DATABASE_URL="postgresql://setrip_user:setrip_password@localhost:5432/setrip_db"
NEXTAUTH_SECRET="3GaP/mqi1IYbafyLfyI54ouPRDE0IUK5vFqpKJQM5hg="
NEXTAUTH_URL="http://localhost:3000"
NEXT_PUBLIC_SITE_URL="https://arifal.imola.ai"
ADMIN_EMAILS=admin@setrip.id

# 32-byte key (hex) for AES-256-GCM encryption of KYC data (NIK + KTP/liveness files)
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
KYC_ENCRYPTION_KEY=
# 32-byte hex secret used as HMAC pepper for NIK uniqueness lookup
# Generate with: node -e "console.log(require('crypto').randomBytes(32).toString('hex'))"
KYC_NIK_PEPPER=
# Absolute path for private KYC uploads (default: <cwd>/uploads/private)
KYC_UPLOAD_DIR=

GOOGLE_CLIENT_ID="xxxxxxxx"
GOOGLE_CLIENT_SECRET="xxxxxxxx"

# === Midtrans payment gateway (Phase C) ===
# Server key dari dashboard Midtrans (sandbox: SB-Mid-server-..., production: Mid-server-...).
# RAHASIA — server-side only, jangan commit nilai aslinya.
MIDTRANS_SERVER_KEY=
# Client key untuk init Snap.js di browser (sandbox: SB-Mid-client-..., production: Mid-client-...).
# Aman diekspos via NEXT_PUBLIC_ — bukan rahasia.
NEXT_PUBLIC_MIDTRANS_CLIENT_KEY=
# 'true' untuk production, 'false' atau kosong untuk sandbox.
# Dibaca di server (untuk Snap API endpoint) DAN client (untuk Snap.js URL).
NEXT_PUBLIC_MIDTRANS_IS_PRODUCTION=false
# Webhook URL di Midtrans dashboard harus diset ke: <NEXT_PUBLIC_SITE_URL>/api/webhooks/midtrans