Merge pull request #2440 from tchak/dotenv

Dotenv
2018-08-23 15:36:36 +00:00 · 2018-08-23 15:36:36 +00:00 · 2570672e53
commit 2570672e53
parent 4487f4c117 986b1c49f2
31 changed files with 290 additions and 152 deletions
--- a/.gitignore
+++ b/.gitignore
@ -28,7 +28,6 @@ config/initializers/super_admin.rb
 doc/*.svg
 config/france_connect.yml
 config/github_secrets.yml
-config/initializers/mailjet.rb
 config/fog_credentials.yml
 uploads/*
 coverage/**/*
--- a/README.md
+++ b/README.md
@ -34,13 +34,6 @@ Afin d'initialiser l'environnement de développement, exécutez la commande suiv
    bundle install
    yarn install

-## Bouchonnage de l’authentification
-
-Créer les fichiers de configuration avec les valeurs par défaut :
-
-    cp config/france_connect.example.yml config/france_connect.yml
-    cp config/github_secrets.example.yml config/github_secrets.yml
-
 ## Création de la base de données

 Les informations nécessaire à l'initialisation de la base doivent être pré-configurées à la main grâce à la procédure suivante :
@ -59,12 +52,6 @@ Afin de générer la BDD de l'application, il est nécessaire d'exécuter les co
    # Migrate the development database and the test database
    bin/rails db:migrate

-## Connexion a Pipedrive
-
-Dans le fichier `config/intializers/token.rb`, ajouter
-
-`PIPEDRIVE_TOKEN = 'token'`
-
 *Note : les valeurs pour ces paramètres sont renseignées dans le Keepass*

 ## Bouchonnage de la configuration
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -24,11 +24,6 @@ class ApplicationController < ActionController::Base
    end
  end

-  def default_url_options
-    return { protocol: 'https' } if Rails.env.staging? || Rails.env.production?
-    {}
-  end
-
  def load_navbar_left_pannel_partial_url
    controller = request.controller_class
    method = params[:action]
--- a/app/lib/api_entreprise/api.rb
+++ b/app/lib/api_entreprise/api.rb
@ -1,8 +1,4 @@
 class ApiEntreprise::API
-  class << self
-    attr_accessor :token
-  end
-
  ENTREPRISE_RESOURCE_NAME = "entreprises"
  ETABLISSEMENT_RESOURCE_NAME = "etablissements"
  EXERCICES_RESOURCE_NAME = "exercices"
@ -49,7 +45,7 @@ class ApiEntreprise::API
  end

  def self.url(resource_name, siret_or_siren)
-    [API_ENTREPRISE_URL, resource_name, siret_or_siren].join("/")
+    [base_url, resource_name, siret_or_siren].join("/")
  end

  def self.params(siret_or_siren, procedure_id)
@ -57,7 +53,17 @@ class ApiEntreprise::API
      context: "demarches-simplifiees.fr",
      recipient: siret_or_siren,
      object: "procedure_id: #{procedure_id}",
-      token: SIADETOKEN
+      token: token
    }
  end
+
+  private
+
+  def self.token
+    Rails.application.secrets.api_entreprise[:key]
+  end
+
+  def self.base_url
+    Rails.application.secrets.api_entreprise[:base_url]
+  end
 end
--- a/app/lib/pipedrive/api.rb
+++ b/app/lib/pipedrive/api.rb
@ -48,7 +48,7 @@ class Pipedrive::API
    params.merge!({
      start: 0,
      limit: 500,
-      api_token: PIPEDRIVE_TOKEN
+      api_token: token
    })

    response = RestClient.get(url, params: params)
@ -56,14 +56,18 @@ class Pipedrive::API
  end

  def self.put(url, params)
-    url = "#{url}?api_token=#{PIPEDRIVE_TOKEN}"
+    url = "#{url}?api_token=#{token}"

    RestClient.put(url, params.to_json, { content_type: :json })
  end

  def self.post(url, params)
-    url = "#{url}?api_token=#{PIPEDRIVE_TOKEN}"
+    url = "#{url}?api_token=#{token}"

