config/application.yml.default

# This file is used by the IdentityConfig class

# The defaults set in this file are used as the basis for configuration in all
# production and development environments. On deployed EC2 servers, we run
# deploy/activate to generate the final application.yml using this file for
# defaults and deep merging any overrides set in the application.yml from the
# app secrets S3 bucket. Deployed EC2 servers always set RAILS_ENV=production,
# so they will use values from top-level and from the production block.

# Be sure to restart your server when you modify this file.

# Make sure the secrets in this file are kept private
# if you're sharing your code publicly.

# Make sure any new entries you add are enclosed in single quotes.

aamva_auth_request_timeout: 5.0
aamva_auth_url: 'https://example.org:12345/auth/url'
aamva_cert_enabled: true
aamva_supported_jurisdictions: '["AL","AR","AZ","CO","CT","DC","DE","FL","GA","HI","IA","ID","IL","IN","KS","KY","MA","MD","ME","MI","MO","MS","MT","NC","ND","NE","NJ","NM","NV","OH","OR","PA","RI","SC","SD","TN","TX","VA","VT","WA","WI","WV","WY"]'
aamva_verification_request_timeout: 5.0
aamva_verification_url: https://example.org:12345/verification/url
ab_testing_idv_ten_digit_otp_enabled: false
ab_testing_idv_ten_digit_otp_percent: 0
all_redirect_uris_cache_duration_minutes: 2
allowed_ialmax_providers: '[]'
allowed_verified_within_providers: '[]'
available_locales: 'en,es,fr,zh'
account_reset_token_valid_for_days: 1
account_reset_fraud_user_wait_period_days:
account_reset_wait_period_days: 1
account_suspended_support_code: EFGHI
acuant_assure_id_password: ''
acuant_assure_id_subscription_id: ''
acuant_assure_id_url: ''
acuant_assure_id_username: ''
acuant_facial_match_url: ''
acuant_passlive_url: ''
# These are publicly available credentials used to initialize the client-side Acuant SDK
acuant_sdk_initialization_creds: 'aWRzY2FuZ293ZWJAYWN1YW50Y29ycC5jb206NVZLcm81Z0JEc1hrdFh2NA=='
acuant_sdk_initialization_endpoint: 'https://us.acas.acuant.net'
acuant_timeout: 45.0
acuant_upload_image_timeout: 1.0
acuant_get_results_timeout: 1.0
acuant_create_document_timeout: 1.0
add_email_link_valid_for_hours: 24
address_identity_proofing_supported_country_codes: '["AS", "GU", "MP", "PR", "US", "VI"]'
asset_host: ''
async_wait_timeout_seconds: 60
async_stale_job_timeout_seconds: 300
aws_http_timeout: 5
aws_http_retry_limit: 2
aws_http_retry_max_delay: 1
aws_kms_key_id: alias/login-dot-gov-test-keymaker
aws_kms_client_contextless_pool_size: 5
aws_kms_client_multi_pool_size: 5
aws_kms_multi_region_key_id: alias/login-dot-gov-keymaker-multi-region
aws_kms_session_key_id: alias/login-dot-gov-test-keymaker
aws_logo_bucket: ''
aws_region: 'us-west-2'
backup_code_cost: '2000$8$1$'
broken_personal_key_window_start: '2021-07-29T00:00:00Z'
broken_personal_key_window_finish: '2021-09-22T00:00:00Z'
component_previews_enabled: false
component_previews_embed_frame_ancestors: '[]'
compromised_password_randomizer_value: 1000
compromised_password_randomizer_threshold: 900
check_user_password_compromised_enabled: false
country_phone_number_overrides: '{}'
database_pool_idp: 5
database_socket: ''
database_sslmode: 'verify-full'
