OpenCRVS
v1.5
v1.5
  • 👋Welcome!
  • CRVS Systems
    • Understanding CRVS
    • Effective digital CRVS systems
    • OpenCRVS within a government systems architecture
    • OpenCRVS Value Proposition
  • Product Specifications
    • Functional Architecture
    • Workflow management
    • Status Flow Diagram
    • Users
      • Examples
    • Core functions
      • 1. Notify event
      • 2. Declare event
      • 3. Validate event
      • 4. Register event
      • 5. Print certificate
      • 6. Issue certificate
      • 7. Search for a record
      • 8. View record
      • 9. Correct record
      • 10. Verify record
      • 11. Archive record
      • 12. Vital statistics export
    • Support functions
      • 13. Login
      • 14. Audit
      • 15. Deduplication
      • 16. Performance management
      • 17. Payment
      • 18. Learning
      • 19. User support
      • 20. User onboarding
    • Admin functions
      • 21. User management
      • 22. Comms management
      • 23. Content management
      • 24. Config management
    • Data functions
      • 25. Legacy data import
      • 26. Legacy paper import
  • Technology
    • Architecture
      • Performance tests
    • Standards
      • FHIR Documents
        • Event Composition
        • Person
        • Registration Task
        • Event Observations
        • Locations
    • Security
    • Interoperability
      • Create a client
      • Authenticate a client
      • Event Notification clients
      • Record Search clients
      • Webhook clients
      • National ID client
      • FHIR Location REST API
      • Other ways to interoperate
  • Default configuration
    • Intro to Farajaland
    • Civil registration in Farajaland
    • OpenCRVS configuration in Farajaland
      • Application settings
      • User / role mapping
      • Declaration forms
      • Certificate templates
    • Business process flows in Farajaland
  • Setup
    • 1. Planning an OpenCRVS Implementation
    • 2. Establish project and team
    • 3. Gather requirements
      • 3.1 Mapping business processes
      • 3.2 Mapping offices and user types
      • 3.3 Define your application settings
      • 3.4 Designing event declaration forms
      • 3.5 Designing a certificate template
    • 4. Installation
      • 4.1 Set-up a local development environment
        • 4.1.1 Install the required dependencies
        • 4.1.2 Install OpenCRVS locally
        • 4.1.3 Starting and stopping OpenCRVS
        • 4.1.4 Log in to OpenCRVS locally
        • 4.1.5 Tooling
          • 4.1.5.1 WSL Support
      • 4.2 Set-up your own, local, country configuration
        • 4.2.1 Fork your own country configuration repository
        • 4.2.2 Set up administrative address divisions
          • 4.2.2.1 Prepare source file for administrative structure
          • 4.2.2.2 Prepare source file for statistics
        • 4.2.3 Set up CR offices and Health facilities
          • 4.2.3.1 Prepare source file for CRVS Office facilities
          • 4.2.3.2 Prepare source file for health facilities
        • 4.2.4 Set up employees & roles for testing or production
          • 4.2.3.1 Prepare source file for employees
          • 4.2.3.2 Configure role titles
        • 4.2.5 Set up application settings
          • 4.2.5.1 Managing language content
            • 4.2.5.1.1 Informant and staff notifications
          • 4.2.5.2 Configuring Metabase Dashboards
        • 4.2.6 Configure certificate templates
        • 4.2.7 Configure declaration forms
          • 4.2.7.1 Configuring an event form
        • 4.2.8 Seeding & clearing your local databases
        • 4.2.9 Countryconfig API endpoints explained
      • 4.3 Set-up a server-hosted environment
        • 4.3.1 Verify servers & create a "provision" user
        • 4.3.2 TLS / SSL & DNS
          • 4.3.2.1 LetsEncrypt https challenge in development environments
          • 4.3.2.2 LetsEncrypt DNS challenge in production
          • 4.3.2.3 Static TLS certificates
        • 4.3.3 Configure inventory files
        • 4.3.4 Create a Github environment
          • 4.3.4.1 Environment secrets and variables explained
          • 4.3.4.2 VPN Recipes
        • 4.3.5 Provisioning servers
          • 4.3.5.1 SSH access
          • 4.3.5.2 Building, pushing & releasing your countryconfig code
          • 4.3.5.3 Ansible tasks when provisioning
        • 4.3.6 Deploy
          • 4.3.6.1 Running a deployment
          • 4.3.6.2 Seeding a server environment
          • 4.3.6.3 Login to an OpenCRVS server
          • 4.3.6.5 Resetting a server environment
        • 4.3.7 Backup & Restore
          • 4.3.7.1 Restoring a backup
          • 4.3.7.2 Off-boarding from OpenCRVS
    • 5. Functional configuration
      • 5.1 Configure application settings
      • 5.2 Configure registration periods and fees
      • 5.3 Managing system users
    • 6. Quality assurance testing
    • 7. Go-live
      • 7.1 Pre-Deployment Checklist
    • 8. Operational Support
    • 9. Monitoring
      • 9.1 Application logs
      • 9.2 Infrastructure health
      • 9.3 Routine monitoring checklist
      • 9.4 Setting up alerts
      • 9.5 Managing a Docker Swarm
  • General
    • Community
    • Contributing
    • Releases
      • v1.5.1: Release notes
      • v1.5.0: Release notes
      • v1.4.1: Release notes
      • v1.4.0 to v1.4.1 Migration notes
      • v1.4.0 Release notes
      • v1.3.* to v1.4.* Migration notes
      • v1.3.5: Release notes
      • v1.3.4: Release notes
      • v1.3.3: Release notes
      • v1.3.1: Release notes
      • v1.3.0: Release notes
      • v1.2.1: Release notes
      • Patch: Elasticsearch 7.10.2
      • v1.2.0: Release notes
      • v.1.1.2: Release notes
      • v.1.1.1: Release notes
      • v1.1.0: Release notes
    • Roadmap
Powered by GitBook
On this page
  • Global repository secrets
  • Environment secrets
  • Environment variables
  • Optional environment secrets
  1. Setup
  2. 4. Installation
  3. 4.3 Set-up a server-hosted environment
  4. 4.3.4 Create a Github environment