    RestClient.post(url, params.to_json, { content_type: :json })
  end
+
+  def self.token
+    Rails.application.secrets.pipedrive[:key]
+  end
 end
--- a/app/services/signature_service.rb
+++ b/app/services/signature_service.rb
@ -1,6 +1,4 @@
 class SignatureService
-  CONFIG_PATH = Rails.root.join("config", "signing_key.yml")
-
  class << self
    def generate
      RbNaCl::Util.bin2hex(RbNaCl::SigningKey.generate)
@ -24,15 +22,7 @@ class SignatureService
    private

    def signing_key
-      @@signing_key ||= RbNaCl::SigningKey.new(RbNaCl::Util.hex2bin(config[:key]))
-    end
-
-    def config
-      if File.exist?(CONFIG_PATH)
-        YAML.safe_load(File.read(CONFIG_PATH)).symbolize_keys
-      else
-        {}
-      end
+      @@signing_key ||= RbNaCl::SigningKey.new(RbNaCl::Util.hex2bin(Rails.application.secrets.signing_key))
    end
  end
 end
--- a/app/services/staging_auth_service.rb
+++ b/app/services/staging_auth_service.rb
@ -1,23 +1,13 @@
 class StagingAuthService
-  CONFIG_PATH = Rails.root.join("config", "basic_auth.yml")
-
  def self.authenticate(username, password)
    if enabled?
-      username == config[:username] && password == config[:password]
+      username == Rails.application.secrets.basic_auth[:username] && password == Rails.application.secrets.basic_auth[:password]
    else
      true
    end
  end

  def self.enabled?
-    !!config[:enabled]
-  end
-
-  def self.config
-    if File.exist?(CONFIG_PATH)
-      YAML.safe_load(File.read(CONFIG_PATH)).symbolize_keys
-    else
-      {}
-    end
+    ENV['BASIC_AUTH_ENABLED'] == 'enabled'
  end
 end
--- a/app/uploaders/remote_downloader.rb
+++ b/app/uploaders/remote_downloader.rb
@ -4,6 +4,12 @@ class RemoteDownloader
  end

  def url
-    @url ||= File.join(STORAGE_URL, @filename)
+    @url ||= File.join(base_url, CarrierWave::Uploader::Base.fog_directory, @filename)
+  end
+
+  protected
+
+  def base_url
+    Rails.application.secrets.fog[:base_url]
  end
 end
--- a/config/database.yml
+++ b/config/database.yml
@ -1,17 +1,26 @@
-development:
+default: &default
  adapter: postgresql
  encoding: unicode
+  pool: <%= ENV.fetch("DB_POOL") { 5 } %>
+  timeout: 5000
+
+development:
+  <<: *default
  database: tps_development
  host: localhost
-  pool: 5
  username: tps_development
  password: tps_development

 test:
-  adapter: postgresql
-  encoding: unicode
+  <<: *default
  database: tps_test
  host: localhost
-  pool: 5
  username: tps_test
  password: tps_test
+
+production:
+  <<: *default
+  database: <%= ENV["DB_DATABASE"] %>
+  host: <%= ENV["DB_HOST"] %>
+  username: <%= ENV["DB_USERNAME"] %>
+  password: <%= ENV["DB_PASSWORD"] %>
--- a/config/deploy.rb
+++ b/config/deploy.rb
@ -53,20 +53,7 @@ set :shared_paths, [
  'tmp/sockets',
  'public/system',
  'public/uploads',
-  'config/database.yml',
-  "config/skylight.yml",
-  "config/fog_credentials.yml",
-  'config/storage.yml',
-  'config/initializers/secret_token.rb',
-  "config/environments/#{rails_env}.rb",
-  "config/initializers/token.rb",
-  "config/unicorn.rb",
-  "config/initializers/raven.rb",
-  'config/france_connect.yml',
-  'config/github_secrets.yml',
-  'config/basic_auth.yml',
-  'config/initializers/mailjet.rb',
-  'config/initializers/storage_url.rb'
+  'config/unicorn.rb'
 ]

 set :rbenv_path, "/usr/local/rbenv/bin/rbenv"
@ -111,15 +98,6 @@ task :setup => :environment do

