demarches-normaliennes/config/secrets.yml

# Be sure to restart your server when you modify this file.

# Your secret key is used for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!

# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
# You can use `rake secret` to generate a secure secret key.

# Make sure the secrets in this file are kept private
# if you're sharing your code publicly.
defaults: &defaults
  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
  encryption_service_salt: <%= ENV["ENCRYPTION_SERVICE_SALT"] %>
  otp_secret_key: <%= ENV["OTP_SECRET_KEY"] %>
  active_record_encryption:
    primary_key: <%= ENV["AR_ENCRYPTION_PRIMARY_KEY"] %>
    key_derivation_salt: <%= ENV["AR_ENCRYPTION_KEY_DERIVATION_SALT"] %>
  basic_auth:
    username: <%= ENV['BASIC_AUTH_USERNAME'] %>
    password: <%= ENV['BASIC_AUTH_PASSWORD'] %>
  france_connect_particulier: &france_connect_particulier
    identifier: <%= ENV['FC_PARTICULIER_ID'] %>
    secret: <%= ENV['FC_PARTICULIER_SECRET'] %>
    redirect_uri: https://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback
    authorization_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/authorize
    token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token
    userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo
    logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout
  dolist:
    username: <%= ENV['DOLIST_USERNAME'] %>
    password: <%= ENV['DOLIST_PASSWORD'] %>
    account_id: <%= ENV['DOLIST_ACCOUNT_ID'] %>
    api_key: <%= ENV['DOLIST_API_KEY'] %>
  api_entreprise:
    key: <%= ENV['API_ENTREPRISE_KEY'] %>
  mailtrap:
    username: <%= ENV['MAILTRAP_USERNAME'] %>
    password: <%= ENV['MAILTRAP_PASSWORD'] %>
  helpscout:
    mailbox_id: <%= ENV['HELPSCOUT_MAILBOX_ID'] %>
    client_id: <%= ENV['HELPSCOUT_CLIENT_ID'] %>
    client_secret: <%= ENV['HELPSCOUT_CLIENT_SECRET'] %>
    webhook_secret: <%= ENV['HELPSCOUT_WEBHOOK_SECRET'] %>
  sendinblue:
    enabled: <%= ENV.key?('SENDINBLUE_BALANCING_VALUE') %>
    username: <%= ENV['SENDINBLUE_USER_NAME'] %>
    client_key: <%= ENV['SENDINBLUE_CLIENT_KEY'] %>
    smtp_key: <%= ENV['SENDINBLUE_SMTP_KEY'] %>
    api_v3_key: <%= ENV['SENDINBLUE_API_V3_KEY'] %>
  mattermost:
    send_in_blue_outage_webhook_url: <%= ENV['SEND_IN_BLUE_OUTAGE_WEBHOOK_URL'] %>
    support_webhook_url: <%= ENV['SUPPORT_WEBHOOK_URL'] %>
  matomo:
    cookie_domain: "<%= ENV['MATOMO_COOKIE_DOMAIN'] %>"
    domain: "<%= ENV['MATOMO_DOMAIN'] %>"
    enabled: <%= ENV['MATOMO_ENABLED'] == 'enabled' %>
    host: <%= ENV['MATOMO_HOST'] %>
    client_key: <%= ENV['MATOMO_ID'] %>
  sentry:
    enabled: <%= ENV['SENTRY_ENABLED'] == 'enabled' %>
    js_client_key: <%= ENV['SENTRY_DSN_JS'] %>
    rails_client_key: <%= ENV['SENTRY_DSN_RAILS'] %>
    environment: <%= ENV['SENTRY_CURRENT_ENV'] %>
  crisp:
    enabled: <%= ENV['CRISP_ENABLED'] == 'enabled' %>
    client_key: <%= ENV['CRISP_CLIENT_KEY'] %>
  universign:
    userpwd: <%= ENV['UNIVERSIGN_USERPWD'] %>
  certigna:
    userpwd: <%= ENV['CERTIGNA_USERPWD'] %>
  autocomplete:
    api_geo_url: <%= ENV['API_GEO_URL'] %>
    api_adresse_url: <%= ENV['API_ADRESSE_URL'] %>
    api_education_url: <%= ENV['API_EDUCATION_URL'] %>
  datagouv:
    api_key: <%= ENV['DATAGOUV_API_KEY'] %>
    api_url: <%= ENV['DATAGOUV_API_URL'] %>
    descriptif_demarches_dataset: <%= ENV['DATAGOUV_DESCRIPTIF_DEMARCHES_DATASET'] %>
    descriptif_demarches_resource: <%= ENV['DATAGOUV_DESCRIPTIF_DEMARCHES_RESOURCE'] %>
    statistics_dataset: <%= ENV['DATAGOUV_STATISTICS_DATASET'] %>