database_statement_timeout: 2_500
database_timeout: 5_000
database_worker_jobs_sslmode: 'verify-full'
deliver_mail_async: false
deleted_user_accounts_report_configs: '[]'
development_mailer_deliver_method: letter_opener
disable_email_sending: true
disable_logout_get_request: true
disposable_email_services: '[]'
doc_auth_attempt_window_in_minutes: 360
doc_capture_polling_enabled: true
doc_auth_check_failed_image_resubmission_enabled: true
doc_auth_client_glare_threshold: 50
doc_auth_client_sharpness_threshold: 50
doc_auth_custom_ui_enabled: false
doc_auth_s3_request_timeout: 5
doc_auth_error_dpi_threshold: 290
doc_auth_error_glare_threshold: 40
doc_auth_error_sharpness_threshold: 40
doc_auth_max_attempts: 5
doc_auth_max_capture_attempts_before_native_camera: 3
doc_auth_max_submission_attempts_before_native_camera: 3
doc_auth_selfie_capture_enabled: false
doc_auth_selfie_desktop_test_mode: false
doc_auth_sdk_capture_orientation: '{"horizontal": 100, "vertical": 0}'
doc_auth_supported_country_codes: '["US", "GU", "VI", "AS", "MP", "PR", "USA" ,"GUM", "VIR", "ASM", "MNP", "PRI"]'
doc_capture_request_valid_for_minutes: 15
email_from: no-reply@login.gov
email_from_display_name: Login.gov
email_registrations_per_ip_limit: 20
email_registrations_per_ip_period: 20
email_registrations_per_ip_track_only_mode: false
enable_add_mfa_redirect_for_personal_key: false
enable_load_testing_mode: false
enable_rate_limiting: true
enable_test_routes: true
enable_usps_verification: true
event_disavowal_expiration_hours: 240
feature_idv_force_gpo_verification_enabled: false
feature_idv_hybrid_flow_enabled: true
feature_new_device_alert_aggregation_enabled: true
geo_data_file_path: 'geo_data/GeoLite2-City.mmdb'
good_job_max_threads: 5
good_job_queues: 'default:5;low:1;*'
good_job_queue_select_limit: 5_000
gpo_designated_receiver_pii: '{}'
gpo_max_profile_age_to_send_letter_in_days: 30
hide_phone_mfa_signup: false
identity_pki_disabled: false
identity_pki_local_dev: false
idv_attempt_window_in_hours: 6
idv_available: true
idv_contact_phone_number: (844) 555-5555
idv_max_attempts: 5
idv_min_age_years: 13
idv_acuant_sdk_version_default: '11.9.2'
idv_acuant_sdk_version_alternate: '11.9.1'
idv_acuant_sdk_upgrade_a_b_testing_enabled: false
idv_acuant_sdk_upgrade_a_b_testing_percent: 50
idv_send_link_attempt_window_in_minutes: 10
idv_send_link_max_attempts: 5
idv_sp_required: false
in_person_public_address_search_enabled: false
in_person_doc_auth_button_enabled: true
in_person_email_reminder_early_benchmark_in_days: 11
in_person_email_reminder_final_benchmark_in_days: 1
in_person_email_reminder_late_benchmark_in_days: 4
in_person_proofing_enabled: false
in_person_proofing_enforce_tmx: false
in_person_proofing_opt_in_enabled: false
in_person_state_id_controller_enabled: false
in_person_enrollment_validity_in_days: 30
in_person_enrollments_ready_job_email_body_pattern: '\A\s*(?<enrollment_code>\d{16})\s*\Z'
in_person_enrollments_ready_job_cron: '0/10 * * * *'
in_person_enrollments_ready_job_enabled: false
in_person_enrollments_ready_job_queue_url: ''
in_person_enrollments_ready_job_max_number_of_messages: 10
in_person_enrollments_ready_job_visibility_timeout_seconds: 30
