mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
54 lines
2.8 KiB
Text
54 lines
2.8 KiB
Text
# Fleet MCP Server — Configuration Template
|
|
# Copy this file to .env and fill in your values:
|
|
# cp .env.example .env
|
|
#
|
|
# IMPORTANT: this .env file is loaded only when the binary is launched
|
|
# directly (SSE transport, local dev, smoke tests). Claude Desktop runs
|
|
# the binary in stdio mode and reads its env from the `env` block of
|
|
# claude_desktop_config.json — see README.md for the JSON template.
|
|
|
|
# ── Server ────────────────────────────────────────────────────────────────────
|
|
|
|
# Port for the SSE transport (ignored in stdio mode; Render injects this in prod)
|
|
PORT=8080
|
|
|
|
# Bearer token MCP clients must send in the Authorization header.
|
|
# Required at startup on every transport, including stdio. The server refuses
|
|
# to start without it. Generate with:
|
|
# openssl rand -hex 32
|
|
MCP_AUTH_TOKEN=YOUR_MCP_AUTH_TOKEN
|
|
|
|
# Alternative: read MCP_AUTH_TOKEN from a file. When set, MCP_AUTH_TOKEN_FILE
|
|
# wins over MCP_AUTH_TOKEN. Useful for systemd LoadCredential, Docker secrets,
|
|
# or any setup where the token should not appear in process env.
|
|
# MCP_AUTH_TOKEN_FILE=/run/secrets/mcp_auth_token
|
|
|
|
# ── Fleet ─────────────────────────────────────────────────────────────────────
|
|
|
|
# Base URL of your Fleet instance (include scheme; include port if non-standard)
|
|
FLEET_BASE_URL=https://your-fleet.example.com
|
|
|
|
# Fleet API token — generate one in Fleet under Settings > Integrations > API.
|
|
# Docs: https://fleetdm.com/docs/using-fleet/rest-api#authentication
|
|
FLEET_API_KEY=YOUR_FLEET_API_KEY
|
|
|
|
# Alternative: read FLEET_API_KEY from a file. When set, FLEET_API_KEY_FILE
|
|
# wins over FLEET_API_KEY. Recommended for production deployments to keep the
|
|
# admin Fleet token out of env (where it lands in `ps`, shell history, and
|
|
# claude_desktop_config.json which is readable by your UID).
|
|
# FLEET_API_KEY_FILE=/run/secrets/fleet_api_key
|
|
|
|
# ── Logging ───────────────────────────────────────────────────────────────────
|
|
|
|
# Verbosity: debug | info | warn | error
|
|
LOG_LEVEL=info
|
|
|
|
# ── TLS (only if your Fleet uses a self-signed cert; pick AT MOST one) ────────
|
|
|
|
# Option A: Skip TLS verification — DEV/TEST ONLY, never use in production.
|
|
# Server logs an error if FLEET_BASE_URL isn't a localhost address when this is set.
|
|
# FLEET_TLS_SKIP_VERIFY=true
|
|
|
|
# Option B: Trust a custom CA certificate (recommended for self-signed Fleet).
|
|
# Path to a PEM-encoded certificate.
|
|
# FLEET_CA_FILE=/path/to/ca.pem
|