development:
  <<: *defaults
  france_connect_particulier:
    <<: *france_connect_particulier
    redirect_uri: http://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback


test:
  <<: *defaults
  secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a # ggignore
  encryption_service_salt: QUDyMoXyw2YXU8pHnpts3w9MyMpsMQ6BgP62obgCf7PQv # ggignore
  otp_secret_key: 78ddda3679dc0ba2c99f50bcff04f49d862358dbeb7ead50368fdd6de14392be884ee10a204a0375b4b382e1a842fafe40d7858b7ab4796ec3a67c518d31112b # ggignore
  active_record_encryption:
    primary_key: test-RgUyzplf0kehB5fyZpmCd37uvgb # ggignore
    key_derivation_salt: test-yyMmzM9cTSD1rs3Fq3hwt3hMNg4 # ggignore
  api_entreprise:
    key: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ik9oIHllYWgiLCJpYXQiOjE1MTYyMzkwMjJ9.f06sBo3q2Yxnw_TYPFUEs0CozBmcV-XniH_DeKNWzKE" # ggignore
  france_connect_particulier:
    identifier: france_connect_test_identifier
    secret: france_connect_test_secret
    redirect_uri: https://bidon.com/endpoint
    authorization_endpoint: https://bidon.com/endpoint
    token_endpoint: https://bidon.com/endpoint
    userinfo_endpoint: https://bidon.com/endpoint
    logout_endpoint: https://bidon.com/endpoint
  universign:
    userpwd: 'fake:fake'
  autocomplete:
    api_geo_url: /test/api_geo
  datagouv:
    api_key: "clesecrete"
    api_url: "https://www.data.gouv.fr/api/1"
    descriptif_demarches_dataset: "ethopundataset"
    descriptif_demarches_resource: "etbimuneressource"

# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
  <<: *defaults
First Commit 2015-08-10 11:05:06 +02:00			`# Be sure to restart your server when you modify this file.`

			`# Your secret key is used for verifying the integrity of signed cookies.`
			`# If you change this key, all old signed cookies will become invalid!`

			`# Make sure the secret is at least 30 characters and all random,`
			`# no regular words or you'll be exposed to dictionary attacks.`
			# You can use `rake secret` to generate a secure secret key.

