demarches-normaliennes/config/env.example

# Application host name
#
# Examples:
# * For local development: localhost:3000
# * For preproduction: staging.ds.example.org
# * For production: ds.example.org
APP_HOST="localhost:3000"

# Rails key for signing sensitive data
# See https://guides.rubyonrails.org/security.html
#
# For production you MUST generate a new key, and keep it secret.
# Secrets must be long and random. Use bin/rails secret to get new unique secrets.
SECRET_KEY_BASE="05a2d479d8e412198dabd08ef0eee9d6e180f5cbb48661a35fd1cae287f0a93d40b5f1da08f06780d698bbd458a0ea97f730f83ee780de5d4e31f649a0130cf0"

# Secret key for One-Time-Password codes, used for 2-factors authentication
OTP_SECRET_KEY=""

# Database credentials
DB_DATABASE="tps_development"
DB_HOST="localhost"
DB_POOL=""
DB_USERNAME="tps_development"
DB_PASSWORD="tps_development"

# Protect access to the instance with a static login/password (useful for staging environments)
BASIC_AUTH_ENABLED="disabled"
BASIC_AUTH_USERNAME=""
BASIC_AUTH_PASSWORD=""

# ActiveStorage service to use for attached files.
# Possible values:
# - "local": store files on the local filesystem
# - "amazon": store files remotely on an S3 storage service
# - "openstack": store files remotely on an OpenStack storage service
#
# (See config/storage.yml for the configuration of each service.)
ACTIVE_STORAGE_SERVICE="local"

# Configuration for the OpenStack storage service (if enabled)
FOG_OPENSTACK_API_KEY=""
FOG_OPENSTACK_USERNAME=""
FOG_OPENSTACK_URL=""
FOG_OPENSTACK_REGION=""
DS_PROXY_URL=""

# SAML
SAML_IDP_ENABLED="disabled"

# External service: integration with HelpScout (optional)
HELPSCOUT_MAILBOX_ID=""
HELPSCOUT_CLIENT_ID=""
HELPSCOUT_CLIENT_SECRET=""
HELPSCOUT_WEBHOOK_SECRET=""

# External service: external supervision
SENTRY_ENABLED="disabled"
SENTRY_CURRENT_ENV="development"
SENTRY_DSN_RAILS=""
SENTRY_DSN_JS=""

# External service: Matomo web analytics
MATOMO_ENABLED="disabled"
MATOMO_COOKIE_DOMAIN="*.www.demarches-simplifiees.fr"
MATOMO_DOMAIN="*.www.demarches-simplifiees.fr"
MATOMO_ID=""
MATOMO_HOST="matomo.example.org"

# Alternate SMTP Provider: SendInBlue/DoList
SENDINBLUE_CLIENT_KEY=""
SENDINBLUE_SMTP_KEY=""
SENDINBLUE_USER_NAME=""
# SENDINBLUE_LOGIN_URL="https://app.sendinblue.com/account/saml/login/truc"

# Alternate SMTP Provider: Mailtrap (mail catcher for staging environments)
# When enabled, all emails will be sent using this provider
MAILTRAP_ENABLED="disabled"
MAILTRAP_USERNAME=""
MAILTRAP_PASSWORD=""

# Alternative SMTP Provider: Mailcatcher (Catches mail and serves it through a dream.)
# When enabled, all emails will be sent using this provider
MAILCATCHER_ENABLED="disabled"
MAILCATCHER_HOST=""
MAILCATCHER_PORT=""

# External service: live chat for admins (specific to démarches-simplifiées.fr)
CRISP_ENABLED="disabled"
CRISP_CLIENT_KEY=""

# API Entreprise credentials
# https://api.gouv.fr/api/api-entreprise.html
API_ENTREPRISE_KEY=""

# Networks bypassing the email login token that verifies new devices, and rack-attack throttling
TRUSTED_NETWORKS=""

# External service: mesuring performance of the Rails app (specific to démarches-simplifiées.fr)
SKYLIGHT_AUTHENTICATION_KEY=""

