/
application.yml.default
611 lines (603 loc) · 25.6 KB
/
application.yml.default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
# This file is used by the IdentityConfig class
# The defaults set in this file are used as the basis for configuration in all
# production and development environments. On deployed EC2 servers, we run
# deploy/activate to generate the final application.yml using this file for
# defaults and deep merging any overrides set in the application.yml from the
# app secrets S3 bucket. Deployed EC2 servers always set RAILS_ENV=production,
# so they will use values from top-level and from the production block.
# Be sure to restart your server when you modify this file.
# Make sure the secrets in this file are kept private
# if you're sharing your code publicly.
# Make sure any new entries you add are enclosed in single quotes.
aamva_auth_request_timeout: 5.0
aamva_auth_url: 'https://example.org:12345/auth/url'
aamva_cert_enabled: true
aamva_supported_jurisdictions: '["AL","AR","AZ","CO","CT","DC","DE","FL","GA","HI","IA","ID","IL","IN","KS","KY","MA","MD","ME","MI","MO","MS","MT","NC","ND","NE","NJ","NM","NV","OH","OR","PA","RI","SC","SD","TN","TX","VA","VT","WA","WI","WV","WY"]'
aamva_verification_request_timeout: 5.0
aamva_verification_url: https://example.org:12345/verification/url
ab_testing_idv_ten_digit_otp_enabled: false
ab_testing_idv_ten_digit_otp_percent: 0
all_redirect_uris_cache_duration_minutes: 2
allowed_ialmax_providers: '[]'
allowed_verified_within_providers: '[]'
available_locales: 'en,es,fr,zh'
account_reset_token_valid_for_days: 1
account_reset_fraud_user_wait_period_days:
account_reset_wait_period_days: 1
account_suspended_support_code: EFGHI
acuant_assure_id_password: ''
acuant_assure_id_subscription_id: ''
acuant_assure_id_url: ''
acuant_assure_id_username: ''
acuant_facial_match_url: ''
acuant_passlive_url: ''
# These are publicly available credentials used to initialize the client-side Acuant SDK
acuant_sdk_initialization_creds: 'aWRzY2FuZ293ZWJAYWN1YW50Y29ycC5jb206NVZLcm81Z0JEc1hrdFh2NA=='
acuant_sdk_initialization_endpoint: 'https://us.acas.acuant.net'
acuant_timeout: 45.0
acuant_upload_image_timeout: 1.0
acuant_get_results_timeout: 1.0
acuant_create_document_timeout: 1.0
add_email_link_valid_for_hours: 24
address_identity_proofing_supported_country_codes: '["AS", "GU", "MP", "PR", "US", "VI"]'
asset_host: ''
async_wait_timeout_seconds: 60
async_stale_job_timeout_seconds: 300
aws_http_timeout: 5
aws_http_retry_limit: 2
aws_http_retry_max_delay: 1
aws_kms_key_id: alias/login-dot-gov-test-keymaker
aws_kms_client_contextless_pool_size: 5
aws_kms_client_multi_pool_size: 5
aws_kms_multi_region_key_id: alias/login-dot-gov-keymaker-multi-region
aws_kms_session_key_id: alias/login-dot-gov-test-keymaker
aws_logo_bucket: ''
aws_region: 'us-west-2'
backup_code_cost: '2000$8$1$'
broken_personal_key_window_start: '2021-07-29T00:00:00Z'
broken_personal_key_window_finish: '2021-09-22T00:00:00Z'
component_previews_enabled: false
component_previews_embed_frame_ancestors: '[]'
compromised_password_randomizer_value: 1000
compromised_password_randomizer_threshold: 900
check_user_password_compromised_enabled: false
