4.3.4.1 Environment secrets and variables explained
Global repository secrets
DOCKER_USERNAME
Your Dockerhub username to access the container registry. If you are using a different container registry, you will need to manually edit the deploy.yml appropriately.
DOCKER_TOKEN
Your Dockerhub access token.
DOCKERHUB_ACCOUNT
The name of your Dockerhub account or organisation that forms the URL to your country config docker image on Dockerhub before the slash. e.g: opencrvs
DOCKERHUB_REPO
The name of your Dockerhub repository that forms the URL to your country config docker image on Dockerhub after the slash.. e.g. ocrvs-farajaland
GH_TOKEN
The personal Github Token used in all Action runners.
GH_ENCRYPTION_PASSWORD
Using the Github Token, a password is created that allows automated actions to access the secrets from other environments. This occurs during provisioning so that the production, backup and staging environments use the same BACKUP_ENCRYPTION_PASSPHRASE.
Environment secrets
BACKUP_ENCRYPTION_PASSPHRASE
This is the password that is used to encrypt all the backups that OpenCRVS creates from a production server and that are stored on the backup server. Use this passphrase to decrypt the backups.
ELASTICSEARCH_SUPERUSER_PASSWORD
The Elasticsearch superuser password. You can also use this to login to Kibana with the username "elastic" and you have superuser Elastic privileges. Kibana URL: https://kibana.<your_domain>
KIBANA_USERNAME
A username for a regular Kibana user to login and monitor OpenCRVS stack health. Useful for developers as this user will have no superuser privileges.
KIBANA_PASSWORD
A password for a regular Kibana user to login and monitor OpenCRVS stack health
MONGODB_ADMIN_USER
The MongoDB superuser admin username. A powerful account that has all rights to OpenCRVS data
MONGODB_ADMIN_PASSWORD
The MongoDB superuser admin password.
MINIO_ROOT_USER
A username for a Minio superuser admin to login to the Minio console to view supporting document attachments submitted during registrations. https://minio-console.<your_domain>
MINIO_ROOT_PASSWORD
A password for a Minio superuser admin
SMTP_HOST
SMTP_PORT
SMTP_USERNAME
SMTP_PASSWORD
SMTP_SECURE
Whether or not your SMTP port requires TLS
ALERT_EMAIL
Email address or Slack channel address to send system technical alerts to.
SENDER_EMAIL_ADDRESS
The sender email address that appears in all emails will need to be configured.
SSH_KEY
This is a copy of the id_rsa file for the SSH Key, not the id_rsa.pub!
SSH_USER
Equal to "provision"
OPENCRVS_METABASE_ADMIN_EMAIL
Email address for metabase admin panel login
OPENCRVS_METABASE_ADMIN_PASSWORD
Password for metabase admin panel login
Environment variables
REPLICAS
The number of replicas: 1, 2, 3 or 5 depending on how many servers are in the environment cluster
DOMAIN
The host domain name (without www!) for your environment.
CONTENT_SECURITY_POLICY_WILDCARD
This string is supplied to the clients and nginx config and ensures that the format of your domain above can be configurable for CORS purposes.
ACTIVATE_USERS
When users are seeded, are they immediately active using a test password and six zeros as a 2-Factor auth code. Always false in production and staging.
AUTH_HOST, CLIENT_APP_URL, COUNTRY_CONFIG_HOST, GATEWAY_HOST, LOGIN_URL
URLs passed to docker-compose to support internal microservice comms.
DISK_SPACE
The amount of disk space set aside for encrypted PII data stored by OpenCRVS
NOTIFICATION_TRANSPORT
A prop which can be used to configure either Email or SMS for staff and beneficiary comms or potentially both.
SSH_HOST, SSH_PORT, SSH_ARGS
Arguments that are passed to the SSH command to access the server as the provision user
Optional environment secrets
SENTRY_DSN
OpenCRVS can report application errors to Sentry in order to help you debug any issues in production.