  queue! %[mkdir -p "#{deploy_to}/shared/config/locales/dynamics"]
  queue! %[chmod g+rx,u+rwx "#{deploy_to}/shared/config/locales/dynamics"]
-
-  queue! %[touch "#{deploy_to}/shared/config/database.yml"]
-  queue %[echo "-----> Be sure to edit 'shared/config/database.yml'."]
-
-  queue! %[touch "#{deploy_to}/shared/environments/production.rb"]
-  queue %[echo "-----> Be sure to edit 'shared/environments/production.rb'."]
-
-  queue! %[touch "#{deploy_to}/shared/environments/staging.rb"]
-  queue %[echo "-----> Be sure to edit 'shared/environments/staging.rb'."]
 end

 namespace :yarn do
--- a/config/env.example
+++ b/config/env.example
@ -1,2 +1,15 @@
 APP_NAME="tps_local"
 APP_HOST="http://localhost:3000/"
+
+GITHUB_CLIENT_ID=""
+GITHUB_CLIENT_SECRET=""
+
+FC_PARTICULIER_ID=""
+FC_PARTICULIER_SECRET=""
+FC_PARTICULIER_REDIRECT_URI=""
+FC_PARTICULIER_HOST=""
+
+API_ENTREPRISE_KEY=""
+API_ENTREPRISE_BASE_URL="https://entreprise.api.gouv.fr/v2"
+
+PIPEDRIVE_KEY=""
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@ -47,17 +47,15 @@ Rails.application.configure do
  # Action Mailer settings
  config.action_mailer.delivery_method = :smtp
  config.action_mailer.default_url_options = { host: 'localhost', port: 3000 }
-  config.action_mailer.asset_host = 'http://localhost:3000'
  # Config for mailcatcher https://mailcatcher.me/
  config.action_mailer.smtp_settings = {
-    :address => "localhost",
-    :port => 1025,
-    :locale => 'fr'
+    address: 'localhost',
+    port: 1025,
+    locale: 'fr'
  }

  Rails.application.routes.default_url_options = {
-    host: 'localhost:3000',
-    protocol: :http
+    host: 'localhost:3000'
  }

  # Raises error for missing translations
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@ -58,7 +58,7 @@ Rails.application.configure do
  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)

  # Use a different cache store in production.
-  config.cache_store = :memory_store
+  # config.cache_store = :memory_store

  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
  # config.action_controller.asset_host = 'http://assets.example.com'
@ -67,6 +67,25 @@ Rails.application.configure do
  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
  # config.action_mailer.raise_delivery_errors = false

+  if ENV['MAILTRAP_ENABLED'] == 'enabled'
+    config.action_mailer.delivery_method = :smtp
+    config.action_mailer.smtp_settings = {
+      user_name: Rails.application.secrets.mailtrap[:username],
+      password: Rails.application.secrets.mailtrap[:password],
+      address: 'smtp.mailtrap.io',
+      domain: 'smtp.mailtrap.io',
+      port: '2525',
+      authentication: :cram_md5
+    }
+  else
+    config.action_mailer.delivery_method = :mailjet
+  end
+
+  config.action_mailer.default_url_options = {
+    protocol: :https,
+    host: ENV['APP_HOST']
+  }
+
  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
  # the I18n.default_locale when a translation cannot be found).
  config.i18n.fallbacks = true
@ -83,6 +102,9 @@ Rails.application.configure do
  config.active_record.dump_schema_after_migration = false