country_phone_number_overrides: '{}'
database_pool_idp: 5
database_socket: ''
database_sslmode: 'verify-full'
database_statement_timeout: 2_500
database_timeout: 5_000
database_worker_jobs_sslmode: 'verify-full'
deliver_mail_async: false
deleted_user_accounts_report_configs: '[]'
development_mailer_deliver_method: letter_opener
disable_email_sending: true
disable_logout_get_request: true
disposable_email_services: '[]'
doc_auth_attempt_window_in_minutes: 360
doc_capture_polling_enabled: true
doc_auth_check_failed_image_resubmission_enabled: true
doc_auth_client_glare_threshold: 50
doc_auth_client_sharpness_threshold: 50
doc_auth_custom_ui_enabled: false
doc_auth_s3_request_timeout: 5
doc_auth_error_dpi_threshold: 290
doc_auth_error_glare_threshold: 40
doc_auth_error_sharpness_threshold: 40
doc_auth_max_attempts: 5
doc_auth_max_capture_attempts_before_native_camera: 3
doc_auth_max_submission_attempts_before_native_camera: 3
doc_auth_selfie_capture_enabled: false
doc_auth_selfie_desktop_test_mode: false
doc_auth_sdk_capture_orientation: '{"horizontal": 100, "vertical": 0}'
doc_auth_supported_country_codes: '["US", "GU", "VI", "AS", "MP", "PR", "USA" ,"GUM", "VIR", "ASM", "MNP", "PRI"]'
doc_capture_request_valid_for_minutes: 15
email_from: no-reply@login.gov
email_from_display_name: Login.gov
email_registrations_per_ip_limit: 20
email_registrations_per_ip_period: 20
email_registrations_per_ip_track_only_mode: false
enable_add_mfa_redirect_for_personal_key: false
enable_load_testing_mode: false
enable_rate_limiting: true
enable_test_routes: true
enable_usps_verification: true
event_disavowal_expiration_hours: 240
feature_idv_force_gpo_verification_enabled: false
feature_idv_hybrid_flow_enabled: true
feature_new_device_alert_aggregation_enabled: true
geo_data_file_path: 'geo_data/GeoLite2-City.mmdb'
good_job_max_threads: 5
good_job_queues: 'default:5;low:1;*'
good_job_queue_select_limit: 5_000
gpo_designated_receiver_pii: '{}'
gpo_max_profile_age_to_send_letter_in_days: 30
hide_phone_mfa_signup: false
identity_pki_disabled: false
identity_pki_local_dev: false
idv_attempt_window_in_hours: 6
idv_available: true
idv_contact_phone_number: (844) 555-5555
idv_max_attempts: 5
idv_min_age_years: 13
idv_acuant_sdk_version_default: '11.9.2'
idv_acuant_sdk_version_alternate: '11.9.1'
idv_acuant_sdk_upgrade_a_b_testing_enabled: false
idv_acuant_sdk_upgrade_a_b_testing_percent: 50
idv_send_link_attempt_window_in_minutes: 10
idv_send_link_max_attempts: 5
idv_sp_required: false
in_person_public_address_search_enabled: false
in_person_doc_auth_button_enabled: true
in_person_email_reminder_early_benchmark_in_days: 11
in_person_email_reminder_final_benchmark_in_days: 1
in_person_email_reminder_late_benchmark_in_days: 4
in_person_proofing_enabled: false
in_person_proofing_enforce_tmx: false
in_person_proofing_opt_in_enabled: false
in_person_state_id_controller_enabled: false
in_person_enrollment_validity_in_days: 30
in_person_enrollments_ready_job_email_body_pattern: '\A\s*(?<enrollment_code>\d{16})\s*\Z'
in_person_enrollments_ready_job_cron: '0/10 * * * *'
in_person_enrollments_ready_job_enabled: false
in_person_enrollments_ready_job_queue_url: ''