# Enable or disable Lograge logs
LOGRAGE_ENABLED="disabled"

# Logs source for Lograge
#
# Examples:
# * For local development: tps_local
# * For preproduction: tps_staging
# * For production: tps_prod
LOGRAGE_SOURCE="tps_local"

# External service: timestamping a daily archive of dossiers status changes
UNIVERSIGN_API_URL="https://ws.universign.eu/tsa/post/"
UNIVERSIGN_USERPWD=""

# External service: API Geo / Adresse
API_ADRESSE_URL="https://api-adresse.data.gouv.fr"
API_GEO_URL="https://geo.api.gouv.fr"

# External service: API Education
API_EDUCATION_URL="https://data.education.gouv.fr/api/records/1.0"

# Encryption key for sensitive columns in the database
ENCRYPTION_SERVICE_SALT=""

# ActiveRecord encryption keys. Generate them with bin/rails db:encryption:init (you can omit deterministic_key)
AR_ENCRYPTION_PRIMARY_KEY=""
AR_ENCRYPTION_KEY_DERIVATION_SALT=""

# Salt for invisible_captcha session data.
# Must be the same value for all app instances behind a load-balancer.
INVISIBLE_CAPTCHA_SECRET="kikooloool"

# Clamav antivirus usage
CLAMAV_ENABLED="disabled"

# Siret number used for API Entreprise, by default we use SIRET from dinum
API_ENTREPRISE_DEFAULT_SIRET="put_your_own_siret"

# Date from which email validation requires a TLD in email adresses.
# This change had been introduced by : cc53946d221d6f64c365ad6c6c4c544802eb94b4
# Records (users, …) created before this date won't be affected. See #9978
# To set a date, we recommend using *the day after* you have deployed this commit,
# so existing records won't be invalid.
STRICT_EMAIL_VALIDATION_STARTS_ON="2024-02-19"

# Weasyprint endpoint generating attestations v2
# See https://github.com/demarches-simplifiees/weasyprint_server
WEASYPRINT_URL="http://127.0.0.1:5000/pdf"
config: translate default env in english 2022-01-07 18:41:23 +01:00			`# Application host name`
			`#`
			`# Examples:`
			`# * For local development: localhost:3000`
refactor: use example domains According to RFC 2606, example domains must be: example.com, example.net, or example.org 2022-02-09 09:08:49 +01:00			`# * For preproduction: staging.ds.example.org`
			`# * For production: ds.example.org`
Fix France Connect 2018-08-29 11:01:13 +02:00			`APP_HOST="localhost:3000"`
DOC ajout commentaires + explications pour env.example 2019-11-19 15:24:57 +01:00
config: translate default env in english 2022-01-07 18:41:23 +01:00			`# Rails key for signing sensitive data`
			`# See https://guides.rubyonrails.org/security.html`
			`#`
			`# For production you MUST generate a new key, and keep it secret.`
			`# Secrets must be long and random. Use bin/rails secret to get new unique secrets.`
Move some conf to env.example 2018-09-03 15:54:49 +02:00			`SECRET_KEY_BASE="05a2d479d8e412198dabd08ef0eee9d6e180f5cbb48661a35fd1cae287f0a93d40b5f1da08f06780d698bbd458a0ea97f730f83ee780de5d4e31f649a0130cf0"`
Add missing env vars 2018-09-03 15:54:32 +02:00
config: translate default env in english 2022-01-07 18:41:23 +01:00			`# Secret key for One-Time-Password codes, used for 2-factors authentication`
add recoverable and two_factor stragegy for administration 2020-11-03 18:21:19 +01:00			`OTP_SECRET_KEY=""`