  Rails.application.routes.default_url_options = {
-    protocol: :https
+    protocol: :https,
+    host: ENV['APP_HOST']
  }
+
+  config.lograge.enabled = ENV['LOGRAGE_ENABLED'] == 'enabled'
 end
--- a/config/environments/staging.rb
+++ b/config/environments/staging.rb
@ -0,0 +1,110 @@
+Rails.application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # Verifies that versions and hashed value of the package contents in the project's package.json
+  config.webpacker.check_yarn_integrity = false
+
+  # Code is not reloaded between requests.
+  config.cache_classes = true
+
+  # Eager load code on boot. This eager loads most of Rails and
+  # your application in memory, allowing both threaded web servers
+  # and those relying on copy on write to perform better.
+  # Rake tasks automatically ignore this option for performance.
+  config.eager_load = true
+
+  # Full error reports are disabled and caching is turned on.
+  config.consider_all_requests_local       = false
+  config.action_controller.perform_caching = true
+
+  # Enable Rack::Cache to put a simple HTTP cache in front of your application
+  # Add `rack-cache` to your Gemfile before enabling this.
+  # For large-scale production use, consider using a caching reverse proxy like
+  # NGINX, varnish or squid.
+  # config.action_dispatch.rack_cache = true
+
+  # Disable serving static files from the `/public` folder by default since
+  # Apache or NGINX already handles this.
+  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
+
+  # Compress JavaScripts and CSS.
+  config.assets.js_compressor = :uglifier
+  # config.assets.css_compressor = :sass
+
+  # Do not fallback to assets pipeline if a precompiled asset is missed.
+  config.assets.compile = false
+
+  # Asset digests allow you to set far-future HTTP expiration dates on all assets,
+  # yet still be able to expire them through the digest params.
+  config.assets.digest = true
+
+  # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
+
+  # Specifies the header that your server uses for sending files.
+  # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
+  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
+
+  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
+  config.force_ssl = true
+
+  # Use the lowest log level to ensure availability of diagnostic information
+  # when problems arise.
+  config.log_level = :debug
+
+  # Prepend all log lines with the following tags.
+  # config.log_tags = [ :subdomain, :uuid ]
+
+  # Use a different logger for distributed setups.
+  # config.logger = ActiveSupport::TaggedLogging.new(SyslogLogger.new)
+
+  # Use a different cache store in production.
+  # config.cache_store = :memory_store
+
+  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
+  # config.action_controller.asset_host = 'http://assets.example.com'
+
+  # Ignore bad email addresses and do not raise email delivery errors.
+  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
+  # config.action_mailer.raise_delivery_errors = false
+
+  if ENV['MAILTRAP_ENABLED'] == 'enabled'
+    config.action_mailer.delivery_method = :smtp
+    config.action_mailer.smtp_settings = {
+      user_name: Rails.application.secrets.mailtrap[:username],
+      password: Rails.application.secrets.mailtrap[:password],
+      address: 'smtp.mailtrap.io',
+      domain: 'smtp.mailtrap.io',
+      port: '2525',
+      authentication: :cram_md5
+    }
+  else
+    config.action_mailer.delivery_method = :mailjet
+  end
+
+  config.action_mailer.default_url_options = {
+    protocol: :https,
+    host: ENV['APP_HOST']
+  }
+
+  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
+  # the I18n.default_locale when a translation cannot be found).
+  config.i18n.fallbacks = true
+
+  config.active_storage.service = :clever_cloud
+
+  # Send deprecation notices to registered listeners.
+  config.active_support.deprecation = :notify
+
+  # Use default logging formatter so that PID and timestamp are not suppressed.
+  config.log_formatter = ::Logger::Formatter.new
+
+  # Do not dump schema after migrations.
+  config.active_record.dump_schema_after_migration = false
+
+  Rails.application.routes.default_url_options = {
+    protocol: :https,
+    host: ENV['APP_HOST']
+  }
+
+  config.lograge.enabled = ENV['LOGRAGE_ENABLED'] == 'enabled'
+end
--- a/config/features.rb
+++ b/config/features.rb
@ -23,7 +23,7 @@ Flipflop.configure do

  group :production do
    feature :remote_storage,
-      default: Rails.env.production? || Rails.env.staging?
+      default: ENV['FOG_ENABLED'] == 'enabled'
    feature :weekly_overview,
      default: Rails.env.production?
  end
--- a/config/initializers/active_job_log_subscriber.rb
+++ b/config/initializers/active_job_log_subscriber.rb
@ -40,6 +40,7 @@ class ActiveJobLogSubscriber < ::ActiveJob::Logging::LogSubscriber
    tags.push('exception') if data[:exception]
    data[:tags] = tags
    data[:type] = 'tps'
+    data[:source] = ENV['SOURCE']

