4.3.3.1 Environment secrets and variables explained

Global repository secrets

Parameter
Description

DOCKER_USERNAME

DOCKER_TOKEN

DOCKERHUB_ACCOUNT

The name of your Dockerhub account or organisation that forms the URL to your country config docker image on Dockerhub before the slash. e.g: opencrvs

DOCKERHUB_REPO

The name of your Dockerhub repository that forms the URL to your country config docker image on Dockerhub after the slash.. e.g. ocrvs-farajaland

Environment secrets

Secret
Description

SUPER_USER_PASSWORD

This is an OpenCRVS superuser National System Admnistrator password used when seeding the databases in deployed environments.

ELASTICSEARCH_SUPERUSER_PASSWORD

The Elasticsearch superuser password. You can also use this to login to Kibana with the username "elastic" and you have superuser Elastic privileges. Kibana URL: https://kibana.<your_domain>

KIBANA_USERNAME

A username for a regular Kibana user to login and monitor OpenCRVS stack health. Useful for developers as this user will have no superuser privileges.

KIBANA_PASSWORD

A password for a regular Kibana user to login and monitor OpenCRVS stack health

MONGODB_ADMIN_USER

The MongoDB superuser admin username. A powerful account that has all rights to OpenCRVS data

MONGODB_ADMIN_PASSWORD

The MongoDB superuser admin password.

MINIO_ROOT_USER

A username for a Minio superuser admin to login to the Minio console to view supporting document attachments submitted during registrations. https://minio-console.<your_domain>

MINIO_ROOT_PASSWORD

A password for a Minio superuser admin

SMTP_HOST

SMTP_PORT

SMTP_USERNAME

SMTP_PASSWORD

SMTP_SECURE

Whether or not your SMTP port requires TLS

ALERT_EMAIL

Email address or Slack channel address to send system technical alerts to.

SENDER_EMAIL_ADDRESS

The sender email address that appears in all emails will need to be configured.

SSH_KEY

This is a copy of the id_rsa file for the SSH Key, not the id_rsa.pub!

SSH_USER

Equal to "provision"

SSH_HOST

IP address for the server

Environment variables

Variable
Description

REPLICAS

The number of replicas: 1, 2, 3 or 5 depending on how many servers are in the environment cluster

DOMAIN

The host domain name (without www!) for your environment.

CONTENT_SECURITY_POLICY_WILDCARD

This string is supplied to the clients and nginx config and ensures that the format of your domain above can be configurable for CORS purposes.

ACTIVATE_USERS

When users are seeded, are they immediately active using a test password and six zeros as a 2-Factor auth code. Always false in production and staging.

AUTH_HOST, CLIENT_APP_URL, COUNTRY_CONFIG_HOST, GATEWAY_HOST, LOGIN_URL

URLs passed to docker-compose to support internal microservice comms.

DISK_SPACE

The amount of disk space set aside for encrypted PII data stored by OpenCRVS

NOTIFICATION_TRANSPORT

A prop which can be used to configure either Email or SMS for staff and beneficiary comms or potentially both.

SSH_ARGS

Arguments that are passed to the SSH command to access the server, such as when using a bastion or jump.

VPN_HOST_ADDRESS

IP address for the VPN server

VPN_ADMIN_PASSWORD

Password for the optional, built-in Wireguard VPN Admin interface at https://vpn.<your domain>

Optional environment secrets

Parameter
Description

SENTRY_DSN

INFOBIP_API_KEY

INFOBIP_SENDER_ID

If you are using SMS for communications, then the sender id that appears in all SMS messages will need to be configured. Its likely you will have your own custom requirements depending on your chosen provider.

INFOBIP_GATEWAY_ENDPOINT

We use this prop to store the endpoint URL for the Infobip API. Its likely you will have your own custom requirements depending on your chosen provider.

Last updated