# Zitadel OIDC Configuration
AUTH_ZITADEL_ISSUER=https://auth.pvm.example.com
AUTH_ZITADEL_CLIENT_ID=your-client-id
AUTH_ZITADEL_CLIENT_SECRET=your-client-secret

# Auth.js secret (generate with: openssl rand -base64 32)
AUTH_SECRET=your-auth-secret

# Backend API URL
PUBLIC_API_URL=http://localhost:3001

# Zitadel account management URL (for password/MFA changes)
PUBLIC_ZITADEL_ACCOUNT_URL=https://auth.pvm.example.com/ui/console

# App URL (for OIDC redirects)
ORIGIN=http://localhost:5173