    log(data)
  end
--- a/config/initializers/active_storage_conf_override.rb
+++ b/config/initializers/active_storage_conf_override.rb
@ -1,4 +0,0 @@
-# FIXME: remove this once we moved to a properly structured infrastructure
-if Rails.env.production? || Rails.env.staging?
-  Rails.application.config.active_storage.service = :clever_cloud
-end
--- a/config/initializers/carrierwave.rb
+++ b/config/initializers/carrierwave.rb
@ -1,17 +1,18 @@
-if Rails.env.test?
-  Fog.credentials_path = Rails.root.join('config', 'fog_credentials.test.yml')
-else
-  Fog.credentials_path = Rails.root.join('config', 'fog_credentials.yml')
-end
-
 CarrierWave.configure do |config|
  # These permissions will make dir and files available only to the user running
  # the servers
  config.permissions = 0664
  config.directory_permissions = 0775

-  if Rails.env.production? || Rails.env.staging?
-    config.fog_credentials = { provider: 'OpenStack' }
+  if ENV['FOG_ENABLED'] == 'enabled'
+    config.fog_credentials = {
+      provider: 'OpenStack',
+      openstack_tenant: Rails.application.secrets.fog[:openstack_tenant],
+      openstack_api_key: Rails.application.secrets.fog[:openstack_api_key],
+      openstack_username: Rails.application.secrets.fog[:openstack_username],
+      openstack_auth_url: Rails.application.secrets.fog[:openstack_auth_url],
+      openstack_region: Rails.application.secrets.fog[:openstack_region],
+    }
  end

  # This avoids uploaded files from saving to public/ and so
@ -22,11 +23,5 @@ CarrierWave.configure do |config|

  config.fog_public = true

-  if Rails.env.production?
-    config.fog_directory = "tps"
-  elsif Rails.env.development?
-    config.fog_directory = "test_local"
-  else
-    config.fog_directory = "tps_dev"
-  end
+  config.fog_directory = Rails.application.secrets.fog[:directory]
 end
--- a/config/initializers/devise.rb
+++ b/config/initializers/devise.rb
@ -6,7 +6,7 @@ Devise.setup do |config|
  # The secret key used by Devise. Devise uses this key to generate
  # random tokens. Changing this key will render invalid all existing
  # confirmation, reset password and unlock tokens in the database.
-  # config.secret_key = '023b8d51611750f31982654ec5c14e275784af6a7a15aadbc599a973265e01e4218e209489b65e63d008b23754e4db268e376f652720fa9a69846853a365b811'
+  config.secret_key = Rails.application.secrets.secret_key_base

  # ==> Mailer Configuration
  # Configure the e-mail address which will be shown in Devise::Mailer,
@ -235,8 +235,7 @@ Devise.setup do |config|
  # Add a new OmniAuth provider. Check the wiki for more information on setting
  # up on your models and hooks.
  if !Rails.env.test?
-    github_secrets = YAML::load_file(File.join(__dir__, '../github_secrets.yml'))
-    config.omniauth :github, github_secrets['client_id'], github_secrets['client_secret'], scope: 'user:email'
+    config.omniauth :github, Rails.application.secrets.github[:client_id], Rails.application.secrets.github[:client_secret], scope: 'user:email'
  end