in_person_enrollments_ready_job_wait_time_seconds: 20
in_person_results_delay_in_hours: 1
in_person_completion_survey_url: 'https://login.gov'
in_person_full_address_entry_enabled: true
in_person_outage_message_enabled: false
# in_person_outage_expected_update_date and in_person_outage_emailed_by_date below
# are strings in the format 'Month day, year'
in_person_outage_expected_update_date: 'October 31, 2024'
in_person_outage_emailed_by_date: 'November 1, 2024'
in_person_send_proofing_notifications_enabled: false
in_person_stop_expiring_enrollments: false
invalid_gpo_confirmation_zipcode: '00001'
logins_per_ip_track_only_mode: false
# LexisNexis #####################################################
lexisnexis_base_url: https://www.example.com
lexisnexis_request_mode: testing
# Instant Verify and Phone Finder Integrations
lexisnexis_account_id: test_account
lexisnexis_username: test_username
lexisnexis_password: test_password
lexisnexis_hmac_auth_enabled: false
lexisnexis_hmac_key_id: pf_iv_hmac_key_id
lexisnexis_hmac_secret_key: pf_iv_hmac_secret_key
lexisnexis_phone_finder_timeout: 1.0
lexisnexis_phone_finder_workflow: customers.gsa2.phonefinder.workflow
lexisnexis_instant_verify_timeout: 1.0
lexisnexis_instant_verify_workflow: gsa2.chk32.test.wf
lexisnexis_instant_verify_workflow_ab_testing_enabled: false
lexisnexis_instant_verify_workflow_ab_testing_percent: 5
lexisnexis_instant_verify_workflow_alternate: gsa2.chk14.test.wf
# TrueID DocAuth Integration
lexisnexis_trueid_account_id: '12345'
lexisnexis_trueid_username: test_username
lexisnexis_trueid_password: test_password
lexisnexis_trueid_hmac_key_id: trueid_hmac_key_id
lexisnexis_trueid_hmac_secret_key: trueid_hmac_secret_key
lexisnexis_trueid_timeout: 60.0
lexisnexis_trueid_liveness_cropping_workflow: customers.gsa2.trueid.workflow
lexisnexis_trueid_liveness_nocropping_workflow: customers.gsa2.trueid.workflow
lexisnexis_trueid_noliveness_cropping_workflow: customers.gsa2.trueid.workflow
lexisnexis_trueid_noliveness_nocropping_workflow: customers.gsa2.trueid.workflow
###################################################################
# LexisNexis DDP/ThreatMetrix #####################################
lexisnexis_threatmetrix_mock_enabled: true
lexisnexis_threatmetrix_support_code: ABCD
lexisnexis_threatmetrix_timeout: 1.0
lexisnexis_threatmetrix_js_signing_cert: ''
###################################################################
lockout_period_in_minutes: 10
log_to_stdout: false
login_otp_confirmation_max_attempts: 10
logins_per_email_and_ip_bantime: 60
logins_per_email_and_ip_limit: 5
logins_per_email_and_ip_period: 60
logins_per_ip_period: 60
logo_upload_enabled: false
mailer_domain_name: http://localhost:3000
max_auth_apps_per_account: 2
max_bad_passwords: 5
max_bad_passwords_window_in_seconds: 60
max_emails_per_account: 12
max_mail_events: 4
max_mail_events_window_in_days: 30
max_phone_numbers_per_account: 5
max_piv_cac_per_account: 2
min_password_score: 3
minimum_wait_before_another_usps_letter_in_hours: 24
mx_timeout: 3
new_device_alert_delay_in_minutes: 5
openid_connect_redirect: client_side_js
openid_connect_content_security_form_action_enabled: false
openid_connect_redirect_uuid_override_map: '{}'