in_person_enrollments_ready_job_max_number_of_messages: 10
in_person_enrollments_ready_job_visibility_timeout_seconds: 30
in_person_enrollments_ready_job_wait_time_seconds: 20
in_person_results_delay_in_hours: 1
in_person_completion_survey_url: 'https://login.gov'
in_person_full_address_entry_enabled: true
in_person_outage_message_enabled: false
# in_person_outage_expected_update_date and in_person_outage_emailed_by_date below
# are strings in the format 'Month day, year'
in_person_outage_expected_update_date: 'October 31, 2024'
in_person_outage_emailed_by_date: 'November 1, 2024'
in_person_send_proofing_notifications_enabled: false
in_person_stop_expiring_enrollments: false
invalid_gpo_confirmation_zipcode: '00001'
logins_per_ip_track_only_mode: false
# LexisNexis #####################################################
lexisnexis_base_url: https://www.example.com
lexisnexis_request_mode: testing
# Instant Verify and Phone Finder Integrations
lexisnexis_account_id: test_account
lexisnexis_username: test_username
lexisnexis_password: test_password
lexisnexis_hmac_auth_enabled: false
lexisnexis_hmac_key_id: pf_iv_hmac_key_id
lexisnexis_hmac_secret_key: pf_iv_hmac_secret_key
lexisnexis_phone_finder_timeout: 1.0
lexisnexis_phone_finder_workflow: customers.gsa2.phonefinder.workflow
lexisnexis_instant_verify_timeout: 1.0
lexisnexis_instant_verify_workflow: gsa2.chk32.test.wf
lexisnexis_instant_verify_workflow_ab_testing_enabled: false
lexisnexis_instant_verify_workflow_ab_testing_percent: 5
lexisnexis_instant_verify_workflow_alternate: gsa2.chk14.test.wf
# TrueID DocAuth Integration
lexisnexis_trueid_account_id: '12345'
lexisnexis_trueid_username: test_username
lexisnexis_trueid_password: test_password
lexisnexis_trueid_hmac_key_id: trueid_hmac_key_id
lexisnexis_trueid_hmac_secret_key: trueid_hmac_secret_key
lexisnexis_trueid_timeout: 60.0
lexisnexis_trueid_liveness_cropping_workflow: customers.gsa2.trueid.workflow
lexisnexis_trueid_liveness_nocropping_workflow: customers.gsa2.trueid.workflow
lexisnexis_trueid_noliveness_cropping_workflow: customers.gsa2.trueid.workflow
lexisnexis_trueid_noliveness_nocropping_workflow: customers.gsa2.trueid.workflow
###################################################################
# LexisNexis DDP/ThreatMetrix #####################################
lexisnexis_threatmetrix_mock_enabled: true
lexisnexis_threatmetrix_support_code: ABCD
lexisnexis_threatmetrix_timeout: 1.0
lexisnexis_threatmetrix_js_signing_cert: ''
###################################################################
lockout_period_in_minutes: 10
log_to_stdout: false
login_otp_confirmation_max_attempts: 10
logins_per_email_and_ip_bantime: 60
logins_per_email_and_ip_limit: 5
logins_per_email_and_ip_period: 60
logins_per_ip_period: 60
logo_upload_enabled: false
mailer_domain_name: http://localhost:3000
max_auth_apps_per_account: 2
max_bad_passwords: 5
max_bad_passwords_window_in_seconds: 60
max_emails_per_account: 12
max_mail_events: 4
max_mail_events_window_in_days: 30
max_phone_numbers_per_account: 5
max_piv_cac_per_account: 2
min_password_score: 3
minimum_wait_before_another_usps_letter_in_hours: 24
mx_timeout: 3
new_device_alert_delay_in_minutes: 5