  # ==> Warden configuration
--- a/config/initializers/france_connect.rb
+++ b/config/initializers/france_connect.rb
@ -1,22 +1,3 @@
-FRANCE_CONNECT = if Rails.env.test?
-  {
-    particulier: {
-      identifier: 'plop',
-      secret: 'plip',
-      redirect_uri: 'https://bidon.com/endpoint',
-      authorization_endpoint: 'https://bidon.com/endpoint',
-      token_endpoint: 'https://bidon.com/endpoint',
-      userinfo_endpoint: 'https://bidon.com/endpoint',
-      logout_endpoint: 'https://bidon.com/endpoint',
-    }
-  }
-else
-  fc_config_file_path = Rails.root.join("config", "france_connect.yml")
-
-  # FIXME: with a yaml with a { particulier: {} } structure
-  config_hash = YAML.safe_load(File.read(fc_config_file_path))
-    .reduce({}) { |acc, (key, value)| acc[key.gsub('particulier_', '')] = value; acc }
-    .symbolize_keys
-
-  { particulier: config_hash }
-end
+FRANCE_CONNECT = {
+  particulier: Rails.application.secrets.france_connect_particulier
+}
--- a/config/initializers/lograge.rb
+++ b/config/initializers/lograge.rb
@ -10,6 +10,7 @@ Rails.application.configure do
    config.lograge.custom_options = lambda do |event|
      {
        type: 'tps',
+        source: ENV['SOURCE'],
        tags: ['request', event.payload[:exception] ? 'exception' : nil].compact,
        user_id: event.payload[:user_id],
        user_email: event.payload[:user_email],
--- a/config/initializers/mailjet.rb
+++ b/config/initializers/mailjet.rb
@ -0,0 +1,5 @@
+Mailjet.configure do |config|
+  config.api_key = Rails.application.secrets.mailjet[:api_key]
+  config.secret_key = Rails.application.secrets.mailjet[:secret_key]
+  config.default_from = CONTACT_EMAIL
+end
--- a/config/initializers/raven.rb
+++ b/config/initializers/raven.rb
@ -0,0 +1,7 @@
+if ENV['SENTRY_ENABLED'] == 'enabled'
+  require 'raven'
+
+  Raven.configure do |config|
+    config.dsn = ENV['SENTRY_DSN_RAILS']
+  end
+end
--- a/config/initializers/storage_url.rb
+++ b/config/initializers/storage_url.rb
@ -1 +0,0 @@
-STORAGE_URL = "https://storage.apientreprise.fr/#{CarrierWave::Uploader::Base.fog_directory}/"
--- a/config/initializers/urls.rb
+++ b/config/initializers/urls.rb
@ -1,7 +1,5 @@
 API_CARTO_URL = "https://apicarto.sgmap.fr"

-API_ENTREPRISE_URL = 'https://entreprise.api.gouv.fr/v2'
-
 API_GEO_URL = "https://geo.api.gouv.fr"

 PIPEDRIVE_API_URL = 'https://api.pipedrive.com/v1'
--- a/config/secrets.yml
+++ b/config/secrets.yml
@ -9,14 +9,70 @@

 # Make sure the secrets in this file are kept private
 # if you're sharing your code publicly.
+defaults: &defaults
+  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  signing_key: <%= ENV["SIGNING_KEY"] %>
+  basic_auth:
+    username: <%= ENV['BASIC_AUTH_USERNAME'] %>
+    password: <%= ENV['BASIC_AUTH_PASSWORD'] %>
+  france_connect_particulier:
+    identifier: <%= ENV['FC_PARTICULIER_ID'] %>
+    secret: <%= ENV['FC_PARTICULIER_SECRET'] %>
+    redirect_uri: <%= ENV['FC_PARTICULIER_REDIRECT_URI'] %>
+    authorization_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/authorize
+    token_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/token
+    userinfo_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/userinfo
+    logout_endpoint: <%= ENV['FC_PARTICULIER_HOST'] %>/api/v1/logout
+  github:
+    client_id: <%= ENV['GITHUB_CLIENT_ID'] %>
+    client_secret: <%= ENV['GITHUB_CLIENT_SECRET'] %>
+  mailjet:
+    api_key: <%= ENV['MAILJET_API_KEY'] %>
+    secret_key: <%= ENV['MAILJET_SECRET_KEY'] %>
+  api_entreprise:
+    key: <%= ENV['API_ENTREPRISE_KEY'] %>
+    base_url: <%= ENV['API_ENTREPRISE_BASE_URL'] %>
+  pipedrive:
+    key: <%= ENV['PIPEDRIVE_KEY'] %>
+  fog:
+    openstack_tenant: <%= ENV['FOG_OPENSTACK_TENANT'] %>
+    openstack_api_key: <%= ENV['FOG_OPENSTACK_API_KEY'] %>
+    openstack_username: <%= ENV['FOG_OPENSTACK_USERNAME'] %>
+    openstack_auth_url: <%= ENV['FOG_OPENSTACK_AUTH_URL'] %>
+    openstack_region: <%= ENV['FOG_OPENSTACK_REGION'] %>
+    base_url: <% ENV['FOG_BASE_URL'] %>
+    directory: <%= ENV['FOG_DIRECTORY'] %>
+  mailtrap:
+    username: <%= ENV['MAILTRAP_USERNAME'] %>
+    password: <%= ENV['MAILTRAP_PASSWORD'] %>

