# AWS credentials for Prowler container
AWS_ACCESS_KEY_ID=AKIAXX...XXXX
AWS_SECRET_ACCESS_KEY=your-s...here
AWS_DEFAULT_REGION=us-east-1

# Prowler dry-run — set to false to actually scan (requires IAM role with read permissions)
PROWLER_DRY_RUN=true

# Remediation mode
#  - daemon: continuously poll for new findings and enqueue remediation
#  - once: process all existing files then exit
REMEDIATION_MODE=daemon

# Set to "true" to actually apply remediation changes to AWS (DANGEROUS — default is dry-run)
REMEDIATION_APPLY=false

# Output directory for Prowler JSON findings
OUTPUT_DIR=./output

# Findings SQLite database
FINDINGS_DB=./consumer/findings.db