-
Notifications
You must be signed in to change notification settings - Fork 1
/
local.env.dist
196 lines (125 loc) · 4.96 KB
/
local.env.dist
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
### Password API configuration parameters ###
# Do not enclose values in quotation marks. Spaces are allowed if
# appropriate for an individual parameter.
# Parameters are required unless a default is shown or specifically
# described as optional.
# === IDP parameters ===
# The code name of this IdP. Example: "org"
IDP_NAME=
# Full name of the IDP. Used in email templates and frontend config. Default is
# set to the value of IDP_NAME. Example: "Acme, Inc."
#IDP_DISPLAY_NAME=
# === AWS AppConfig ===
# Leave these blank if you don't want to use AppConfig
# The AWS region in use
AWS_REGION=
# The AppConfig Application ID (or name)
APP_ID=
# The AppConfig Configuration Profile ID (or name)
CONFIG_ID=
# The AppConfig Environment ID (or name)
ENV_ID=
# === email template data ===
# Email signature line, e.g. "Your friendly Help Desk team"
EMAIL_SIGNATURE=
# Help center URL, e.g. "https://helpdesk.example.com"
HELP_CENTER_URL=
# === UI URL ===
# URL of the profile manager user interface, e.g. https://profile.example.com
UI_URL=
# CORS_ORIGIN of the UI, defaults to the value of UI_URL
UI_CORS_ORIGIN=
# === frontend config data ===
# Optional support contact information. SUPPORT_EMAIL must be provided if HELP_CENTER_URL is not
#SUPPORT_PHONE=
#SUPPORT_EMAIL=
#SUPPORT_NAME=support
#SUPPORT_URL=
#SUPPORT_FEEDBACK=
# === ReCAPTCHA config data ===
# Set to true to require ReCAPTCHA, false otherwise. Default is true.
RECAPTCHA_REQUIRED=true
# Site key, part of frontend config but listed here with other
# ReCAPTCHA data.
RECAPTCHA_SITE_KEY=
# Secret key, not required if RECAPTCHA_REQUIRED is false.
RECAPTCHA_SECRET_KEY=
# === Security settings ===
# Hash key used when creating hash of access token before storing in database.
ACCESS_TOKEN_HASH_KEY=
# === Alerts and Logging ===
# If true, error alerts will be sent to ALERTS_EMAIL.
ALERTS_EMAIL_ENABLED=false
# Email to which to send error alerts. Required if ALERTS_EMAIL_ENABLED is true
#ALERTS_EMAIL=
# To use Sentry for error alerting, obtain DSN from Sentry dashboard: Settings - Projects - (project) - Client Keys
SENTRY_DSN=
# === Email service ===
# Base URL of email service, e.g. http://docker.for.mac.localhost:8888
EMAIL_SERVICE_baseUrl=
# Access token, must match one of API_ACCESS_KEYS defined in email service
EMAIL_SERVICE_accessToken=
# If true, IP address of EMAIL_SERVICE_baseUrl must be in EMAIL_SERVICE_validIpRanges
EMAIL_SERVICE_assertValidIp=
# Comma-separated list of acceptable IP address ranges for baseUrl validation.
# If EMAIL_SERVICE_assertValidIp is false, this is still required but is ignored.
# Example: 127.0.0.1/32,192.168.65.1/32
EMAIL_SERVICE_validIpRanges=
# === ID Broker ===
# ID Broker service, used for the default passwordStore and personnel components.
# Base URL of ID Broker service, e.g. http://docker.for.mac.localhost:8090
ID_BROKER_baseUrl=
# Access token, must match one of API_ACCESS_KEYS defined in ID Broker service
ID_BROKER_accessToken=
# If true, IP address of ID_BROKER_baseUrl must be in ID_BROKER_validIpRanges
ID_BROKER_assertValidBrokerIp=
# Comma-separated list of acceptable IP address ranges for baseUrl validation.
# If ID_BROKER_assertValidBrokerIp is false, this is not required.
# Example: 127.0.0.1/32,192.168.65.1/32
ID_BROKER_validIpRanges=
# === Password validation rules ===
# Minimum password length, default=10
#PASSWORD_RULE_minLength=10
# Maximum password length, default=255
#PASSWORD_RULE_maxLength=255
# Minimum ZXCVBN password score, default=3
#PASSWORD_RULE_minScore=3
# Enable haveibeenpwned.com password check, default is true
#PASSWORD_RULE_enableHIBP=true
# Require both Alpha and Numeric characters, default is false
#PASSWORD_RULE_requireAlphaAndNumeric=false
# URL of ZXCVBN service, required
#ZXCVBN_API_BASEURL=
# === Authentication component ===
# AUTH_SAML_signRequest: default=true
#AUTH_SAML_signRequest=
# AUTH_SAML_checkResponseSigning: default=true
#AUTH_SAML_checkResponseSigning=
# AUTH_SAML_requireEncryptedAssertion: default=true
#AUTH_SAML_requireEncryptedAssertion=
# The following are required, and must match the simplesamlphp configuration
AUTH_SAML_idpCertificate=
AUTH_SAML_spCertificate=
AUTH_SAML_spPrivateKey=
AUTH_SAML_entityId=
AUTH_SAML_ssoUrl=
AUTH_SAML_sloUrl=
# === Composer ===
# auth key for Composer to bypass GitHub rate limiting, example:
#COMPOSER_AUTH={"github-oauth":{"github.com":"12341142b12441234c12414124d124e1234124f2"}}
#COMPOSER_AUTH=
# cache directory for Composer
#COMPOSER_CACHE_DIR=/tmp
# === Debug and development ===
# specify one of [prod|dev|test]; defaults to prod
#APP_ENV=
# IP Address of development machine. Used for Xdebug connection.
# Required if APP_ENV=dev
#REMOTE_DEBUG_IP=
# === Test values for Google component ===
#TEST_GOOGLE_PWSTORE_CONFIG_delegatedAdminEmail=
#TEST_GOOGLE_PWSTORE_CONFIG_jsonAuthConfigBase64=
## This test user must exist in the Google instance
#TEST_GOOGLE_USER_EMAIL=
## This employee ID must match the 'externalId' for the test user
#TEST_GOOGLE_USER_EMPLOYEE_ID=