config: translate default env in english 2022-01-07 18:41:23 +01:00			`# Database credentials`
Move the local db conf to env.example 2018-09-03 15:57:59 +02:00			`DB_DATABASE="tps_development"`
			`DB_HOST="localhost"`
Add missing env vars 2018-09-03 15:54:32 +02:00			`DB_POOL=""`
Move the local db conf to env.example 2018-09-03 15:57:59 +02:00			`DB_USERNAME="tps_development"`
			`DB_PASSWORD="tps_development"`
Add missing env vars 2018-09-03 15:54:32 +02:00
config: translate default env in english 2022-01-07 18:41:23 +01:00			`# Protect access to the instance with a static login/password (useful for staging environments)`
Populate some env vars 2018-09-03 15:59:27 +02:00			`BASIC_AUTH_ENABLED="disabled"`
Add missing env vars 2018-09-03 15:54:32 +02:00			`BASIC_AUTH_USERNAME=""`
			`BASIC_AUTH_PASSWORD=""`

refactor(storage): harmonize environment variables Use STORAGE_TYPE everywhere rather than FOG_ENABLED. STORAGE_TYPE is more flexible and is the reference variable for production environment. 2022-01-31 14:27:50 +01:00			`# ActiveStorage service to use for attached files.`
			`# Possible values:`
			`# - "local": store files on the local filesystem`
			`# - "amazon": store files remotely on an S3 storage service`
			`# - "openstack": store files remotely on an OpenStack storage service`
			`#`
			`# (See config/storage.yml for the configuration of each service.)`
refactor(openstack): rename STORAGE_TYPE to ACTIVE_STORAGE_SERVICE 2022-02-15 10:33:01 +01:00			`ACTIVE_STORAGE_SERVICE="local"`
refactor(storage): harmonize environment variables Use STORAGE_TYPE everywhere rather than FOG_ENABLED. STORAGE_TYPE is more flexible and is the reference variable for production environment. 2022-01-31 14:27:50 +01:00
			`# Configuration for the OpenStack storage service (if enabled)`
Add missing env vars 2018-09-03 15:54:32 +02:00			`FOG_OPENSTACK_API_KEY=""`
			`FOG_OPENSTACK_USERNAME=""`
[#2180] Bump fog-openstack 2018-11-13 18:25:06 +01:00			`FOG_OPENSTACK_URL=""`
Add missing env vars 2018-09-03 15:54:32 +02:00			`FOG_OPENSTACK_REGION=""`
Add a DS_PROXY_URL env variable 2019-10-30 16:15:38 +01:00			`DS_PROXY_URL=""`
Add missing env vars 2018-09-03 15:54:32 +02:00
add dolist saml config 2022-08-18 15:58:19 +02:00			`# SAML`
config: add a new SAML_IDP_ENABLED env var This fixes the app crashing on launch when using the production profile, because the certificates are not present. 2022-01-26 11:59:59 +01:00			`SAML_IDP_ENABLED="disabled"`

config: translate default env in english 2022-01-07 18:41:23 +01:00			`# External service: integration with HelpScout (optional)`
Add missing env vars 2018-09-03 15:54:32 +02:00			`HELPSCOUT_MAILBOX_ID=""`
			`HELPSCOUT_CLIENT_ID=""`
			`HELPSCOUT_CLIENT_SECRET=""`
			`HELPSCOUT_WEBHOOK_SECRET=""`

config: translate default env in english 2022-01-07 18:41:23 +01:00			`# External service: external supervision`
Populate some env vars 2018-09-03 15:59:27 +02:00			`SENTRY_ENABLED="disabled"`
Sentry should send environment information 2019-04-03 12:13:34 +02:00			`SENTRY_CURRENT_ENV="development"`
Add missing env vars 2018-09-03 15:54:32 +02:00			`SENTRY_DSN_RAILS=""`
			`SENTRY_DSN_JS=""`