openid_connect_redirect: client_side_js
openid_connect_content_security_form_action_enabled: false
openid_connect_redirect_uuid_override_map: '{}'
openid_connect_redirect_issuer_override_map: '{}'
otp_delivery_blocklist_maxretry: 10
otp_valid_for: 10
otp_expiration_warning_seconds: 150
otps_per_ip_limit: 25
otps_per_ip_period: 300
otps_per_ip_track_only_mode: true
outbound_connection_check_retry_count: 2
outbound_connection_check_timeout: 5
outbound_connection_check_url: 'https://checkip.amazonaws.com'
participate_in_dap: false
password_max_attempts: 3
personal_key_retired: true
phone_carrier_registration_blocklist_array: '[]'
short_term_phone_otp_max_attempt_window_in_seconds: 10
short_term_phone_otp_max_attempts: 2
phone_confirmation_max_attempts: 20
phone_confirmation_max_attempt_window_in_minutes: 1_440
phone_service_check: true
phone_recaptcha_mock_validator: true
phone_recaptcha_score_threshold: 0.0
phone_recaptcha_country_score_overrides: '{"AS":0.0,"GU":0.0,"MP":0.0,"PR":0.0,"US":0.0,"VI":0.0,"CA":0.0,"MX":0.0}'
phone_setups_per_ip_limit: 25
phone_setups_per_ip_period: 300
phone_setups_per_ip_track_only_mode: false
pii_lock_timeout_in_minutes: 30
pinpoint_sms_sender_id: 'aaa'
pinpoint_sms_configs: '[]'
pinpoint_voice_configs: '[]'
pinpoint_voice_pool_size: 5
piv_cac_service_url: https://localhost:8443/
piv_cac_service_timeout: 5.0
piv_cac_verify_token_url: https://localhost:8443/
poll_rate_for_verify_in_seconds: 3
prometheus_exporter: false
proofer_mock_fallback: true
proof_address_max_attempts: 5
proof_address_max_attempt_window_in_minutes: 360
proof_ssn_max_attempts: 10
proof_ssn_max_attempt_window_in_minutes: 60
proofing_device_profiling: enabled
push_notifications_enabled: false
pwned_passwords_file_path: 'pwned_passwords/pwned_passwords.txt'
rack_mini_profiler: false
rack_timeout_service_timeout_seconds: 15
rails_mailer_previews_enabled: false
raise_on_missing_title: false
reauthn_window: 1200
recaptcha_enterprise_api_key: ''
recaptcha_enterprise_project_id: ''
recaptcha_site_key: ''
recaptcha_secret_key: ''
recovery_code_length: 4
redis_throttle_url: redis://localhost:6379/1
redis_url: redis://localhost:6379/0
redis_pool_size: 10
redis_throttle_pool_size: 5
reg_confirmed_email_max_attempts: 20
reg_confirmed_email_window_in_minutes: 60
reg_unconfirmed_email_max_attempts: 20
reg_unconfirmed_email_window_in_minutes: 60
reject_id_token_hint_in_logout: false
remember_device_expiration_hours_aal_1: 720
remember_device_expiration_minutes_aal_2: 0
report_timeout: 0
requests_per_ip_cidr_allowlist: ''
requests_per_ip_limit: 300
requests_per_ip_path_prefixes_allowlist: ''
requests_per_ip_period: 300
requests_per_ip_track_only_mode: false
reset_password_email_max_attempts: 20
reset_password_email_window_in_minutes: 60
reset_password_on_auth_fraud_event: true
risc_notifications_local_enabled: false
risc_notifications_active_job_enabled: false
risc_notifications_rate_limit_interval: 60
risc_notifications_rate_limit_max_requests: 1_000
risc_notifications_rate_limit_overrides: '{"https://example.com/push":{"interval":120,"max_requests":10000}}'
risc_notifications_request_timeout: 3
ruby_workers_idv_enabled: true
