demarches-normaliennes/config/secrets.yml

# Be sure to restart your server when you modify this file.

# Your secret key is used for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!

# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
# You can use `rake secret` to generate a secure secret key.

# Make sure the secrets in this file are kept private
# if you're sharing your code publicly.
defaults: &defaults
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
  encryption_service_salt: <%= ENV["ENCRYPTION_SERVICE_SALT"] %>
  signing_key: <%= ENV["SIGNING_KEY"] %>
  otp_secret_key: <%= ENV["OTP_SECRET_KEY"] %>
  basic_auth:
    username: <%= ENV['BASIC_AUTH_USERNAME'] %>
    password: <%= ENV['BASIC_AUTH_PASSWORD'] %>
  france_connect_particulier: &france_connect_particulier
    identifier: <%= ENV['FC_PARTICULIER_ID'] %>
    secret: <%= ENV['FC_PARTICULIER_SECRET'] %>
    redirect_uri: https://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback
    authorization_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/authorize
    token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token
    userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo
    logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout
  agent_connect: 
    identifier: <%= ENV['AGENT_CONNECT_ID'] %>
    secret: <%= ENV['AGENT_CONNECT_SECRET'] %>
    redirect_uri: <%= ENV['AGENT_CONNECT_REDIRECT'] %>
    authorization_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/authorize
    token_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/token
    userinfo_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/userinfo
    logout_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/session/end
  mailjet:
    api_key: <%= ENV['MAILJET_API_KEY'] %>
    secret_key: <%= ENV['MAILJET_SECRET_KEY'] %>
  api_entreprise:
    key: <%= ENV['API_ENTREPRISE_KEY'] %>
  pipedrive:
    key: <%= ENV['PIPEDRIVE_KEY'] %>
  mailtrap:
    username: <%= ENV['MAILTRAP_USERNAME'] %>
    password: <%= ENV['MAILTRAP_PASSWORD'] %>
  helpscout:
    mailbox_id: <%= ENV['HELPSCOUT_MAILBOX_ID'] %>
    client_id: <%= ENV['HELPSCOUT_CLIENT_ID'] %>
    client_secret: <%= ENV['HELPSCOUT_CLIENT_SECRET'] %>
    webhook_secret: <%= ENV['HELPSCOUT_WEBHOOK_SECRET'] %>
  sendinblue:
    enabled: <%= ENV['SENDINBLUE_ENABLED'] == 'enabled' %>
    username: <%= ENV['SENDINBLUE_USER_NAME'] %>
    client_key: <%= ENV['SENDINBLUE_CLIENT_KEY'] %>
    smtp_key: <%= ENV['SENDINBLUE_SMTP_KEY'] %>
    api_v3_key: <%= ENV['SENDINBLUE_API_V3_KEY'] %>
  matomo:
    enabled: <%= ENV['MATOMO_ENABLED'] == 'enabled' %>
    client_key: <%= ENV['MATOMO_ID'] %>
  sentry:
    enabled: <%= ENV['SENTRY_ENABLED'] == 'enabled' %>
    js_client_key: <%= ENV['SENTRY_DSN_JS'] %>
    rails_client_key: <%= ENV['SENTRY_DSN_RAILS'] %>
    environment: <%= ENV['SENTRY_CURRENT_ENV'] %>
  crisp:
    enabled: <%= ENV['CRISP_ENABLED'] == 'enabled' %>
    client_key: <%= ENV['CRISP_CLIENT_KEY'] %>
  universign:
    userpwd: <%= ENV['UNIVERSIGN_USERPWD'] %>
  autocomplete:
    api_geo_url: <%= ENV['API_GEO_URL'] %>
    api_adresse_url: <%= ENV['API_ADRESSE_URL'] %>
    api_education_url: <%= ENV['API_EDUCATION_URL'] %>


development:
  <<: *defaults
  france_connect_particulier:
    <<: *france_connect_particulier
    redirect_uri: http://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback


test:
  <<: *defaults
  secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a
  encryption_service_salt: QUDyMoXyw2YXU8pHnpts3w9MyMpsMQ6BgP62obgCf7PQv
  signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017
  otp_secret_key: 78ddda3679dc0ba2c99f50bcff04f49d862358dbeb7ead50368fdd6de14392be884ee10a204a0375b4b382e1a842fafe40d7858b7ab4796ec3a67c518d31112b
  api_entreprise:
    key: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ik9oIHllYWgiLCJpYXQiOjE1MTYyMzkwMjJ9.f06sBo3q2Yxnw_TYPFUEs0CozBmcV-XniH_DeKNWzKE"
  pipedrive:
    key: pipedrive_test_key
  france_connect_particulier:
    identifier: france_connect_test_identifier
    secret: france_connect_test_secret
    redirect_uri: https://bidon.com/endpoint
    authorization_endpoint: https://bidon.com/endpoint
    token_endpoint: https://bidon.com/endpoint
    userinfo_endpoint: https://bidon.com/endpoint
    logout_endpoint: https://bidon.com/endpoint
  universign:
    userpwd: 'fake:fake'
  autocomplete:
    api_geo_url: /test/api_geo

# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
  <<: *defaults
First Commit 2015-08-10 11:05:06 +02:00			`# Be sure to restart your server when you modify this file.`

			`# Your secret key is used for verifying the integrity of signed cookies.`
			`# If you change this key, all old signed cookies will become invalid!`

			`# Make sure the secret is at least 30 characters and all random,`
			`# no regular words or you'll be exposed to dictionary attacks.`
			# You can use `rake secret` to generate a secure secret key.

