# ─────────────────────────────────────────────────────────────────────────────
# terraform/environments/gcp/terraform.tfvars.example
#
# Copy this file to terraform.tfvars and fill in real values.
# NEVER commit terraform.tfvars to version control — it contains secrets.
#
# All sensitive variables (db_password, jwt_*, vault_token) must be provided
# via this file or as TF_VAR_* environment variables in your CI/CD pipeline.
# ─────────────────────────────────────────────────────────────────────────────

# ── GCP project & region ──────────────────────────────────────────────────────

project_id  = "your-gcp-project-id"
region      = "us-central1"
environment = "production"
project     = "sentryagent-agentidp"

# ── Application image ─────────────────────────────────────────────────────────

app_image_tag = "1.0.0"

# ── Networking ────────────────────────────────────────────────────────────────

vpc_cidr           = "10.1.0.0/24"
vpc_connector_cidr = "10.8.0.0/28"

# ── Database ──────────────────────────────────────────────────────────────────

db_tier               = "db-g1-small"
db_name               = "sentryagent_idp"
db_username           = "sentryagent"
db_availability_type  = "REGIONAL"

# ── Secrets — REPLACE ALL VALUES BELOW ───────────────────────────────────────

# Password for Cloud SQL PostgreSQL user
db_password = "REPLACE_WITH_STRONG_RANDOM_PASSWORD"

# RSA-2048 key pair for JWT signing/verification.
# Generate with:
#   openssl genrsa -out private.pem 2048
#   openssl rsa -in private.pem -pubout -out public.pem
jwt_private_key = "-----BEGIN RSA PRIVATE KEY-----\nREPLACE_WITH_ACTUAL_PRIVATE_KEY_CONTENTS\n-----END RSA PRIVATE KEY-----"
jwt_public_key  = "-----BEGIN PUBLIC KEY-----\nREPLACE_WITH_ACTUAL_PUBLIC_KEY_CONTENTS\n-----END PUBLIC KEY-----"

# HashiCorp Vault (optional — leave empty strings to disable Vault integration)
vault_addr  = ""
vault_token = ""
vault_mount = "secret"

# ── Application configuration ─────────────────────────────────────────────────

cors_origin = "*"

# ── Cloud Run scaling ─────────────────────────────────────────────────────────

cloud_run_min_instances = 1
cloud_run_max_instances = 10
cloud_run_cpu           = "1"
cloud_run_memory        = "512Mi"

# ── Memorystore Redis ─────────────────────────────────────────────────────────

memorystore_memory_size_gb = 1
memorystore_redis_version  = "REDIS_7_0"
memorystore_tier           = "STANDARD_HA"

# ── Protection ────────────────────────────────────────────────────────────────

deletion_protection = true