rules_of_use_horizon_years: 6
rules_of_use_updated_at: '2022-01-19T00:00:00Z' # Production has a newer timestamp than this, update directly in S3
s3_public_reports_enabled: false
s3_reports_enabled: false
saml_secret_rotation_enabled: false
second_mfa_reminder_account_age_in_days: 30
second_mfa_reminder_sign_in_count: 10
seed_agreements_data: true
service_provider_request_ttl_hours: 24
session_check_delay: 30
session_check_frequency: 30
session_encryptor_alert_enabled: false
session_timeout_in_minutes: 15
session_timeout_warning_seconds: 150
session_total_duration_timeout_in_minutes: 720
ses_configuration_set_name: ''
sp_handoff_bounce_max_seconds: 2
show_unsupported_passkey_platform_authentication_setup: false
show_user_attribute_deprecation_warnings: false
otp_min_attempts_remaining_warning_count: 3
sp_issuer_user_counts_report_configs: '[]'
team_ada_email: ''
team_all_login_emails: '[]'
team_daily_fraud_metrics_emails: '[]'
team_daily_reports_emails: '[]'
team_monthly_fraud_metrics_emails: '[]'
team_ursula_email: ''
test_ssn_allowed_list: ''
totp_code_interval: 30
unauthorized_scope_enabled: false
usps_upload_enabled: false
usps_upload_sftp_timeout: 5
valid_authn_contexts: '["http://idmanagement.gov/ns/assurance/loa/1", "http://idmanagement.gov/ns/assurance/loa/3", "http://idmanagement.gov/ns/assurance/ial/1", "http://idmanagement.gov/ns/assurance/ial/2", "http://idmanagement.gov/ns/assurance/ial/0", "http://idmanagement.gov/ns/assurance/ial/2?strict=true", "urn:gov:gsa:ac:classes:sp:PasswordProtectedTransport:duo", "http://idmanagement.gov/ns/assurance/aal/2", "http://idmanagement.gov/ns/assurance/aal/3", "http://idmanagement.gov/ns/assurance/aal/3?hspd12=true","http://idmanagement.gov/ns/assurance/aal/2?phishing_resistant=true","http://idmanagement.gov/ns/assurance/aal/2?hspd12=true"]'
vendor_status_acuant: 'operational'
vendor_status_lexisnexis_instant_verify: 'operational'
vendor_status_lexisnexis_phone_finder: 'operational'
vendor_status_lexisnexis_trueid: 'operational'
vendor_status_sms: 'operational'
vendor_status_voice: 'operational'
vendor_status_idv_scheduled_maintenance_start: ''
vendor_status_idv_scheduled_maintenance_finish: ''
verification_errors_report_configs: '[]'
verify_gpo_key_attempt_window_in_minutes: 10
verify_gpo_key_max_attempts: 5
verify_personal_key_attempt_window_in_minutes: 15
verify_personal_key_max_attempts: 5
version_headers_enabled: false
vtm_url: 'https://developer.login.gov/vot-trust-framework'
use_dashboard_service_providers: false
use_kms: false
use_vot_in_sp_requests: true
usps_auth_token_refresh_job_enabled: false
usps_confirmation_max_days: 30
usps_ipp_password: ''
usps_ipp_client_id: ''
usps_ipp_root_url: ''
usps_ipp_request_timeout: 10
usps_ipp_sponsor_id: ''
usps_ipp_username: ''
usps_mock_fallback: true
usps_ipp_transliteration_enabled: false
usps_ipp_enrollment_status_update_email_address: 'no-reply@login.gov'
get_usps_ready_proofing_results_job_cron: '0/10 * * * *'
get_usps_waiting_proofing_results_job_cron: '0/30 * * * *'
get_usps_proofing_results_job_cron: '0/30 * * * *'
get_usps_proofing_results_job_reprocess_delay_minutes: 5
get_usps_proofing_results_job_request_delay_milliseconds: 1000