			`# Make sure the secrets in this file are kept private`
			`# if you're sharing your code publicly.`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`defaults: &defaults`
[ENV] Devise config 2018-03-12 15:11:22 +01:00			`secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>`
Feat (API Particulier): new encryption service 2021-06-10 16:52:51 +02:00			`encryption_service_salt: <%= ENV["ENCRYPTION_SERVICE_SALT"] %>`
[ENV] Signing key config # Conflicts: # config/secrets.yml 2018-08-22 17:08:18 +02:00			`signing_key: <%= ENV["SIGNING_KEY"] %>`
configure otp_secret_key secret 2020-11-05 11:17:09 +01:00			`otp_secret_key: <%= ENV["OTP_SECRET_KEY"] %>`
[ENV] Basic auth config 2018-03-12 17:05:03 +01:00			`basic_auth:`
			`username: <%= ENV['BASIC_AUTH_USERNAME'] %>`
			`password: <%= ENV['BASIC_AUTH_PASSWORD'] %>`
config: fix France Connect callback URL when testing locally When testing France Connect on a local development environment, the callback URL should be something like `http://localhost:3000/…/…` But currently, the callback URL uses `https`, even in development. This causes the callback URL to be rejected by France Connect. This commit overrides the callback URL when in development, to use an `http` URL instead. In doesn't affect the production settings. 2020-01-08 11:42:31 +01:00			`france_connect_particulier: &france_connect_particulier`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`identifier: <%= ENV['FC_PARTICULIER_ID'] %>`
			`secret: <%= ENV['FC_PARTICULIER_SECRET'] %>`
Fix France Connect 2018-08-29 11:01:13 +02:00			`redirect_uri: https://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback`
Rename an env var 2018-08-27 16:47:13 +02:00			`authorization_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/authorize`
			`token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token`
			`userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo`
			`logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout`
add agent connect secrets 2021-11-19 12:01:27 +01:00			`agent_connect:`
			`identifier: <%= ENV['AGENT_CONNECT_ID'] %>`
			`secret: <%= ENV['AGENT_CONNECT_SECRET'] %>`
add missing redirect_uri env 2021-11-24 12:47:01 +01:00			`redirect_uri: <%= ENV['AGENT_CONNECT_REDIRECT'] %>`
add agent connect secrets 2021-11-19 12:01:27 +01:00			`authorization_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/authorize`
			`token_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/token`
			`userinfo_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/userinfo`
			`logout_endpoint: <%= ENV['AGENT_CONNECT_BASE_URL'] %>/api/v2/session/end`
[ENV] Add Mailjet conf 2018-03-13 18:16:41 +01:00			`mailjet:`
			`api_key: <%= ENV['MAILJET_API_KEY'] %>`
			`secret_key: <%= ENV['MAILJET_SECRET_KEY'] %>`
[ENV] Configure Api Entreprise token 2018-03-16 13:07:20 +01:00			`api_entreprise:`
			`key: <%= ENV['API_ENTREPRISE_KEY'] %>`
[ENV] Pipedrive key config 2018-08-22 17:57:23 +02:00			`pipedrive:`
			`key: <%= ENV['PIPEDRIVE_KEY'] %>`
[ENV] Mailjet delivery method 2018-08-13 15:28:54 +02:00			`mailtrap:`
			`username: <%= ENV['MAILTRAP_USERNAME'] %>`
			`password: <%= ENV['MAILTRAP_PASSWORD'] %>`
Add helpscout config 2018-08-29 11:41:33 +02:00			`helpscout:`
			`mailbox_id: <%= ENV['HELPSCOUT_MAILBOX_ID'] %>`
			`client_id: <%= ENV['HELPSCOUT_CLIENT_ID'] %>`
			`client_secret: <%= ENV['HELPSCOUT_CLIENT_SECRET'] %>`
Add helpscout webhook 2018-08-29 21:26:22 +02:00			`webhook_secret: <%= ENV['HELPSCOUT_WEBHOOK_SECRET'] %>`
Move sendinblue client key to configuration file This is not a secret (it's sent to the client as part of the JS anyway) so it's not a big deal that it was on the public repository but it's still better to have it be configurable. 2019-03-05 10:34:51 +01:00			`sendinblue:`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`enabled: <%= ENV['SENDINBLUE_ENABLED'] == 'enabled' %>`
Sendinblue email balancing using proper credentials This reverts commit c61981e7957340cbf268d449df809f27555aece6. 2019-11-05 09:32:35 +01:00			`username: <%= ENV['SENDINBLUE_USER_NAME'] %>`
Move sendinblue client key to configuration file This is not a secret (it's sent to the client as part of the JS anyway) so it's not a big deal that it was on the public repository but it's still better to have it be configurable. 2019-03-05 10:34:51 +01:00			`client_key: <%= ENV['SENDINBLUE_CLIENT_KEY'] %>`
introduce smtp_key in order to use 2 different sendinblue keys client_key is exposed to the client via gon, so if we use it for sending email too we are exposing a key so anybody could send an email. The current client_key has a different level of right and can't send emails so it's ok to expose it. 2019-11-05 09:38:08 +01:00			`smtp_key: <%= ENV['SENDINBLUE_SMTP_KEY'] %>`
migrate sendinblue API to v3 2019-10-01 17:28:06 +02:00			`api_v3_key: <%= ENV['SENDINBLUE_API_V3_KEY'] %>`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`matomo:`
			`enabled: <%= ENV['MATOMO_ENABLED'] == 'enabled' %>`
			`client_key: <%= ENV['MATOMO_ID'] %>`
			`sentry:`
			`enabled: <%= ENV['SENTRY_ENABLED'] == 'enabled' %>`
Fix (Sentry): prefer Rails secrets over ENV variables 2021-05-12 15:00:13 +02:00			`js_client_key: <%= ENV['SENTRY_DSN_JS'] %>`
			`rails_client_key: <%= ENV['SENTRY_DSN_RAILS'] %>`
Sentry should send environment information 2019-04-03 12:13:34 +02:00			`environment: <%= ENV['SENTRY_CURRENT_ENV'] %>`
Add crisp Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-05-15 14:15:48 +02:00			`crisp:`
			`enabled: <%= ENV['CRISP_ENABLED'] == 'enabled' %>`
			`client_key: <%= ENV['CRISP_CLIENT_KEY'] %>`
Add Universign timestamp API query 2019-06-06 10:47:51 +02:00			`universign:`
			`userpwd: <%= ENV['UNIVERSIGN_USERPWD'] %>`
Revert "Revert "Merge pull request #4552 from tchak/champ-communes"" This reverts commit 4373cb22cbb66bde29463d66a15d93740b0bcdfa. 2020-01-14 18:46:07 +01:00			`autocomplete:`
			`api_geo_url: <%= ENV['API_GEO_URL'] %>`
			`api_adresse_url: <%= ENV['API_ADRESSE_URL'] %>`
Add api education adapter and job 2021-01-13 18:58:59 +01:00			`api_education_url: <%= ENV['API_EDUCATION_URL'] %>`
Add crisp Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-05-15 14:15:48 +02:00