			`# Make sure the secrets in this file are kept private`
			`# if you're sharing your code publicly.`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`defaults: &defaults`
[ENV] Devise config 2018-03-12 15:11:22 +01:00			`secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>`
Feat (API Particulier): new encryption service 2021-06-10 16:52:51 +02:00			`encryption_service_salt: <%= ENV["ENCRYPTION_SERVICE_SALT"] %>`
configure otp_secret_key secret 2020-11-05 11:17:09 +01:00			`otp_secret_key: <%= ENV["OTP_SECRET_KEY"] %>`
chore: setup active record encryption from secrets 2023-05-02 14:48:58 +02:00			`active_record_encryption:`
			`primary_key: <%= ENV["AR_ENCRYPTION_PRIMARY_KEY"] %>`
			`key_derivation_salt: <%= ENV["AR_ENCRYPTION_KEY_DERIVATION_SALT"] %>`
[ENV] Basic auth config 2018-03-12 17:05:03 +01:00			`basic_auth:`
			`username: <%= ENV['BASIC_AUTH_USERNAME'] %>`
			`password: <%= ENV['BASIC_AUTH_PASSWORD'] %>`
config: fix France Connect callback URL when testing locally When testing France Connect on a local development environment, the callback URL should be something like `http://localhost:3000/…/…` But currently, the callback URL uses `https`, even in development. This causes the callback URL to be rejected by France Connect. This commit overrides the callback URL when in development, to use an `http` URL instead. In doesn't affect the production settings. 2020-01-08 11:42:31 +01:00			`france_connect_particulier: &france_connect_particulier`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`identifier: <%= ENV['FC_PARTICULIER_ID'] %>`
			`secret: <%= ENV['FC_PARTICULIER_SECRET'] %>`
Fix France Connect 2018-08-29 11:01:13 +02:00			`redirect_uri: https://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback`
Rename an env var 2018-08-27 16:47:13 +02:00			`authorization_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/authorize`
			`token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token`
			`userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo`
			`logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout`
dolist config 2022-04-11 17:22:32 +02:00			`dolist:`
			`username: <%= ENV['DOLIST_USERNAME'] %>`
			`password: <%= ENV['DOLIST_PASSWORD'] %>`
			`account_id: <%= ENV['DOLIST_ACCOUNT_ID'] %>`
show dolist logs to manager 2022-04-26 11:44:42 +02:00			`api_key: <%= ENV['DOLIST_API_KEY'] %>`
[ENV] Configure Api Entreprise token 2018-03-16 13:07:20 +01:00			`api_entreprise:`
			`key: <%= ENV['API_ENTREPRISE_KEY'] %>`
[ENV] Mailjet delivery method 2018-08-13 15:28:54 +02:00			`mailtrap:`
			`username: <%= ENV['MAILTRAP_USERNAME'] %>`
			`password: <%= ENV['MAILTRAP_PASSWORD'] %>`
Add helpscout config 2018-08-29 11:41:33 +02:00			`helpscout:`
			`mailbox_id: <%= ENV['HELPSCOUT_MAILBOX_ID'] %>`
			`client_id: <%= ENV['HELPSCOUT_CLIENT_ID'] %>`
			`client_secret: <%= ENV['HELPSCOUT_CLIENT_SECRET'] %>`
Add helpscout webhook 2018-08-29 21:26:22 +02:00			`webhook_secret: <%= ENV['HELPSCOUT_WEBHOOK_SECRET'] %>`
Move sendinblue client key to configuration file This is not a secret (it's sent to the client as part of the JS anyway) so it's not a big deal that it was on the public repository but it's still better to have it be configurable. 2019-03-05 10:34:51 +01:00			`sendinblue:`
clean(SMTP.balancing): remove some env vars 2022-05-02 17:30:37 +02:00			`enabled: <%= ENV.key?('SENDINBLUE_BALANCING_VALUE') %>`
Sendinblue email balancing using proper credentials This reverts commit c61981e7957340cbf268d449df809f27555aece6. 2019-11-05 09:32:35 +01:00			`username: <%= ENV['SENDINBLUE_USER_NAME'] %>`
Move sendinblue client key to configuration file This is not a secret (it's sent to the client as part of the JS anyway) so it's not a big deal that it was on the public repository but it's still better to have it be configurable. 2019-03-05 10:34:51 +01:00			`client_key: <%= ENV['SENDINBLUE_CLIENT_KEY'] %>`