voice_otp_pause_time: '0.5s'
voice_otp_speech_rate: 'slow'
weekly_auth_funnel_report_config: '[]'
x509_presented_hash_attribute_requested_issuers: '[]'
development:
aamva_private_key: 123abc
aamva_public_key: 123abc
attribute_encryption_key: 2086dfbd15f5b0c584f3664422a1d3409a0d2aa6084f65b6ba57d64d4257431c124158670c7655e45cabe64194f7f7b6c7970153c285bdb8287ec0c4f7553e25
attribute_encryption_key_queue: '[{ "key": "11111111111111111111111111111111" }, { "key": "22222222222222222222222222222222" }]'
aws_logo_bucket: ''
check_user_password_compromised_enabled: true
component_previews_enabled: true
component_previews_embed_frame_ancestors: '["http://localhost:4000"]'
compromised_password_randomizer_value: 1
compromised_password_randomizer_threshold: 0
dashboard_api_token: test_token
dashboard_url: http://localhost:3001/api/service_providers
database_host: ''
database_name: ''
database_password: ''
database_read_replica_host: ''
database_readonly_password: ''
database_readonly_username: ''
database_username: ''
database_worker_jobs_name: ''
database_worker_jobs_username: ''
database_worker_jobs_host: ''
database_worker_jobs_password: ''
doc_auth_selfie_capture_enabled: false
doc_auth_selfie_desktop_test_mode: true
doc_auth_vendor: 'mock'
doc_auth_vendor_randomize: false
doc_auth_vendor_randomize_percent: 0
doc_auth_vendor_randomize_alternate_vendor: ''
domain_name: localhost:3000
enable_rate_limiting: false
hmac_fingerprinter_key: a2c813d4dca919340866ba58063e4072adc459b767a74cf2666d5c1eef3861db26708e7437abde1755eb24f4034386b0fea1850a1cb7e56bff8fae3cc6ade96c
hmac_fingerprinter_key_queue: '["11111111111111111111111111111111", "22222222222222222222222222222222"]'
identity_pki_local_dev: true
in_person_proofing_enabled: true
in_person_proofing_enforce_tmx: true
in_person_proofing_opt_in_enabled: true
in_person_send_proofing_notifications_enabled: true
logins_per_ip_limit: 5
logo_upload_enabled: true
max_bad_passwords: 5
newrelic_license_key: ''
otp_delivery_blocklist_findtime: 5
password_pepper: f22d4b2cafac9066fe2f4416f5b7a32c
phone_recaptcha_score_threshold: 0.5
piv_cac_verify_token_secret: ee7f20f44cdc2ba0c6830f70470d1d1d059e1279cdb58134db92b35947b1528ef5525ece5910cf4f2321ab989a618feea12ef95711dbc62b9601e8520a34ee12
push_notifications_enabled: true
rails_mailer_previews_enabled: true
rack_timeout_service_timeout_seconds: 9_999_999_999
raise_on_missing_title: true
risc_notifications_local_enabled: true
s3_report_bucket_prefix: ''
s3_report_public_bucket_prefix: ''
saml_endpoint_configs: '[{"suffix":"2023","secret_key_passphrase":"trust-but-verify"},{"suffix":"2024","secret_key_passphrase":"trust-but-verify"}]'
scrypt_cost: 10000$8$1$
secret_key_base: development_secret_key_base
session_encryption_key: 27bad3c25711099429c1afdfd1890910f3b59f5a4faec1c85e945cb8b02b02f261ba501d99cfbb4fab394e0102de6fecf8ffe260f322f610db3e96b2a775c120
show_unsupported_passkey_platform_authentication_setup: true
skip_encryption_allowed_list: '["urn:gov:gsa:SAML:2.0.profiles:sp:sso:localhost"]'
state_tracking_enabled: true
telephony_adapter: test
use_dashboard_service_providers: true
usps_ipp_transliteration_enabled: true
usps_upload_sftp_directory: "/gsa_order"