4.3.4.1 Environment secrets and variables explained

Global repository secrets

Parameter
Description

DOCKER_USERNAME

DOCKER_TOKEN

DOCKERHUB_ACCOUNT

The name of your Dockerhub account or organisation that forms the URL to your country config docker image on Dockerhub before the slash. e.g: opencrvs

DOCKERHUB_REPO

The name of your Dockerhub repository that forms the URL to your country config docker image on Dockerhub after the slash.. e.g. ocrvs-farajaland

GH_TOKEN

The personal Github Token used in all Action runners.

GH_ENCRYPTION_PASSWORD

Using the Github Token, a password is created that allows automated actions to access the secrets from other environments. This occurs during provisioning so that the production, backup and staging environments use the same BACKUP_ENCRYPTION_PASSPHRASE.

Environment secrets

Secret
Description

BACKUP_ENCRYPTION_PASSPHRASE

This is the password that is used to encrypt all the backups that OpenCRVS creates from a production server and that are stored on the backup server. Use this passphrase to decrypt the backups.

ELASTICSEARCH_SUPERUSER_PASSWORD

The Elasticsearch superuser password. You can also use this to login to Kibana with the username "elastic" and you have superuser Elastic privileges. Kibana URL: https://kibana.<your_domain>

KIBANA_USERNAME

A username for a regular Kibana user to login and monitor OpenCRVS stack health. Useful for developers as this user will have no superuser privileges.

KIBANA_PASSWORD

A password for a regular Kibana user to login and monitor OpenCRVS stack health

MONGODB_ADMIN_USER

The MongoDB superuser admin username. A powerful account that has all rights to OpenCRVS data

MONGODB_ADMIN_PASSWORD

The MongoDB superuser admin password.

MINIO_ROOT_USER

A username for a Minio superuser admin to login to the Minio console to view supporting document attachments submitted during registrations. https://minio-console.<your_domain>

MINIO_ROOT_PASSWORD

A password for a Minio superuser admin

SMTP_HOST

SMTP_PORT

SMTP_USERNAME

SMTP_PASSWORD

SMTP_SECURE

Whether or not your SMTP port requires TLS

ALERT_EMAIL

Email address or Slack channel address to send system technical alerts to.

SENDER_EMAIL_ADDRESS

The sender email address that appears in all emails will need to be configured.

SSH_KEY

This is a copy of the id_rsa file for the SSH Key, not the id_rsa.pub!

SSH_USER

Equal to "provision"

OPENCRVS_METABASE_ADMIN_EMAIL

Email address for metabase admin panel login

OPENCRVS_METABASE_ADMIN_PASSWORD

Password for metabase admin panel login

Environment variables

Variable
Description

REPLICAS

The number of replicas: 1, 2, 3 or 5 depending on how many servers are in the environment cluster

DOMAIN

The host domain name (without www!) for your environment.

CONTENT_SECURITY_POLICY_WILDCARD

This string is supplied to the clients and nginx config and ensures that the format of your domain above can be configurable for CORS purposes.

ACTIVATE_USERS

When users are seeded, are they immediately active using a test password and six zeros as a 2-Factor auth code. Always false in production and staging.

AUTH_HOST, CLIENT_APP_URL, COUNTRY_CONFIG_HOST, GATEWAY_HOST, LOGIN_URL

URLs passed to docker-compose to support internal microservice comms.

DISK_SPACE

The amount of disk space set aside for encrypted PII data stored by OpenCRVS

NOTIFICATION_TRANSPORT

A prop which can be used to configure either Email or SMS for staff and beneficiary comms or potentially both.

SSH_HOST, SSH_PORT, SSH_ARGS

Arguments that are passed to the SSH command to access the server as the provision user

Optional environment secrets

Parameter
Description

SENTRY_DSN

Previous4.3.4 Create a Github environmentNext4.3.4.2 VPN Recipes

Last updated 5 months ago

Your username to access the container registry. If you are using a different container registry, you will need to manually edit the deploy.yml appropriately.

Your access token.

OpenCRVS can report application errors to in order to help you debug any issues in production.

Dockerhub
Dockerhub
Sentry