openid_connect_redirect_issuer_override_map: '{}'
otp_delivery_blocklist_maxretry: 10
otp_valid_for: 10
otp_expiration_warning_seconds: 150
otps_per_ip_limit: 25
otps_per_ip_period: 300
otps_per_ip_track_only_mode: true
outbound_connection_check_retry_count: 2
outbound_connection_check_timeout: 5
outbound_connection_check_url: 'https://checkip.amazonaws.com'
participate_in_dap: false
password_max_attempts: 3
personal_key_retired: true
phone_carrier_registration_blocklist_array: '[]'
short_term_phone_otp_max_attempt_window_in_seconds: 10
short_term_phone_otp_max_attempts: 2
phone_confirmation_max_attempts: 20
phone_confirmation_max_attempt_window_in_minutes: 1_440
phone_service_check: true
phone_recaptcha_mock_validator: true
phone_recaptcha_score_threshold: 0.0
phone_recaptcha_country_score_overrides: '{"AS":0.0,"GU":0.0,"MP":0.0,"PR":0.0,"US":0.0,"VI":0.0,"CA":0.0,"MX":0.0}'
phone_setups_per_ip_limit: 25
phone_setups_per_ip_period: 300
phone_setups_per_ip_track_only_mode: false
pii_lock_timeout_in_minutes: 30
pinpoint_sms_sender_id: 'aaa'
pinpoint_sms_configs: '[]'
pinpoint_voice_configs: '[]'
pinpoint_voice_pool_size: 5
piv_cac_service_url: https://localhost:8443/
piv_cac_service_timeout: 5.0
piv_cac_verify_token_url: https://localhost:8443/
poll_rate_for_verify_in_seconds: 3
prometheus_exporter: false
proofer_mock_fallback: true
proof_address_max_attempts: 5
proof_address_max_attempt_window_in_minutes: 360
proof_ssn_max_attempts: 10
proof_ssn_max_attempt_window_in_minutes: 60
proofing_device_profiling: enabled
push_notifications_enabled: false
pwned_passwords_file_path: 'pwned_passwords/pwned_passwords.txt'
rack_mini_profiler: false
rack_timeout_service_timeout_seconds: 15
rails_mailer_previews_enabled: false
raise_on_missing_title: false
reauthn_window: 1200
recaptcha_enterprise_api_key: ''
recaptcha_enterprise_project_id: ''
recaptcha_site_key: ''
recaptcha_secret_key: ''
recovery_code_length: 4
redis_throttle_url: redis://localhost:6379/1
redis_url: redis://localhost:6379/0
redis_pool_size: 10
redis_throttle_pool_size: 5
reg_confirmed_email_max_attempts: 20
reg_confirmed_email_window_in_minutes: 60
reg_unconfirmed_email_max_attempts: 20
reg_unconfirmed_email_window_in_minutes: 60
reject_id_token_hint_in_logout: false
remember_device_expiration_hours_aal_1: 720
remember_device_expiration_minutes_aal_2: 0
report_timeout: 0
requests_per_ip_cidr_allowlist: ''
requests_per_ip_limit: 300
requests_per_ip_path_prefixes_allowlist: ''
requests_per_ip_period: 300
requests_per_ip_track_only_mode: false
reset_password_email_max_attempts: 20
reset_password_email_window_in_minutes: 60
reset_password_on_auth_fraud_event: true
risc_notifications_local_enabled: false
risc_notifications_active_job_enabled: false
risc_notifications_rate_limit_interval: 60
risc_notifications_rate_limit_max_requests: 1_000
risc_notifications_rate_limit_overrides: '{"https://example.com/push":{"interval":120,"max_requests":10000}}'
risc_notifications_request_timeout: 3
ruby_workers_idv_enabled: true
rules_of_use_horizon_years: 6
rules_of_use_updated_at: '2022-01-19T00:00:00Z' # Production has a newer timestamp than this, update directly in S3
s3_public_reports_enabled: false
s3_reports_enabled: false
