# -----------------------------------------------------------------------------
# Synapse-Horizon — ingestion service credentials
# Copy to `.env` (docker compose loads it automatically) and fill in the keys
# for the sources you want live. Sources without a key report as "unconfigured"
# in the UI rather than failing.
# -----------------------------------------------------------------------------

# abuse.ch — one free Auth-Key enables URLhaus, ThreatFox AND Feodo Tracker.
# Create a free account at https://auth.abuse.ch/ and generate an Auth-Key.
ABUSE_CH_AUTH_KEY=

# AlienVault OTX — enables Threat Pulses.
# Get your key from https://otx.alienvault.com/api  (Settings → OTX API Key)
OTX_API_KEY=

# PhishTank — enables verified phishing URLs.
# Register an application key at https://phishtank.org/api_register.php
PHISHTANK_APP_KEY=
PHISHTANK_USERNAME=synapse-horizon

# Optional — override the default RSS advisory feeds (comma-separated URLs).
# RSS_FEEDS=https://www.cisa.gov/cybersecurity-advisories/all.xml,https://www.bleepingcomputer.com/feed/

# No key required and always live: CISA KEV, Blocklist.de, RSS.

# Set to 1 to serve synthetic demo data for any source that has no key,
# so the dashboard is populated out-of-the-box. Leave unset for pure-live mode.
HORIZON_DEMO=