introduce smtp_key in order to use 2 different sendinblue keys client_key is exposed to the client via gon, so if we use it for sending email too we are exposing a key so anybody could send an email. The current client_key has a different level of right and can't send emails so it's ok to expose it. 2019-11-05 09:38:08 +01:00			`smtp_key: <%= ENV['SENDINBLUE_SMTP_KEY'] %>`
migrate sendinblue API to v3 2019-10-01 17:28:06 +02:00			`api_v3_key: <%= ENV['SENDINBLUE_API_V3_KEY'] %>`
evolution(helpscout.webhooks): mise en place des rappel web afin de notifier l'equipe tech des bug identifies par le support Co-authored-by: Colin Darie <colin@darie.eu> 2022-11-03 11:31:18 +01:00			`mattermost:`
infra(monitoring): ajoute le webhook pour les notifier des incidents cote sib 2023-01-11 17:31:31 +01:00			`send_in_blue_outage_webhook_url: <%= ENV['SEND_IN_BLUE_OUTAGE_WEBHOOK_URL'] %>`
evolution(helpscout.webhooks): mise en place des rappel web afin de notifier l'equipe tech des bug identifies par le support Co-authored-by: Colin Darie <colin@darie.eu> 2022-11-03 11:31:18 +01:00			`support_webhook_url: <%= ENV['SUPPORT_WEBHOOK_URL'] %>`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`matomo:`
feat(matomo): use env variables to set the domain 2022-01-26 13:57:49 +01:00			`cookie_domain: "<%= ENV['MATOMO_COOKIE_DOMAIN'] %>"`
			`domain: "<%= ENV['MATOMO_DOMAIN'] %>"`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`enabled: <%= ENV['MATOMO_ENABLED'] == 'enabled' %>`
config: add MATOMO_HOST environment variable 2022-01-18 12:47:01 +01:00			`host: <%= ENV['MATOMO_HOST'] %>`
Move all the trackers to a separate js pack 2019-03-26 16:02:08 +01:00			`client_key: <%= ENV['MATOMO_ID'] %>`
			`sentry:`
			`enabled: <%= ENV['SENTRY_ENABLED'] == 'enabled' %>`
Fix (Sentry): prefer Rails secrets over ENV variables 2021-05-12 15:00:13 +02:00			`js_client_key: <%= ENV['SENTRY_DSN_JS'] %>`
			`rails_client_key: <%= ENV['SENTRY_DSN_RAILS'] %>`
Sentry should send environment information 2019-04-03 12:13:34 +02:00			`environment: <%= ENV['SENTRY_CURRENT_ENV'] %>`
Add crisp Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-05-15 14:15:48 +02:00			`crisp:`
			`enabled: <%= ENV['CRISP_ENABLED'] == 'enabled' %>`
			`client_key: <%= ENV['CRISP_CLIENT_KEY'] %>`
Add Universign timestamp API query 2019-06-06 10:47:51 +02:00			`universign:`
			`userpwd: <%= ENV['UNIVERSIGN_USERPWD'] %>`
feat(timestamp): add certigna 2022-12-06 11:50:06 +01:00			`certigna:`
			`userpwd: <%= ENV['CERTIGNA_USERPWD'] %>`
Revert "Revert "Merge pull request #4552 from tchak/champ-communes"" This reverts commit 4373cb22cbb66bde29463d66a15d93740b0bcdfa. 2020-01-14 18:46:07 +01:00			`autocomplete:`
			`api_geo_url: <%= ENV['API_GEO_URL'] %>`
			`api_adresse_url: <%= ENV['API_ADRESSE_URL'] %>`
Add api education adapter and job 2021-01-13 18:58:59 +01:00			`api_education_url: <%= ENV['API_EDUCATION_URL'] %>`
add datagouv secrets 2022-07-14 11:19:37 +02:00			`datagouv:`
			`api_key: <%= ENV['DATAGOUV_API_KEY'] %>`
			`api_url: <%= ENV['DATAGOUV_API_URL'] %>`
rename datagouv env var 2022-07-21 16:36:58 +02:00			`descriptif_demarches_dataset: <%= ENV['DATAGOUV_DESCRIPTIF_DEMARCHES_DATASET'] %>`
			`descriptif_demarches_resource: <%= ENV['DATAGOUV_DESCRIPTIF_DEMARCHES_RESOURCE'] %>`
Administrateurs crées par mois : CRON Job 2022-06-24 21:18:17 +02:00			`statistics_dataset: <%= ENV['DATAGOUV_STATISTICS_DATASET'] %>`
Add crisp Signed-off-by: Chaïb Martinez <chaibax@gmail.com> 2019-05-15 14:15:48 +02:00
First Commit 2015-08-10 11:05:06 +02:00
			`development:`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`<<: *defaults`
config: fix France Connect callback URL when testing locally When testing France Connect on a local development environment, the callback URL should be something like `http://localhost:3000/…/…` But currently, the callback URL uses `https`, even in development. This causes the callback URL to be rejected by France Connect. This commit overrides the callback URL when in development, to use an `http` URL instead. In doesn't affect the production settings. 2020-01-08 11:42:31 +01:00			`france_connect_particulier:`
			`<<: *france_connect_particulier`
			`redirect_uri: http://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback`

