Note that for every parameter, you can also set "[PARAMETER]_FILE" to a file that contains the value. This is especially useful for things like mounted secrets in Docker Swarm or Kubernetes.
Additional namespaces managed by the system outside of the ASN_NAMESPACE_RANGE.
Namespaces are notated as "<Namespace Label><Namespace Label>..." where:
- Namespace is the numeric ID of the namespace.
- Label is the label for the namespace. Optionally, commas and spaces can be used to separate namespaces.
If empty, no additional namespaces are managed and only the ASN_NAMESPACE_RANGE is used.
ADDITIONAL_MANAGED_NAMESPACES=ADDITIONAL_MANAGED_NAMESPACES=<700 NDA-Covered Documents (Generic)><800 Personal Data Documents (Generic)>The type of barcode to generate for the ASN.
ASN_BARCODE_TYPE=CODE128ASN_BARCODE_TYPE=CODE39ASN_BARCODE_TYPE=CODE93Enable namespace extension. If true, the ADDITIONAL_MANAGED_NAMESPACES can have more digits than the ASN_NAMESPACE_RANGE. If false, the ADDITIONAL_MANAGED_NAMESPACES must have the same number of digits as the ASN_NAMESPACE_RANGE.
This works by reserving leading 9s for namespace extension:
For example, let's say the ASN_NAMESPACE_RANGE is 60. Therefore, without the extension, our ADDITIONAL_MANAGED_NAMESPACES
could only be 6X-9X, meaning we only have 39 available namespaces.
With the extension, in the two-digit namespace range, we actually lose 9X (leaving 6X-8X). However, leading 9s
expand the namespace by another digit. This can also be chained, giving us theoretically infinite additional namespaces:
6X-8X, 90X-98X, 990X-998X, 9990X-9998X, etc.
Note that behind the leading 9s, the namespace must still be the same number of digits as the ASN_NAMESPACE_RANGE.
ASN_ENABLE_NAMESPACE_EXTENSION=falseASN_ENABLE_NAMESPACE_EXTENSION=trueThe namespace range. The number of digits must not change after the first run. For example, if the range is 600, auto-generated ASNs will be in the range of 100XXX to 599XXX. 600XXX to 999XXX will be reserved for manual ASNs in that case.
ASN_NAMESPACE_RANGE=600Prefix for the ASN. Must not change after the first run.
ASN_PREFIX=ASNURL to look up existing ASN data. "{asn}" will be replaced with the ASN. If empty, the lookup feature will be disabled.
ASN_LOOKUP_URL=ASN_LOOKUP_URL="https://dms.example.com/documents?archive_serial_numberInclude the ASN_PREFIX in the {asn} replacement of the lookup URL. If false, the prefix will be removed. Default is false.
ASN_LOOKUP_URL_INCLUDE_PREFIX=falseThe port the server will listen on.
PORT=8080PORT=80Secret key used for signing and verifying tokens. Must be at least 32 characters long for security purposes.
OIDC_AUTH_SECRET=RANDOM_SECRET_WITH_MIN_32_CHARS_CHANGE_ME_IMMEDIATELY_UPON_COPYINGClient ID provided by your OIDC provider. Replace "XXX" with your actual client ID.
OIDC_CLIENT_ID="XXX"Client Secret provided by your OIDC provider. Replace "XXX" with your actual client secret.
OIDC_CLIENT_SECRET="XXX"The URL of the OIDC provider's authorization server. This is where your application will redirect users to authenticate.
OIDC_ISSUER=https://logto.example.com/oidc # LogtoOIDC_ISSUER=https://authentik.example.com/application/o/dms/ # AuthentikOIDC_ISSUER=https://authelia.example.com # AutheliaOIDC_ISSUER=https://keycloak.example.com/realms/[REALM] # KeycloakThe claim in the ID token that contains the user's name.
OIDC_NAME_CLAIM=nameOIDC_NAME_CLAIM=preferred_usernameThe URL to which the OIDC provider will redirect users after authentication. This should match the redirect URI registered with your OIDC provider.
OIDC_REDIRECT_URI=http://localhost:41319/oidc/callbackThe claim in the ID token that contains the user's roles.
OIDC_ROLES_CLAIM=rolesOIDC_ROLES_CLAIM=groupsOIDC_ROLES_CLAIM=custom-roles-claimScopes requested from the OIDC provider. These determine the information returned in the ID token.
OIDC_SCOPES="openid profile roles"The claim in the ID token that contains the user's unique identifier.
OIDC_UID_CLAIM=subOIDC_UID_CLAIM=uidOIDC_UID_CLAIM=emailOIDC_UID_CLAIM=custom-uid-claimData directory.
DATA_DIR=dataName of the SQLite3 database file within the data directory. The database gets created if it does not exist. To use a distributed database, set this to a URL beginning with "http" or "https". If it starts with "http" or "https", this uses the KV Connect Protocol: https://github.com/denoland/denokv/blob/main/proto/kv-connect.md
DB_FILE_NAME=denokv.sqlite3The access token for the KV Connect Protocol. This is required if DB_FILE_NAME is a URL. The token must be set in the environment variable DENO_KV_ACCESS_TOKEN as per Deno's requirements.
DENO_KV_ACCESS_TOKEN=XXX