> For the complete documentation index, see [llms.txt](https://documentation.opencrvs.org/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://documentation.opencrvs.org/v1.4/setup/3.-installation/3.3-set-up-a-server-hosted-environment/4.3.3-create-a-github-environment/4.3.3.1-environment-secrets-and-variables-explained.md). # 4.3.3.1 Environment secrets and variables explained ### **Global repository secrets**
ParameterDescription
DOCKER_USERNAMEYour Dockerhub username to access the container registry. If you are using a different container registry, you will need to manually edit the deploy.yml appropriately.
DOCKER_TOKENYour Dockerhub access token.
DOCKERHUB_ACCOUNTThe name of your Dockerhub account or organisation that forms the URL to your country config docker image on Dockerhub before the slash. e.g: opencrvs
DOCKERHUB_REPOThe name of your Dockerhub repository that forms the URL to your country config docker image on Dockerhub after the slash.. e.g. ocrvs-farajaland
### **Environment secrets** | Secret | Description | | ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | SUPER\_USER\_PASSWORD | This is an OpenCRVS superuser National System Admnistrator password used when seeding the databases in deployed environments. | | ELASTICSEARCH\_SUPERUSER\_PASSWORD | The Elasticsearch superuser password. You can also use this to login to Kibana with the username "**elastic**" and you have superuser Elastic privileges. Kibana URL: \ | | KIBANA\_USERNAME | A username for a regular Kibana user to login and monitor OpenCRVS stack health. Useful for developers as this user will have no superuser privileges. | | KIBANA\_PASSWORD | A password for a regular Kibana user to login and monitor OpenCRVS stack health | | MONGODB\_ADMIN\_USER | The MongoDB superuser admin username. A powerful account that has all rights to OpenCRVS data | | MONGODB\_ADMIN\_PASSWORD | The MongoDB superuser admin password. | | MINIO\_ROOT\_USER | A username for a Minio superuser admin to login to the Minio console to view supporting document attachments submitted during registrations. \ | | MINIO\_ROOT\_PASSWORD | A password for a Minio superuser admin | | SMTP\_HOST | | | SMTP\_PORT | | | SMTP\_USERNAME | | | SMTP\_PASSWORD | | | SMTP\_SECURE | Whether or not your SMTP port requires TLS | | ALERT\_EMAIL | Email address or Slack channel address to send system technical alerts to. | | SENDER\_EMAIL\_ADDRESS | The sender email address that appears in all emails will need to be configured. | | SSH\_KEY | This is a copy of the **id\_rsa** file for the SSH Key, not the id\_rsa.pub! | | SSH\_USER | Equal to "provision" | | SSH\_HOST | IP address for the server | ### Environment variables | Variable | Description | | ------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | | REPLICAS | The number of replicas: **1, 2, 3 or 5** depending on how many servers are in the environment cluster | | DOMAIN | The host **domain name** (without www!) for your environment. | | CONTENT\_SECURITY\_POLICY\_WILDCARD | This string is supplied to the clients and nginx config and ensures that the format of your domain above can be configurable for CORS purposes. | | ACTIVATE\_USERS | When users are seeded, are they immediately active using a test password and six zeros as a 2-Factor auth code. Always false in production and staging. | | AUTH\_HOST, CLIENT\_APP\_URL, COUNTRY\_CONFIG\_HOST, GATEWAY\_HOST, LOGIN\_URL | URLs passed to docker-compose to support internal microservice comms. | | DISK\_SPACE | The amount of disk space set aside for encrypted PII data stored by OpenCRVS | | NOTIFICATION\_TRANSPORT | A prop which can be used to configure either Email or SMS for staff and beneficiary comms or potentially both. | | SSH\_ARGS | Arguments that are passed to the SSH command to access the server, such as when using a bastion or jump. | | VPN\_HOST\_ADDRESS | IP address for the VPN server | | VPN\_ADMIN\_PASSWORD | Password for the optional, built-in Wireguard VPN Admin interface at | ### **Optional environment secrets**
ParameterDescription
SENTRY_DSNOpenCRVS can report application errors to Sentry in order to help you debug any issues in production.
INFOBIP_API_KEYIf you are using SMS for communications, then you will likely require an API key. We use this secret for the Infobip API. Its likely you will have your own custom requirements depending on your chosen provider.
INFOBIP_SENDER_IDIf you are using SMS for communications, then the sender id that appears in all SMS messages will need to be configured. Its likely you will have your own custom requirements depending on your chosen provider.
INFOBIP_GATEWAY_ENDPOINTWe use this prop to store the endpoint URL for the Infobip API. Its likely you will have your own custom requirements depending on your chosen provider.
--- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://documentation.opencrvs.org/v1.4/setup/3.-installation/3.3-set-up-a-server-hosted-environment/4.3.3-create-a-github-environment/4.3.3.1-environment-secrets-and-variables-explained.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.