootstrap to seed the row on first deploy. After first sign-in the admin rotates the password via /manage/account/password; the env var is no longer consulted unless the row is deleted. | | SYTWM_SESSION_SECRET | yes | Signing key for the manager session cookie. Rotate carefully (invalidates active sessions). | | SYTWM_API_KEY_PEPPER | yes | HMAC pepper used when hashing API key secrets at rest. Treat as a write-once secret — changing it invalidates every existing API key. | | SYTWM_IP_SALT | yes | Salt for hashing visitor IP addresses on stored feedback entries. | | SYTWM_PROJECT_TITLE | no | Visible site title (default: Share Your Thoughts With Me). | | SYTWM_PUBLIC_BASE_URL | yes | Canonical URL (e.g. https://shareyourthoughtswith.me). Any other Host header 301-redirects to this. | | SYTWM_LOG_LEVEL | no | DEBUG, INFO, WARN, ERROR. Default INFO. | | SYTWM_BIND_HOST | no | uvicorn bind host. Default 0.0.0.0. | | SYTWM_BIND_PORT | no | uvicorn port. Default 8000. | | SYTWM_TRUST_FORWARDED | no | When true, trust X-Forwarded-Host/X-Forwarded-For from the proxy. Default true (ACA sets these). Disable for local dev without a proxy. |

The app fails to boot if any required value is missing — boot logs name the missing field.