# Firefox AMO API credentials for web-ext signing
# Obtain from https://addons.mozilla.org/en-US/developers/addon/api/key/
AMO_JWT_ISSUER=your-amo-jwt-issuer
AMO_JWT_SECRET=your-amo-jwt-secret

# FTP/SFTP deploy (used by `npm run release:push`)
# Protocol: ftp (default), ftps, or sftp
FTP_PROTOCOL=ftp
FTP_HOST=your-ftp-host.example.com
# Port for ftp/ftps (21 for FTP/explicit FTPS, 990 for implicit FTPS)
# For sftp, omit or set 22
FTP_PORT=21
FTP_USER=your-ftp-username
FTP_PASS=your-ftp-password
# Remote directory to upload signed artifacts (e.g., /addons/archive-org-link-grabber/)
FTP_REMOTE_DIR=/path/on/server

# FTPS mode (optional):
#   explicit (FTPES on port 21) or implicit (default on port 990)
# If unset, the script auto-detects explicit when FTP_PROTOCOL=ftps and FTP_PORT=21.
# FTPS_MODE=explicit

# Optional connection flags
# Use passive mode (some providers require this)
# FTP_PASSIVE=true
# Enforce TLS minimum (1.2 or 1.3)
# TLS_MIN=1.2
# Pin server certificate public key (recommended if provider's cert CN/SAN mismatch)
# Accepts a base64 sha256 hash (sha256//...) or a PEM/DER file path
# TLS_PINNED_PUBKEY=sha256//BASE64HASH
# Provide a custom CA bundle file (PEM) if needed
# TLS_CACERT=/path/to/ca-bundle.pem
# As a last resort only, disable certificate verification (not recommended)
# TLS_INSECURE=false

# SFTP host verification (SFTP only; choose one)
# SFTP_KNOWN_HOSTS=/home/you/.ssh/known_hosts
# SFTP_HOST_PUBKEY_SHA256=base64sha256fingerprint
# SFTP_HOST_PUBKEY_MD5=aa:bb:cc:dd:...