usps_upload_sftp_host: localhost
usps_upload_sftp_password: test
usps_upload_sftp_username: brady
# These values serve as defaults for all production-like environments, which
# includes *.identitysandbox.gov and *.login.gov.
#
production:
aamva_auth_url: 'https://authentication-cert.aamva.org/Authentication/Authenticate.svc'
aamva_private_key: ''
aamva_public_key: ''
aamva_verification_url: 'https://verificationservices-cert.aamva.org:18449/dldv/2.1/online'
attribute_encryption_key:
attribute_encryption_key_queue: '[]'
available_locales: 'en,es,fr'
aws_logo_bucket: ''
dashboard_api_token: ''
dashboard_url: https://dashboard.demo.login.gov
database_host: ''
database_name: ''
database_password: ''
database_read_replica_host: ''
database_readonly_password: ''
database_readonly_username: ''
database_username: ''
database_worker_jobs_name: ''
database_worker_jobs_username: ''
database_worker_jobs_host: ''
database_worker_jobs_password: ''
disable_email_sending: false
disable_logout_get_request: false
doc_auth_vendor: 'acuant'
doc_auth_vendor_randomize: false
doc_auth_vendor_randomize_percent: 0
doc_auth_vendor_randomize_alternate_vendor: ''
domain_name: login.gov
email_registrations_per_ip_track_only_mode: true
enable_test_routes: false
enable_usps_verification: false
feature_new_device_alert_aggregation_enabled: false
hmac_fingerprinter_key:
hmac_fingerprinter_key_queue: '[]'
idv_sp_required: true
invalid_gpo_confirmation_zipcode: ''
lexisnexis_threatmetrix_mock_enabled: false
logins_per_ip_limit: 20
logins_per_ip_period: 20
logins_per_ip_track_only_mode: true
newrelic_license_key: ''
openid_connect_redirect: server_side
openid_connect_content_security_form_action_enabled: true
otp_delivery_blocklist_findtime: 5
participate_in_dap: true
password_pepper:
phone_recaptcha_mock_validator: false
piv_cac_verify_token_secret:
session_encryptor_alert_enabled: true
redis_throttle_url: redis://redis.login.gov.internal:6379/1
redis_url: redis://redis.login.gov.internal:6379
report_timeout: 1_000_000
ruby_workers_idv_enabled: false
s3_report_bucket_prefix: login-gov.reports
s3_report_public_bucket_prefix: login-gov-pubdata
s3_reports_enabled: true
saml_endpoint_configs: '[]'
scrypt_cost: 10000$8$1$
secret_key_base:
seed_agreements_data: false
session_encryption_key:
skip_encryption_allowed_list: '["urn:gov:gsa:SAML:2.0.profiles:sp:sso:dev", "urn:gov:gsa:SAML:2.0.profiles:sp:sso:int"]'
state_tracking_enabled: false
telephony_adapter: pinpoint
use_kms: true
usps_auth_token_refresh_job_enabled: true
usps_confirmation_max_days: 30
usps_upload_sftp_directory: ''
usps_upload_sftp_host: ''
usps_upload_sftp_password: ''
usps_upload_sftp_username: ''
test:
aamva_private_key: 123abc
aamva_public_key: 123abc
account_reset_fraud_user_wait_period_days: 30
acuant_assure_id_url: https://example.com
acuant_facial_match_url: https://facial_match.example.com
acuant_passlive_url: https://liveness.example.com
attribute_encryption_key: 2086dfbd15f5b0c584f3664422a1d3409a0d2aa6084f65b6ba57d64d4257431c124158670c7655e45cabe64194f7f7b6c7970153c285bdb8287ec0c4f7553e25
attribute_encryption_key_queue: '[{ "key": "11111111111111111111111111111111" }, { "key": "22222222222222222222222222222222" }]'
dashboard_api_token: 123ABC
dashboard_url: https://dashboard.demo.login.gov
database_host: ''