saml_secret_rotation_enabled: false
second_mfa_reminder_account_age_in_days: 30
second_mfa_reminder_sign_in_count: 10
seed_agreements_data: true
service_provider_request_ttl_hours: 24
session_check_delay: 30
session_check_frequency: 30
session_encryptor_alert_enabled: false
session_timeout_in_minutes: 15
session_timeout_warning_seconds: 150
session_total_duration_timeout_in_minutes: 720
ses_configuration_set_name: ''
sp_handoff_bounce_max_seconds: 2
show_unsupported_passkey_platform_authentication_setup: false
show_user_attribute_deprecation_warnings: false
otp_min_attempts_remaining_warning_count: 3
sp_issuer_user_counts_report_configs: '[]'
team_ada_email: ''
team_all_login_emails: '[]'
team_daily_fraud_metrics_emails: '[]'
team_daily_reports_emails: '[]'
team_monthly_fraud_metrics_emails: '[]'
team_ursula_email: ''
test_ssn_allowed_list: ''
totp_code_interval: 30
unauthorized_scope_enabled: false
usps_upload_enabled: false
usps_upload_sftp_timeout: 5
valid_authn_contexts: '["http://idmanagement.gov/ns/assurance/loa/1", "http://idmanagement.gov/ns/assurance/loa/3", "http://idmanagement.gov/ns/assurance/ial/1", "http://idmanagement.gov/ns/assurance/ial/2", "http://idmanagement.gov/ns/assurance/ial/0", "http://idmanagement.gov/ns/assurance/ial/2?strict=true", "urn:gov:gsa:ac:classes:sp:PasswordProtectedTransport:duo", "http://idmanagement.gov/ns/assurance/aal/2", "http://idmanagement.gov/ns/assurance/aal/3", "http://idmanagement.gov/ns/assurance/aal/3?hspd12=true","http://idmanagement.gov/ns/assurance/aal/2?phishing_resistant=true","http://idmanagement.gov/ns/assurance/aal/2?hspd12=true"]'
vendor_status_acuant: 'operational'
vendor_status_lexisnexis_instant_verify: 'operational'
vendor_status_lexisnexis_phone_finder: 'operational'
vendor_status_lexisnexis_trueid: 'operational'
vendor_status_sms: 'operational'
vendor_status_voice: 'operational'
vendor_status_idv_scheduled_maintenance_start: ''
vendor_status_idv_scheduled_maintenance_finish: ''
verification_errors_report_configs: '[]'
verify_gpo_key_attempt_window_in_minutes: 10
verify_gpo_key_max_attempts: 5
verify_personal_key_attempt_window_in_minutes: 15
verify_personal_key_max_attempts: 5
version_headers_enabled: false
vtm_url: 'https://developer.login.gov/vot-trust-framework'
use_dashboard_service_providers: false
use_kms: false
use_vot_in_sp_requests: true
usps_auth_token_refresh_job_enabled: false
usps_confirmation_max_days: 30
usps_ipp_password: ''
usps_ipp_client_id: ''
usps_ipp_root_url: ''
usps_ipp_request_timeout: 10
usps_ipp_sponsor_id: ''
usps_ipp_username: ''
usps_mock_fallback: true
usps_ipp_transliteration_enabled: false
usps_ipp_enrollment_status_update_email_address: 'no-reply@login.gov'
get_usps_ready_proofing_results_job_cron: '0/10 * * * *'
get_usps_waiting_proofing_results_job_cron: '0/30 * * * *'
get_usps_proofing_results_job_cron: '0/30 * * * *'
get_usps_proofing_results_job_reprocess_delay_minutes: 5
get_usps_proofing_results_job_request_delay_milliseconds: 1000
voice_otp_pause_time: '0.5s'
voice_otp_speech_rate: 'slow'
weekly_auth_funnel_report_config: '[]'
x509_presented_hash_attribute_requested_issuers: '[]'

development:
  aamva_private_key: 123abc
  aamva_public_key: 123abc