config: translate default env in english 2022-01-07 18:41:23 +01:00			`# External service: Matomo web analytics`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`MATOMO_ENABLED="disabled"`
feat(matomo): use env variables to set the domain 2022-01-26 13:57:49 +01:00			`MATOMO_COOKIE_DOMAIN="*.www.demarches-simplifiees.fr"`
			`MATOMO_DOMAIN="*.www.demarches-simplifiees.fr"`
config: add MATOMO_HOST environment variable 2022-01-18 12:47:01 +01:00			`MATOMO_ID=""`
feat(matomo): configure Matomo iframe URL with an env variable 2022-02-02 10:44:53 +01:00			`MATOMO_HOST="matomo.example.org"`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00
clean(SMTP.balancing): remove some env vars 2022-05-02 17:30:37 +02:00			`# Alternate SMTP Provider: SendInBlue/DoList`
Add crisp Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-05-15 14:15:48 +02:00			`SENDINBLUE_CLIENT_KEY=""`
introduce smtp_key in order to use 2 different sendinblue keys client_key is exposed to the client via gon, so if we use it for sending email too we are exposing a key so anybody could send an email. The current client_key has a different level of right and can't send emails so it's ok to expose it. 2019-11-05 09:38:08 +01:00			`SENDINBLUE_SMTP_KEY=""`
Sendinblue email balancing using proper credentials This reverts commit c61981e7957340cbf268d449df809f27555aece6. 2019-11-05 09:32:35 +01:00			`SENDINBLUE_USER_NAME=""`
config: move related SendInBlue variables together 2022-01-18 12:36:03 +01:00			`# SENDINBLUE_LOGIN_URL="https://app.sendinblue.com/account/saml/login/truc"`
Sendinblue email balancing using proper credentials This reverts commit c61981e7957340cbf268d449df809f27555aece6. 2019-11-05 09:32:35 +01:00
config: better document `SENDINBLUE_BALANCING` 2022-01-19 21:30:01 +01:00			`# Alternate SMTP Provider: Mailtrap (mail catcher for staging environments)`
chore(smtp): add mailcatcher configuration 2022-01-25 15:14:58 +01:00			`# When enabled, all emails will be sent using this provider`
Add missing env vars 2018-09-03 15:54:32 +02:00			`MAILTRAP_ENABLED="disabled"`
			`MAILTRAP_USERNAME=""`
			`MAILTRAP_PASSWORD=""`

chore(smtp): add mailcatcher configuration 2022-01-25 15:14:58 +01:00			`# Alternative SMTP Provider: Mailcatcher (Catches mail and serves it through a dream.)`
			`# When enabled, all emails will be sent using this provider`
			`MAILCATCHER_ENABLED="disabled"`
			`MAILCATCHER_HOST=""`
			`MAILCATCHER_PORT=""`

config: better document `SENDINBLUE_BALANCING` 2022-01-19 21:30:01 +01:00			`# External service: live chat for admins (specific to démarches-simplifiées.fr)`
			`CRISP_ENABLED="disabled"`
			`CRISP_CLIENT_KEY=""`

config: translate default env in english 2022-01-07 18:41:23 +01:00			`# API Entreprise credentials`
			`# https://api.gouv.fr/api/api-entreprise.html`
[ENV] Add more vars to example .env 2018-08-22 18:22:30 +02:00			`API_ENTREPRISE_KEY=""`

config: translate default env in english 2022-01-07 18:41:23 +01:00			`# Networks bypassing the email login token that verifies new devices, and rack-attack throttling`
env.example: add TRUSTED_NETWORKS variable 2019-04-03 14:49:01 +02:00			`TRUSTED_NETWORKS=""`

config: translate default env in english 2022-01-07 18:41:23 +01:00			`# External service: mesuring performance of the Rails app (specific to démarches-simplifiées.fr)`
Add missing env vars 2018-09-03 15:54:32 +02:00			`SKYLIGHT_AUTHENTICATION_KEY=""`

