# bb-plane-fork local-test env — copy to `.env.bb-local` and fill in.
# Gitignored. Used by docker-compose.bb-local.yml.

# Bucket-4 trusted-JWT endpoint (apps/api/plane/authentication/views/app/trusted.py).
# Activated when this URL is set; unset → endpoint returns 404 (regression-safe
# default; vanilla upstream behavior preserved out of the box).
#
# Production points at the in-cluster bridge service:
#   http://auth-bridge-<uuid>:3000/.well-known/bb-bridge.pub.pem
# Local dev typically points at a manually-served PEM (e.g. via `python3 -m http.server`)
# or at the production bridge for read-only key fetch testing:
#   https://bridge.binarybeach.io/.well-known/bb-bridge.pub.pem
BB_BRIDGE_PUBLIC_KEY_URL=

# When BB_BRIDGE_PUBLIC_KEY_URL is unset, the trusted endpoint is disabled and
# Plane behaves like upstream-vanilla (email+password sign-in, the four
# stock OAuth providers). That's the right default for purely-local hacking.