  attribute_encryption_key: 2086dfbd15f5b0c584f3664422a1d3409a0d2aa6084f65b6ba57d64d4257431c124158670c7655e45cabe64194f7f7b6c7970153c285bdb8287ec0c4f7553e25
  attribute_encryption_key_queue: '[{ "key": "11111111111111111111111111111111" }, { "key": "22222222222222222222222222222222" }]'
  aws_logo_bucket: ''
  check_user_password_compromised_enabled: true
  component_previews_enabled: true
  component_previews_embed_frame_ancestors: '["http://localhost:4000"]'
  compromised_password_randomizer_value: 1
  compromised_password_randomizer_threshold: 0
  dashboard_api_token: test_token
  dashboard_url: http://localhost:3001/api/service_providers
  database_host: ''
  database_name: ''
  database_password: ''
  database_read_replica_host: ''
  database_readonly_password: ''
  database_readonly_username: ''
  database_username: ''
  database_worker_jobs_name: ''
  database_worker_jobs_username: ''
  database_worker_jobs_host: ''
  database_worker_jobs_password: ''
  doc_auth_selfie_capture_enabled: false
  doc_auth_selfie_desktop_test_mode: true
  doc_auth_vendor: 'mock'
  doc_auth_vendor_randomize: false
  doc_auth_vendor_randomize_percent: 0
  doc_auth_vendor_randomize_alternate_vendor: ''
  domain_name: localhost:3000
  enable_rate_limiting: false
  hmac_fingerprinter_key: a2c813d4dca919340866ba58063e4072adc459b767a74cf2666d5c1eef3861db26708e7437abde1755eb24f4034386b0fea1850a1cb7e56bff8fae3cc6ade96c
  hmac_fingerprinter_key_queue: '["11111111111111111111111111111111", "22222222222222222222222222222222"]'
  identity_pki_local_dev: true
  in_person_proofing_enabled: true
  in_person_proofing_enforce_tmx: true
  in_person_proofing_opt_in_enabled: true
  in_person_send_proofing_notifications_enabled: true
  logins_per_ip_limit: 5
  logo_upload_enabled: true
  max_bad_passwords: 5
  newrelic_license_key: ''
  otp_delivery_blocklist_findtime: 5
  password_pepper: f22d4b2cafac9066fe2f4416f5b7a32c
  phone_recaptcha_score_threshold: 0.5
  piv_cac_verify_token_secret: ee7f20f44cdc2ba0c6830f70470d1d1d059e1279cdb58134db92b35947b1528ef5525ece5910cf4f2321ab989a618feea12ef95711dbc62b9601e8520a34ee12
  push_notifications_enabled: true
  rails_mailer_previews_enabled: true
  rack_timeout_service_timeout_seconds: 9_999_999_999
  raise_on_missing_title: true
  risc_notifications_local_enabled: true
  s3_report_bucket_prefix: ''
  s3_report_public_bucket_prefix: ''
  saml_endpoint_configs: '[{"suffix":"2023","secret_key_passphrase":"trust-but-verify"},{"suffix":"2024","secret_key_passphrase":"trust-but-verify"}]'
  scrypt_cost: 10000$8$1$
  secret_key_base: development_secret_key_base
  session_encryption_key: 27bad3c25711099429c1afdfd1890910f3b59f5a4faec1c85e945cb8b02b02f261ba501d99cfbb4fab394e0102de6fecf8ffe260f322f610db3e96b2a775c120
  show_unsupported_passkey_platform_authentication_setup: true
  skip_encryption_allowed_list: '["urn:gov:gsa:SAML:2.0.profiles:sp:sso:localhost"]'
  state_tracking_enabled: true
  telephony_adapter: test
  use_dashboard_service_providers: true
  usps_ipp_transliteration_enabled: true
  usps_upload_sftp_directory: "/gsa_order"
  usps_upload_sftp_host: localhost
  usps_upload_sftp_password: test
  usps_upload_sftp_username: brady

# These values serve as defaults for all production-like environments, which
# includes *.identitysandbox.gov and *.login.gov.
#
production:
  aamva_auth_url: 'https://authentication-cert.aamva.org/Authentication/Authenticate.svc'
  aamva_private_key: ''
  aamva_public_key: ''
  aamva_verification_url: 'https://verificationservices-cert.aamva.org:18449/dldv/2.1/online'
  attribute_encryption_key:
  attribute_encryption_key_queue: '[]'
  available_locales: 'en,es,fr'
  aws_logo_bucket: ''
  dashboard_api_token: ''
  dashboard_url: https://dashboard.demo.login.gov
  database_host: ''
  database_name: ''
  database_password: ''
  database_read_replica_host: ''
  database_readonly_password: ''
  database_readonly_username: ''
  database_username: ''
  database_worker_jobs_name: ''
  database_worker_jobs_username: ''
  database_worker_jobs_host: ''
  database_worker_jobs_password: ''
  disable_email_sending: false
  disable_logout_get_request: false
  doc_auth_vendor: 'acuant'
  doc_auth_vendor_randomize: false
  doc_auth_vendor_randomize_percent: 0
  doc_auth_vendor_randomize_alternate_vendor: ''
  domain_name: login.gov
  email_registrations_per_ip_track_only_mode: true
  enable_test_routes: false
  enable_usps_verification: false
  feature_new_device_alert_aggregation_enabled: false
  hmac_fingerprinter_key:
  hmac_fingerprinter_key_queue: '[]'
  idv_sp_required: true
  invalid_gpo_confirmation_zipcode: ''
  lexisnexis_threatmetrix_mock_enabled: false
  logins_per_ip_limit: 20
  logins_per_ip_period: 20
  logins_per_ip_track_only_mode: true
  newrelic_license_key: ''
  openid_connect_redirect: server_side
  openid_connect_content_security_form_action_enabled: true
  otp_delivery_blocklist_findtime: 5
  participate_in_dap: true
  password_pepper:
  phone_recaptcha_mock_validator: false
  piv_cac_verify_token_secret:
  session_encryptor_alert_enabled: true
  redis_throttle_url: redis://redis.login.gov.internal:6379/1
  redis_url: redis://redis.login.gov.internal:6379
  report_timeout: 1_000_000
  ruby_workers_idv_enabled: false
  s3_report_bucket_prefix: login-gov.reports
  s3_report_public_bucket_prefix: login-gov-pubdata
  s3_reports_enabled: true
  saml_endpoint_configs: '[]'
  scrypt_cost: 10000$8$1$
  secret_key_base:
  seed_agreements_data: false
  session_encryption_key:
  skip_encryption_allowed_list: '["urn:gov:gsa:SAML:2.0.profiles:sp:sso:dev", "urn:gov:gsa:SAML:2.0.profiles:sp:sso:int"]'
  state_tracking_enabled: false
  telephony_adapter: pinpoint
  use_kms: true
  usps_auth_token_refresh_job_enabled: true
  usps_confirmation_max_days: 30
  usps_upload_sftp_directory: ''
  usps_upload_sftp_host: ''
  usps_upload_sftp_password: ''
  usps_upload_sftp_username: ''

test:
  aamva_private_key: 123abc
  aamva_public_key: 123abc
  account_reset_fraud_user_wait_period_days: 30
  acuant_assure_id_url: https://example.com
  acuant_facial_match_url: https://facial_match.example.com
  acuant_passlive_url: https://liveness.example.com
  attribute_encryption_key: 2086dfbd15f5b0c584f3664422a1d3409a0d2aa6084f65b6ba57d64d4257431c124158670c7655e45cabe64194f7f7b6c7970153c285bdb8287ec0c4f7553e25
  attribute_encryption_key_queue: '[{ "key": "11111111111111111111111111111111" }, { "key": "22222222222222222222222222222222" }]'
  dashboard_api_token: 123ABC
  dashboard_url: https://dashboard.demo.login.gov
  database_host: ''
  database_name: ''
  database_password: ''
  database_read_replica_host: ''
  database_readonly_password: ''
