> ## Documentation Index
> Fetch the complete documentation index at: https://developer.verilock.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Configuration

> Configure your self-hosted Verilock Identity instance

## Environment Variables

All configuration is done through the `.env` file. After changing any value, restart the application:

```bash theme={null}
docker compose restart app
```

## Core Settings

### Application

| Variable    | Description                            | Default             |
| ----------- | -------------------------------------- | ------------------- |
| `APP_NAME`  | Application name (shown in emails, UI) | `Verilock Identity` |
| `APP_URL`   | Public URL                             | `http://localhost`  |
| `APP_ENV`   | Environment (`production`, `local`)    | `production`        |
| `APP_DEBUG` | Enable debug mode                      | `false`             |
| `APP_PORT`  | Exposed HTTP port                      | `8080`              |

<Warning>
  Never set `APP_DEBUG=true` in production. It exposes sensitive information.
</Warning>

### Database

```env theme={null}
DB_CONNECTION=pgsql
DB_HOST=postgres          # Docker service name
DB_PORT=5432
DB_DATABASE=verilock
DB_USERNAME=verilock
DB_PASSWORD=your-strong-password
```

To access the database directly:

```bash theme={null}
docker compose exec postgres psql -U verilock -d verilock
```

### Redis

```env theme={null}
REDIS_HOST=redis
REDIS_PASSWORD=your-redis-password
REDIS_PORT=6379

CACHE_STORE=redis
QUEUE_CONNECTION=redis
SESSION_DRIVER=redis
```

## API Keys

After installation, create API keys from the dashboard at `/dashboard/api-keys`, or via CLI:

```bash theme={null}
docker compose exec app php artisan tinker
# Then in tinker:
$org = App\Models\Organization::first();
$key = App\Models\ApiKey::generateKey('live');
App\Models\ApiKey::create([
    'organization_id' => $org->id,
    'name' => 'Production',
    'key_prefix' => $key['prefix'],
    'key_hash' => $key['hash'],
    'encrypted_key' => $key['key'],
    'environment' => 'live',
    'rate_limit' => 1000,
]);
echo "API Key: " . $key['key'];
```

## Mail

Configure email for OTP codes and notifications:

<Tabs>
  <Tab title="SMTP">
    ```env theme={null}
    MAIL_MAILER=smtp
    MAIL_HOST=smtp.your-provider.com
    MAIL_PORT=587
    MAIL_USERNAME=your-username
    MAIL_PASSWORD=your-password
    MAIL_ENCRYPTION=tls
    MAIL_FROM_ADDRESS=noreply@your-domain.com
    MAIL_FROM_NAME="Verilock Identity"
    ```
  </Tab>

  <Tab title="AWS SES">
    ```env theme={null}
    MAIL_MAILER=ses
    AWS_ACCESS_KEY_ID=your-key
    AWS_SECRET_ACCESS_KEY=your-secret
    AWS_DEFAULT_REGION=us-east-1
    MAIL_FROM_ADDRESS=noreply@your-domain.com
    ```
  </Tab>

  <Tab title="Disabled">
    ```env theme={null}
    MAIL_MAILER=log
    ```

    Emails are written to logs at `storage/logs/laravel.log`.
  </Tab>
</Tabs>

## Storage

Documents (ID photos, selfies, address proofs) are stored in MinIO by default.

### MinIO (Default)

```env theme={null}
FILESYSTEM_DISK=s3
AWS_ACCESS_KEY_ID=verilock
AWS_SECRET_ACCESS_KEY=your-minio-password
AWS_DEFAULT_REGION=us-east-1
AWS_BUCKET=verilock-documents
AWS_ENDPOINT=http://minio:9000
AWS_USE_PATH_STYLE_ENDPOINT=true
```

Access the MinIO console at `http://localhost:9001`.

### AWS S3

To use real AWS S3 instead of MinIO:

```env theme={null}
FILESYSTEM_DISK=s3
AWS_ACCESS_KEY_ID=your-aws-key
AWS_SECRET_ACCESS_KEY=your-aws-secret
AWS_DEFAULT_REGION=eu-west-1
AWS_BUCKET=your-bucket-name
# Remove or comment out these lines:
# AWS_ENDPOINT=
# AWS_USE_PATH_STYLE_ENDPOINT=
```

### Local Filesystem

For simple deployments without object storage:

```env theme={null}
FILESYSTEM_DISK=local
```

Documents are stored in `storage/app/private/kyc-documents/`.

## SMS / OTP

SMS-based OTP verification can be configured in the dashboard settings. Contact support for setup instructions.

## AML Screening

The embedded AML engine provides AML/PEP screening against international sanctions and watchlists.

It automatically downloads and indexes the latest data on startup. To force a refresh:

```bash theme={null}
docker compose restart aml-engine
```

## License

```env theme={null}
SELFHOST_ENABLED=true
VERILOCK_LICENSE_KEY=vrl_your_key_here
VERILOCK_LICENSE_SERVER=https://license.verilock.com
VERILOCK_GRACE_PERIOD=7          # Days offline before blocking
VERILOCK_UPDATE_CHANNEL=stable   # stable or beta
VERILOCK_TELEMETRY=true          # Anonymous usage metrics
```

### Verify License Status

```bash theme={null}
docker compose exec app php artisan license:heartbeat
```

### Check for Updates

```bash theme={null}
docker compose exec app php artisan selfhost:check-update
```