First Commit 2015-08-10 11:05:06 +02:00
			`development:`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`<<: *defaults`
config: fix France Connect callback URL when testing locally When testing France Connect on a local development environment, the callback URL should be something like `http://localhost:3000/…/…` But currently, the callback URL uses `https`, even in development. This causes the callback URL to be rejected by France Connect. This commit overrides the callback URL when in development, to use an `http` URL instead. In doesn't affect the production settings. 2020-01-08 11:42:31 +01:00			`france_connect_particulier:`
			`<<: *france_connect_particulier`
			`redirect_uri: http://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback`

First Commit 2015-08-10 11:05:06 +02:00
			`test:`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`<<: *defaults`
First Commit 2015-08-10 11:05:06 +02:00			`secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a`
Feat (API Particulier): new encryption service 2021-06-10 16:52:51 +02:00			`encryption_service_salt: QUDyMoXyw2YXU8pHnpts3w9MyMpsMQ6BgP62obgCf7PQv`
[ENV] Signing key config # Conflicts: # config/secrets.yml 2018-08-22 17:08:18 +02:00			`signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017`
configure otp_secret_key secret 2020-11-05 11:17:09 +01:00			`otp_secret_key: 78ddda3679dc0ba2c99f50bcff04f49d862358dbeb7ead50368fdd6de14392be884ee10a204a0375b4b382e1a842fafe40d7858b7ab4796ec3a67c518d31112b`
[ENV] Configure Api Entreprise token 2018-03-16 13:07:20 +01:00			`api_entreprise:`
validate api_entreprise_token 2020-07-08 17:00:21 +02:00			`key: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ik9oIHllYWgiLCJpYXQiOjE1MTYyMzkwMjJ9.f06sBo3q2Yxnw_TYPFUEs0CozBmcV-XniH_DeKNWzKE"`
[ENV] Pipedrive key config 2018-08-22 17:57:23 +02:00			`pipedrive:`
			`key: pipedrive_test_key`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`france_connect_particulier:`
			`identifier: france_connect_test_identifier`
			`secret: france_connect_test_secret`
			`redirect_uri: https://bidon.com/endpoint`
			`authorization_endpoint: https://bidon.com/endpoint`
			`token_endpoint: https://bidon.com/endpoint`
			`userinfo_endpoint: https://bidon.com/endpoint`
			`logout_endpoint: https://bidon.com/endpoint`
Add Universign timestamp API query 2019-06-06 10:47:51 +02:00			`universign:`
			`userpwd: 'fake:fake'`
Revert "Revert "Merge pull request #4552 from tchak/champ-communes"" This reverts commit 4373cb22cbb66bde29463d66a15d93740b0bcdfa. 2020-01-14 18:46:07 +01:00			`autocomplete:`
			`api_geo_url: /test/api_geo`
First Commit 2015-08-10 11:05:06 +02:00
			`# Do not keep production secrets in the repository,`
			`# instead read values from the environment.`
Remove useless anchor in secrets.yml 2018-09-03 16:16:07 +02:00			`production:`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`<<: *defaults`