  database_readonly_username: ''
  database_username: ''
  database_worker_jobs_name: ''
  database_worker_jobs_username: ''
  database_worker_jobs_host: ''
  database_worker_jobs_password: ''
  doc_auth_max_attempts: 4
  doc_auth_selfie_capture_enabled: false
  doc_auth_selfie_desktop_test_mode: true
  doc_auth_vendor: 'mock'
  doc_auth_vendor_randomize: false
  doc_auth_vendor_randomize_percent: 0
  doc_auth_vendor_randomize_alternate_vendor: ''
  doc_capture_polling_enabled: false
  domain_name: www.example.com
  hmac_fingerprinter_key: a2c813d4dca919340866ba58063e4072adc459b767a74cf2666d5c1eef3861db26708e7437abde1755eb24f4034386b0fea1850a1cb7e56bff8fae3cc6ade96c
  hmac_fingerprinter_key_queue: '["old-key-one", "old-key-two"]'
  identity_pki_disabled: true
  lexisnexis_trueid_account_id: 'test_account'
  lockout_period_in_minutes: 5
  logins_per_email_and_ip_limit: 2
  logins_per_ip_limit: 3
  email_registrations_per_ip_limit: 3
  max_bad_passwords: 5
  max_mail_events: 2
  otp_min_attempts_remaining_warning_count: 1
  newrelic_license_key: ''
  otp_delivery_blocklist_findtime: 1
  otp_delivery_blocklist_maxretry: 2
  otps_per_ip_limit: 3
  otps_per_ip_period: 10
  otps_per_ip_track_only_mode: false
  password_pepper: f22d4b2cafac9066fe2f4416f5b7a32c
  phone_confirmation_max_attempts: 5
  phone_confirmation_max_attempt_window_in_minutes: 10
  phone_setups_per_ip_limit: 3
  phone_setups_per_ip_period: 10
  phone_setups_per_ip_track_only_mode: false
  prometheus_exporter: false
  piv_cac_verify_token_secret: 3ac13bfa23e22adae321194c083e783faf89469f6f85dcc0802b27475c94b5c3891b5657bd87d0c1ad65de459166440512f2311018db90d57b15d8ab6660748f
  poll_rate_for_verify_in_seconds: 0
  raise_on_missing_title: true
  reg_confirmed_email_max_attempts: 3
  reg_unconfirmed_email_max_attempts: 4
  reg_unconfirmed_email_window_in_minutes: 70
  requests_per_ip_cidr_allowlist: '172.16.0.0/12'
  requests_per_ip_limit: 4
  requests_per_ip_period: 60
  reset_password_email_max_attempts: 5
  reset_password_email_window_in_minutes: 80
  s3_report_bucket_prefix: ''
  s3_report_public_bucket_prefix: ''
  saml_endpoint_configs: '[{"suffix":"2024","secret_key_passphrase":"trust-but-verify"},{"suffix":"2023","secret_key_passphrase":"trust-but-verify","comment":"this extra year is needed to demonstrate how handling multiple live years works in spec/requests/saml_requests_spec.rb"}]'
  scrypt_cost: 800$8$1$
  secret_key_base: test_secret_key_base
  session_encryption_key: 27bad3c25711099429c1afdfd1890910f3b59f5a4faec1c85e945cb8b02b02f261ba501d99cfbb4fab394e0102de6fecf8ffe260f322f610db3e96b2a775c120
  short_term_phone_otp_max_attempts: 100
  skip_encryption_allowed_list: '[]'
  state_tracking_enabled: true
  team_ada_email: 'ada@example.com'
  team_all_login_emails: '["b@example.com", "c@example.com"]'
  team_daily_fraud_metrics_emails: '["g@example.com", "h@example.com"]'
  team_daily_reports_emails: '["a@example.com", "d@example.com"]'
  team_monthly_fraud_metrics_emails: '["e@example.com", "f@example.com"]'
  telephony_adapter: test
  test_ssn_allowed_list: '999999999'
  totp_code_interval: 3
  verify_gpo_key_attempt_window_in_minutes: 3
  verify_gpo_key_max_attempts: 2
  verify_personal_key_attempt_window_in_minutes: 3
  verify_personal_key_max_attempts: 2
  usps_ipp_root_url: 'http://localhost:1000'
  usps_upload_sftp_directory: "/directory"
  usps_upload_sftp_host: example.com
  usps_upload_sftp_password: pass
  usps_upload_sftp_username: user