Created
May 6, 2026 13:00
-
-
Save sid137/ad98495444d78a8ad3a198fed9c8d6a7 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Deploy-time env vars for `sst deploy --stage production-ppg`. | |
| # Source this file before deploying (e.g. `set -a; source .env.production-ppg; set +a`) | |
| # Values reconstructed on 2026-05-05 from surviving Lambda env vars, deployed | |
| # CFN templates, and SST secret store in SSM (account 755593602179, us-east-1). | |
| # --------------------------------------------------------------------------- | |
| # Stage / region / AWS | |
| # --------------------------------------------------------------------------- | |
| STAGE_NAME=production-ppg | |
| AWS_REGION=us-east-1 | |
| # from /sst/bng-platform/production-ppg/Secret/AWS_REGION/value (decrypted SSM) | |
| # --------------------------------------------------------------------------- | |
| # Custom domain (api.stack.ts via shared/custom-domain-creator.ts) | |
| # --------------------------------------------------------------------------- | |
| CREATE_CUSTOM_DOMAIN=true | |
| HOSTED_ZONE_ID=Z00485803RHKS9OO37HOG | |
| # from Route53 list-hosted-zones (public zone ppg.boundlessdigital.com) | |
| ORGANIZATION_PREFIX=ppg | |
| # inferred from deployed alternativeDomainName "us-east-1.api.ppg.boundlessdigital.com" | |
| # --------------------------------------------------------------------------- | |
| # Frontegg / API authorizer (api.stack.ts) | |
| # --------------------------------------------------------------------------- | |
| FRONTEGG_JWT_ISSUER=https://auth.boundlessdigital.com | |
| FRONTEGG_JWT_AUDIENCE=7b94ea48-ba5c-477d-9197-7588e5ab4d16 | |
| # both extracted from deployed ApiStack CFN: AWS::ApiGatewayV2::Authorizer.JwtConfiguration | |
| # --------------------------------------------------------------------------- | |
| # Cron / business config | |
| # --------------------------------------------------------------------------- | |
| PPG_CRON_USER_ID=13608d24-34f5-4d4b-98d3-632e08a9f12a | |
| PPG_CRON_WORKSPACE_ID=def42a0c-b247-4aa0-ab8c-5387074c3112 | |
| # from PPGMonthlyBackupCronJob Lambda env (production-ppg-bng-platfo-PPGMonthlyBackupCronJobP-kX8BBLphC7US) | |
| DEFAULT_TTL=2592000000 | |
| # from any deployed Lambda env (30d in ms) | |
| MERAKI_REQUESTS_PER_SECOND=7 | |
| # from Consumer*configengine* Lambda env | |
| # --------------------------------------------------------------------------- | |
| # Config Engine V2 (Fargate-based service hosting api.internal.ppg) | |
| # --------------------------------------------------------------------------- | |
| CONFIG_ENGINE_V2_URL=https://api.internal.ppg.boundlessdigital.com | |
| # from prod-us-east-1-FargateWebServerStack output BngFargateWebServerproduseast1ServiceURL | |
| # read by api.stack.ts default function env AND backend/client/backupRestoreClient.ts at runtime | |
| # --------------------------------------------------------------------------- | |
| # China PPG cron (config_backup_v2.ts: hardcoded chinaPPGOrgIds 850617379619606026, 850617379619604759) | |
| # --------------------------------------------------------------------------- | |
| # Both China orgs are registered in the same PPG workspace (def42a0c-...). | |
| # Reasoning for user: Kavin.TAI@ppg.com (840c80f4-...) has ENABLED API keys for BOTH | |
| # China orgs. UVega@ppg.com (13608d24-...) has her China key for org 850617379619606026 | |
| # DISABLED, so a cron running as UVega would fail on that org. Best candidate is Kavin. | |
| CHINA_PPG_CRON_WORKSPACE_ID=def42a0c-b247-4aa0-ab8c-5387074c3112 | |
| CHINA_PPG_CRON_USER_ID=840c80f4-a59f-4461-a137-7b3daea2e62b | |
| # Kavin.TAI@ppg.com — has ENABLED Meraki China-cloud API keys for both 850617379619604759 + 850617379619606026 | |
| # Alt: 13608d24-34f5-4d4b-98d3-632e08a9f12a (UVega) — but her key for org 850617379619606026 is DISABLED. | |
| # --------------------------------------------------------------------------- | |
| # Logging / observability | |
| # --------------------------------------------------------------------------- | |
| POWERTOOLS_LOG_LEVEL=INFO | |
| POWERTOOLS_LOGGER_SAMPLE_RATE=0.1 | |
| # from any deployed Lambda env | |
| SENTRY_DSN=https://653ba6ae21864528815eba0c5b9c5dd3@o200346.ingest.sentry.io/4505433654034432 | |
| # from /sst/bng-platform/production-ppg/Secret/SENTRY_DSN/value (decrypted SSM) | |
| # (Note: an SST Secret named SENTRY_DSN exists; same value is reused as a deploy-time env var.) | |
| # --------------------------------------------------------------------------- | |
| # UNKNOWN — please confirm or override before deploying | |
| # --------------------------------------------------------------------------- | |
| # Confirmed by user 2026-05-05: leave blank. No emails are granted read-only org access. | |
| EMAILS_WITH_READ_ONLY_ORGANIZATIONS_ENABLED= | |
| # NODE_AUTH_TOKEN is provided by the user's shell environment (40-char GitHub PAT). | |
| # Intentionally NOT set in this file so that `source` won't override the shell value. | |
| # Verify with: `[ -n "$NODE_AUTH_TOKEN" ] && echo set` before deploying. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment