forked from demarches-simplifiees/demarches-simplifiees.fr
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathsecrets.yml
186 lines (178 loc) · 8.95 KB
/
secrets.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
# Be sure to restart your server when you modify this file.
# Your secret key is used for verifying the integrity of signed cookies.
# If you change this key, all old signed cookies will become invalid!
# Make sure the secret is at least 30 characters and all random,
# no regular words or you'll be exposed to dictionary attacks.
# You can use `rake secret` to generate a secure secret key.
# Make sure the secrets in this file are kept private
# if you're sharing your code publicly.
defaults: &defaults
secret_key_base: <%= ENV["SECRET_KEY_BASE"] %>
encryption_service_salt: <%= ENV["ENCRYPTION_SERVICE_SALT"] %>
otp_secret_key: <%= ENV["OTP_SECRET_KEY"] %>
active_record_encryption:
primary_key: <%= ENV["AR_ENCRYPTION_PRIMARY_KEY"] %>
key_derivation_salt: <%= ENV["AR_ENCRYPTION_KEY_DERIVATION_SALT"] %>
basic_auth:
username: <%= ENV['BASIC_AUTH_USERNAME'] %>
password: <%= ENV['BASIC_AUTH_PASSWORD'] %>
france_connect_particulier: &france_connect_particulier
identifier: <%= ENV['FC_PARTICULIER_ID'] %>
secret: <%= ENV['FC_PARTICULIER_SECRET'] %>
redirect_uri: https://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback
authorization_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/authorize
token_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/token
userinfo_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/userinfo
logout_endpoint: <%= ENV['FC_PARTICULIER_BASE_URL'] %>/api/v1/logout
sipf:
identifier: <%= ENV['SIPF_CLIENT_ID'] %>
secret: <%= ENV['SIPF_CLIENT_SECRET'] %>
redirect_uri: <%= (Rails.env.production? ? 'https' : 'http') %>://<%= ENV['APP_HOST'] %>/auth/sipf/callback
authorization_endpoint: <%= ENV['SIPF_CLIENT_BASE_URL'] %>/protocol/openid-connect/auth
token_endpoint: <%= ENV['SIPF_CLIENT_BASE_URL'] %>/protocol/openid-connect/token
userinfo_endpoint: <%= ENV['SIPF_CLIENT_BASE_URL'] %>/protocol/openid-connect/userinfo
logout_endpoint: <%= ENV['SIPF_CLIENT_BASE_URL'] %>/protocol/openid-connect/logout
tatou:
identifier: <%= ENV['TATOU_CLIENT_ID'] %>
secret: <%= ENV['TATOU_CLIENT_SECRET'] %>
redirect_uri: <%= (Rails.env.production? ? 'https' : 'http') %>://<%= ENV['APP_HOST'] %>/auth/tatou/callback
authorization_endpoint: <%= ENV['TATOU_BASE_URL'] %>/protocol/openid-connect/auth
token_endpoint: <%= ENV['TATOU_BASE_URL'] %>/protocol/openid-connect/token
userinfo_endpoint: <%= ENV['TATOU_BASE_URL'] %>/protocol/openid-connect/userinfo
logout_endpoint: <%= ENV['TATOU_BASE_URL'] %>/protocol/openid-connect/logout
github:
client_id: <%= ENV['GITHUB_CLIENT_ID'] %>
client_secret: <%= ENV['GITHUB_CLIENT_SECRET'] %>
facebook:
client_id: <%= ENV['FACEBOOK_CLIENT_ID'] %>
client_secret: <%= ENV['FACEBOOK_CLIENT_SECRET'] %>
identifier: <%= ENV['FACEBOOK_CLIENT_ID'] %>
secret: <%= ENV['FACEBOOK_CLIENT_SECRET'] %>
redirect_uri: <%= (Rails.env.production? ? 'https': 'http') %>://<%= ENV['APP_HOST'] %>/auth/facebook/callback
authorization_endpoint: https://www.facebook.com/v5.0/dialog/oauth
token_endpoint: https://graph.facebook.com/v5.0/oauth/access_token
userinfo_endpoint: <%= ENV['FACEBOOK_BASE_URL'] %>/protocol/openid-connect/userinfo
logout_endpoint: <%= ENV['FACEBOOK_BASE_URL'] %>/protocol/openid-connect/logout
google:
identifier: <%= (Rails.env.test? ? 'plop' : ENV['GOOGLE_CLIENT_ID']) %>
secret: <%= ENV['GOOGLE_CLIENT_SECRET'] %>
redirect_uri: <%= (Rails.env.production? ? 'https': 'http') %>://<%= ENV['APP_HOST'] %>/auth/google/callback
authorization_endpoint: https://accounts.google.com/o/oauth2/v2/auth
token_endpoint: https://oauth2.googleapis.com/token
userinfo_endpoint: https://openidconnect.googleapis.com/v1/userinfo
logout_endpoint:
microsoft:
identifier: <%= ENV['MICROSOFT_CLIENT_ID'] %>
secret: <%= ENV['MICROSOFT_CLIENT_SECRET'] %>
redirect_uri: <%= (Rails.env.production? ? 'https': 'http') %>://<%= ENV['APP_HOST'] %>/auth/microsoft/callback
authorization_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
token_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/token
userinfo_endpoint: https://graph.microsoft.com/oidc/userinfo
logout_endpoint: https://login.microsoftonline.com/common/oauth2/v2.0/logout
yahoo:
identifier: <%= ENV['YAHOO_CLIENT_ID'] %>
secret: <%= ENV['YAHOO_CLIENT_SECRET'] %>
redirect_uri: https://<%= ENV['APP_HOST'] %>/auth/yahoo/callback
authorization_endpoint: https://api.login.yahoo.com/oauth2/request_auth
token_endpoint: https://api.login.yahoo.com/oauth2/get_token
userinfo_endpoint: https://api.login.yahoo.com/openid/v1/userinfo
logout_endpoint:
dolist:
username: <%= ENV['DOLIST_USERNAME'] %>
password: <%= ENV['DOLIST_PASSWORD'] %>
account_id: <%= ENV['DOLIST_ACCOUNT_ID'] %>
api_key: <%= ENV['DOLIST_API_KEY'] %>
default_sender_id: <%= ENV['DOLIST_DEFAULT_SENDER_ID'] || 1 %>
gouv_sender_id: <%= ENV['DOLIST_GOUV_SENDER_ID'] || 1 %>
api_entreprise:
key: <%= ENV['API_ENTREPRISE_KEY'] %>
mailtrap:
username: <%= ENV['MAILTRAP_USERNAME'] %>
password: <%= ENV['MAILTRAP_PASSWORD'] %>
helpscout:
mailbox_id: <%= ENV['HELPSCOUT_MAILBOX_ID'] %>
client_id: <%= ENV['HELPSCOUT_CLIENT_ID'] %>
client_secret: <%= ENV['HELPSCOUT_CLIENT_SECRET'] %>
webhook_secret: <%= ENV['HELPSCOUT_WEBHOOK_SECRET'] %>
api_ispf_entreprise:
user: <%= ENV['API_ISPF_USER'] %>
pwd: <%= ENV['API_ISPF_PASSWORD'] %>
gravitee: <%= ENV['API_ISPF_GRAVITEE_KEY'] %>
api_cps:
username: <%= ENV['API_CPS_USERNAME'] %>
password: "<%= ENV['API_CPS_PASSWORD'] %>"
client_id: <%= ENV['API_CPS_CLIENT_ID'] %>
client_secret: <%= ENV['API_CPS_CLIENT_SECRET'] %>
sendinblue:
enabled: <%= ENV.key?('SENDINBLUE_BALANCING_VALUE') %>
username: <%= ENV['SENDINBLUE_USER_NAME'] %>
client_key: <%= ENV['SENDINBLUE_API_V3_KEY'] %>
smtp_key: <%= ENV['SENDINBLUE_SMTP_KEY'] %>
api_v3_key: <%= ENV['SENDINBLUE_API_V3_KEY'] %>
mattermost:
send_in_blue_outage_webhook_url: <%= ENV['SEND_IN_BLUE_OUTAGE_WEBHOOK_URL'] %>
support_webhook_url: <%= ENV['SUPPORT_WEBHOOK_URL'] %>
matomo:
cookie_domain: "<%= ENV['MATOMO_COOKIE_DOMAIN'] %>"
domain: "<%= ENV['MATOMO_DOMAIN'] %>"
enabled: <%= ENV['MATOMO_ENABLED'] == 'enabled' %>
host: <%= ENV['MATOMO_HOST'] %>
client_key: <%= ENV['MATOMO_ID'] %>
sentry:
enabled: <%= ENV['SENTRY_ENABLED'] == 'enabled' %>
js_client_key: <%= ENV['SENTRY_DSN_JS'] %>
rails_client_key: <%= ENV['SENTRY_DSN_RAILS'] %>
environment: <%= ENV['SENTRY_CURRENT_ENV'] %>
crisp:
enabled: <%= ENV['CRISP_ENABLED'] == 'enabled' %>
client_key: <%= ENV['CRISP_CLIENT_KEY'] %>
universign:
userpwd: <%= ENV['UNIVERSIGN_USERPWD'] %>
certigna:
userpwd: <%= ENV['CERTIGNA_USERPWD'] %>
autocomplete:
api_geo_url: <%= ENV['API_GEO_URL'] %>
api_adresse_url: <%= ENV['API_ADRESSE_URL'] %>
api_education_url: <%= ENV['API_EDUCATION_URL'] %>
datagouv:
api_key: <%= ENV['DATAGOUV_API_KEY'] %>
api_url: <%= ENV['DATAGOUV_API_URL'] %>
descriptif_demarches_dataset: <%= ENV['DATAGOUV_DESCRIPTIF_DEMARCHES_DATASET'] %>
descriptif_demarches_resource: <%= ENV['DATAGOUV_DESCRIPTIF_DEMARCHES_RESOURCE'] %>
statistics_dataset: <%= ENV['DATAGOUV_STATISTICS_DATASET'] %>
development:
<<: *defaults
france_connect_particulier:
<<: *france_connect_particulier
redirect_uri: http://<%= ENV['APP_HOST'] %>/france_connect/particulier/callback
test:
<<: *defaults
secret_key_base: aa52abc3f3a629d04a61e9899a24c12f52b24c679cbf45f8ec0cdcc64ab9526d673adca84212882dff3911ac98e0c32ec4729ca7b3429ba18ef4dfd1bd18bc7a # ggignore
encryption_service_salt: QUDyMoXyw2YXU8pHnpts3w9MyMpsMQ6BgP62obgCf7PQv # ggignore
otp_secret_key: 78ddda3679dc0ba2c99f50bcff04f49d862358dbeb7ead50368fdd6de14392be884ee10a204a0375b4b382e1a842fafe40d7858b7ab4796ec3a67c518d31112b # ggignore
active_record_encryption:
primary_key: test-RgUyzplf0kehB5fyZpmCd37uvgb # ggignore
key_derivation_salt: test-yyMmzM9cTSD1rs3Fq3hwt3hMNg4 # ggignore
api_entreprise:
key: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6Ik9oIHllYWgiLCJpYXQiOjE1MTYyMzkwMjJ9.f06sBo3q2Yxnw_TYPFUEs0CozBmcV-XniH_DeKNWzKE" # ggignore
france_connect_particulier:
identifier: france_connect_test_identifier
secret: france_connect_test_secret
redirect_uri: https://bidon.com/endpoint
authorization_endpoint: https://bidon.com/endpoint
token_endpoint: https://bidon.com/endpoint
userinfo_endpoint: https://bidon.com/endpoint
logout_endpoint: https://bidon.com/endpoint
universign:
userpwd: 'fake:fake'
autocomplete:
api_geo_url: /test/api_geo
datagouv:
api_key: "clesecrete"
api_url: "https://www.data.gouv.fr/api/1"
descriptif_demarches_dataset: "ethopundataset"
descriptif_demarches_resource: "etbimuneressource"
# Do not keep production secrets in the repository,
# instead read values from the environment.
production:
<<: *defaults