config: translate default env in english 2022-01-07 18:41:23 +01:00			`# Enable or disable Lograge logs`
Populate some env vars 2018-09-03 15:59:27 +02:00			`LOGRAGE_ENABLED="disabled"`
Add Universign timestamp API query 2019-06-06 10:47:51 +02:00
config: translate default env in english 2022-01-07 18:41:23 +01:00			`# Logs source for Lograge`
			`#`
			`# Examples:`
			`# * For local development: tps_local`
			`# * For preproduction: tps_staging`
			`# * For production: tps_prod`
config: rename SOURCE to LOGRAGE_SOURCE 2022-01-18 12:49:23 +01:00			`LOGRAGE_SOURCE="tps_local"`
config: translate default env in english 2022-01-07 18:41:23 +01:00
			`# External service: timestamping a daily archive of dossiers status changes`
ci: check for zeitwerk errors If a zeitwerk-incompatible class is introduced, it won't break any test before reaching production. 2021-04-15 13:06:43 +02:00			`UNIVERSIGN_API_URL="https://ws.universign.eu/tsa/post/"`
Add Universign timestamp API query 2019-06-06 10:47:51 +02:00			`UNIVERSIGN_USERPWD=""`
Revert "Revert "Merge pull request #4552 from tchak/champ-communes"" This reverts commit 4373cb22cbb66bde29463d66a15d93740b0bcdfa. 2020-01-14 18:46:07 +01:00
config: translate default env in english 2022-01-07 18:41:23 +01:00			`# External service: API Geo / Adresse`
Revert "Revert "Merge pull request #4552 from tchak/champ-communes"" This reverts commit 4373cb22cbb66bde29463d66a15d93740b0bcdfa. 2020-01-14 18:46:07 +01:00			`API_ADRESSE_URL="https://api-adresse.data.gouv.fr"`
			`API_GEO_URL="https://geo.api.gouv.fr"`
define max_attempts for jobs 2020-06-02 20:13:38 +02:00
config: translate default env in english 2022-01-07 18:41:23 +01:00			`# External service: API Education`
Add api education adapter and job 2021-01-13 18:58:59 +01:00			`API_EDUCATION_URL="https://data.education.gouv.fr/api/records/1.0"`

config: translate default env in english 2022-01-07 18:41:23 +01:00			`# Encryption key for sensitive columns in the database`
Feat (API Particulier): new encryption service 2021-06-10 16:52:51 +02:00			`ENCRYPTION_SERVICE_SALT=""`
feat(support#create): block with invisible captcha [avoid painful captcha] 2021-12-29 14:00:47 +01:00
chore: setup active record encryption from secrets 2023-05-02 14:48:58 +02:00			`# ActiveRecord encryption keys. Generate them with bin/rails db:encryption:init (you can omit deterministic_key)`
			`AR_ENCRYPTION_PRIMARY_KEY=""`
			`AR_ENCRYPTION_KEY_DERIVATION_SALT=""`

config: translate default env in english 2022-01-07 18:41:23 +01:00			`# Salt for invisible_captcha session data.`
			`# Must be the same value for all app instances behind a load-balancer.`
feat(support#create): block with invisible captcha [avoid painful captcha] 2021-12-29 14:00:47 +01:00			`INVISIBLE_CAPTCHA_SECRET="kikooloool"`
feat(ClamAV): add config to disable clamav usage 2022-01-28 16:20:11 +01:00
			`# Clamav antivirus usage`
			`CLAMAV_ENABLED="disabled"`
feat(ApiEntreprise.recipient): always use SIRET of dinum Update config/env.example Co-authored-by: LeSim <mail@simon.lehericey.net> 2022-04-25 15:50:33 +02:00
			`# Siret number used for API Entreprise, by default we use SIRET from dinum`
			`API_ENTREPRISE_DEFAULT_SIRET="put_your_own_siret"`
chore(env): STRICT_EMAIL_VALIDATION_STARTS_ON env var example 2024-02-19 13:34:59 +01:00
			`# Date from which email validation requires a TLD in email adresses.`
			`# This change had been introduced by : cc53946d221d6f64c365ad6c6c4c544802eb94b4`
			`# Records (users, …) created before this date won't be affected. See #9978`
			`# To set a date, we recommend using the day after you have deployed this commit,`
			`# so existing records won't be invalid.`
			`STRICT_EMAIL_VALIDATION_STARTS_ON="2024-02-19"`
chore(env): WEASYPRINT_URL is not optional anymore 2024-02-20 14:32:04 +01:00
			`# Weasyprint endpoint generating attestations v2`
			`# See https://github.com/demarches-simplifiees/weasyprint_server`
			`WEASYPRINT_URL="http://127.0.0.1:5000/pdf"`