 development:
+  <<: *defaults
  secret_key_base: 05a2d479d8e412198dabd08ef0eee9d6e180f5cbb48661a35fd1cae287f0a93d40b5f1da08f06780d698bbd458a0ea97f730f83ee780de5d4e31f649a0130cf0
+  signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017

 test:
+  <<: *defaults
  secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a
+  signing_key: aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017
+  api_entreprise:
+    key: api_entreprise_test_key
+    base_url: https://entreprise.api.gouv.fr/v2
+  fog:
+    base_url: https://storage.apientreprise.fr
+    directory: tps_dev
+  pipedrive:
+    key: pipedrive_test_key
+  france_connect_particulier:
+    identifier: france_connect_test_identifier
+    secret: france_connect_test_secret
+    redirect_uri: https://bidon.com/endpoint
+    authorization_endpoint: https://bidon.com/endpoint
+    token_endpoint: https://bidon.com/endpoint
+    userinfo_endpoint: https://bidon.com/endpoint
+    logout_endpoint: https://bidon.com/endpoint

 # Do not keep production secrets in the repository,
 # instead read values from the environment.
 production:
-  secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
+  <<: *defaults
--- a/config/signing_key.yml
+++ b/config/signing_key.yml
@ -1,2 +0,0 @@
-# This is a signing key used in dev and test environments
-key: 'aef3153a9829fa4ba10acb02927ac855df6b92795b1ad265d654443c4b14a017'
--- a/config/skylight.yml
+++ b/config/skylight.yml
@ -0,0 +1,3 @@
+---
+# The authentication token for the application.
+authentication: <%= ENV['SKYLIGHT_AUTHENTICATION_KEY'] || '' %>
--- a/config/storage.yml
+++ b/config/storage.yml
@ -1,7 +1,11 @@
 local:
  service: Disk
  root: <%= Rails.root.join("storage") %>
-
 test:
  service: Disk
  root: <%= Rails.root.join("tmp/storage") %>
+clever_cloud:
+  service: Cellar
+  access_key_id: <%= ENV['CLEVER_CLOUD_ACCESS_KEY_ID'] %>
+  secret_access_key: <%= ENV['CLEVER_CLOUD_SECRET_ACCESS_KEY'] %>
+  bucket: <%= ENV['CLEVER_CLOUD_BUCKET'] %>
--- a/lib/tasks/dev.rake
+++ b/lib/tasks/dev.rake
@ -2,7 +2,6 @@ namespace :dev do
  desc 'Initialise dev environment'
  task :init do
    puts 'start initialisation'
-    Rake::Task['dev:generate_token_file'].invoke
    Rake::Task['dev:generate_franceconnect_file'].invoke
    Rake::Task['dev:generate_fog_credentials_file'].invoke
    Rake::Task['dev:generate_features_file'].invoke
@ -10,14 +9,6 @@ namespace :dev do
    puts 'end initialisation'
  end

-  task :generate_token_file do
-    puts 'creating token.rb file'
-    res = `rake secret`.delete("\n")
-    file = File.new('config/initializers/token.rb', 'w+')
-    file.write("TPS::Application.config.SIADETOKEN = '#{res}'")
-    file.close
-  end
-
  task :generate_franceconnect_file do
    file = File.new('config/france_connect.yml', 'w+')
    comment = <<~EOF
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@ -81,9 +81,6 @@ DatabaseCleaner.strategy = :transaction

 TPS::Application.load_tasks

-SIADETOKEN = :valid_token if !defined? SIADETOKEN
-PIPEDRIVE_TOKEN = :pipedrive_test_token if !defined? PIPEDRIVE_TOKEN
-
 include Warden::Test::Helpers

 include SmartListing::Helper
				`@ -1 +0,0 @@`
				`STORAGE_URL = "https://storage.apientreprise.fr/#{CarrierWave::Uploader::Base.fog_directory}/"`