First Commit 2015-08-10 11:05:06 +02:00
			`test:`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`<<: *defaults`
config: ignore gitguardian warnings for test keys Tell GitGuardian not to report our fake testing secrets as leaks. 2022-02-08 11:31:07 +01:00			`secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a # ggignore`
			`encryption_service_salt: QUDyMoXyw2YXU8pHnpts3w9MyMpsMQ6BgP62obgCf7PQv # ggignore`
			`otp_secret_key: 78ddda3679dc0ba2c99f50bcff04f49d862358dbeb7ead50368fdd6de14392be884ee10a204a0375b4b382e1a842fafe40d7858b7ab4796ec3a67c518d31112b # ggignore`
chore: setup active record encryption from secrets 2023-05-02 14:48:58 +02:00			`active_record_encryption:`
			`primary_key: test-RgUyzplf0kehB5fyZpmCd37uvgb # ggignore`
			`key_derivation_salt: test-yyMmzM9cTSD1rs3Fq3hwt3hMNg4 # ggignore`
[ENV] Configure Api Entreprise token 2018-03-16 13:07:20 +01:00			`api_entreprise:`
config: ignore gitguardian warnings for test keys Tell GitGuardian not to report our fake testing secrets as leaks. 2022-02-08 11:31:07 +01:00			`key: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ik9oIHllYWgiLCJpYXQiOjE1MTYyMzkwMjJ9.f06sBo3q2Yxnw_TYPFUEs0CozBmcV-XniH_DeKNWzKE" # ggignore`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`france_connect_particulier:`
			`identifier: france_connect_test_identifier`
			`secret: france_connect_test_secret`
			`redirect_uri: https://bidon.com/endpoint`
			`authorization_endpoint: https://bidon.com/endpoint`
			`token_endpoint: https://bidon.com/endpoint`
			`userinfo_endpoint: https://bidon.com/endpoint`
			`logout_endpoint: https://bidon.com/endpoint`
Add Universign timestamp API query 2019-06-06 10:47:51 +02:00			`universign:`
			`userpwd: 'fake:fake'`
Revert "Revert "Merge pull request #4552 from tchak/champ-communes"" This reverts commit 4373cb22cbb66bde29463d66a15d93740b0bcdfa. 2020-01-14 18:46:07 +01:00			`autocomplete:`
			`api_geo_url: /test/api_geo`
add datagouv secrets 2022-07-14 11:19:37 +02:00			`datagouv:`
			`api_key: "clesecrete"`
			`api_url: "https://www.data.gouv.fr/api/1"`
			`descriptif_demarches_dataset: "ethopundataset"`
			`descriptif_demarches_resource: "etbimuneressource"`
First Commit 2015-08-10 11:05:06 +02:00
			`# Do not keep production secrets in the repository,`
			`# instead read values from the environment.`
Remove useless anchor in secrets.yml 2018-09-03 16:16:07 +02:00			`production:`
[ENV] France connect particulier config in secrets.yml 2018-02-09 16:47:39 +01:00			`<<: *defaults`