database_name: ''
database_password: ''
database_read_replica_host: ''
database_readonly_password: ''
database_readonly_username: ''
database_username: ''
database_worker_jobs_name: ''
database_worker_jobs_username: ''
database_worker_jobs_host: ''
database_worker_jobs_password: ''
doc_auth_max_attempts: 4
doc_auth_selfie_capture_enabled: false
doc_auth_selfie_desktop_test_mode: true
doc_auth_vendor: 'mock'
doc_auth_vendor_randomize: false
doc_auth_vendor_randomize_percent: 0
doc_auth_vendor_randomize_alternate_vendor: ''
doc_capture_polling_enabled: false
domain_name: www.example.com
hmac_fingerprinter_key: a2c813d4dca919340866ba58063e4072adc459b767a74cf2666d5c1eef3861db26708e7437abde1755eb24f4034386b0fea1850a1cb7e56bff8fae3cc6ade96c
hmac_fingerprinter_key_queue: '["old-key-one", "old-key-two"]'
identity_pki_disabled: true
lexisnexis_trueid_account_id: 'test_account'
lockout_period_in_minutes: 5
logins_per_email_and_ip_limit: 2
logins_per_ip_limit: 3
email_registrations_per_ip_limit: 3
max_bad_passwords: 5
max_mail_events: 2
otp_min_attempts_remaining_warning_count: 1
newrelic_license_key: ''
otp_delivery_blocklist_findtime: 1
otp_delivery_blocklist_maxretry: 2
otps_per_ip_limit: 3
otps_per_ip_period: 10
otps_per_ip_track_only_mode: false
password_pepper: f22d4b2cafac9066fe2f4416f5b7a32c
phone_confirmation_max_attempts: 5
phone_confirmation_max_attempt_window_in_minutes: 10
phone_setups_per_ip_limit: 3
phone_setups_per_ip_period: 10
phone_setups_per_ip_track_only_mode: false
prometheus_exporter: false
piv_cac_verify_token_secret: 3ac13bfa23e22adae321194c083e783faf89469f6f85dcc0802b27475c94b5c3891b5657bd87d0c1ad65de459166440512f2311018db90d57b15d8ab6660748f
poll_rate_for_verify_in_seconds: 0
raise_on_missing_title: true
reg_confirmed_email_max_attempts: 3
reg_unconfirmed_email_max_attempts: 4
reg_unconfirmed_email_window_in_minutes: 70
requests_per_ip_cidr_allowlist: '172.16.0.0/12'
requests_per_ip_limit: 4
requests_per_ip_period: 60
reset_password_email_max_attempts: 5
reset_password_email_window_in_minutes: 80
s3_report_bucket_prefix: ''
s3_report_public_bucket_prefix: ''
saml_endpoint_configs: '[{"suffix":"2024","secret_key_passphrase":"trust-but-verify"},{"suffix":"2023","secret_key_passphrase":"trust-but-verify","comment":"this extra year is needed to demonstrate how handling multiple live years works in spec/requests/saml_requests_spec.rb"}]'
scrypt_cost: 800$8$1$
secret_key_base: test_secret_key_base
session_encryption_key: 27bad3c25711099429c1afdfd1890910f3b59f5a4faec1c85e945cb8b02b02f261ba501d99cfbb4fab394e0102de6fecf8ffe260f322f610db3e96b2a775c120
short_term_phone_otp_max_attempts: 100
skip_encryption_allowed_list: '[]'
state_tracking_enabled: true
team_ada_email: 'ada@example.com'
team_all_login_emails: '["b@example.com", "c@example.com"]'
team_daily_fraud_metrics_emails: '["g@example.com", "h@example.com"]'
team_daily_reports_emails: '["a@example.com", "d@example.com"]'
team_monthly_fraud_metrics_emails: '["e@example.com", "f@example.com"]'
telephony_adapter: test
test_ssn_allowed_list: '999999999'
totp_code_interval: 3
verify_gpo_key_attempt_window_in_minutes: 3
verify_gpo_key_max_attempts: 2
verify_personal_key_attempt_window_in_minutes: 3
verify_personal_key_max_attempts: 2
usps_ipp_root_url: 'http://localhost:1000'
usps_upload_sftp_directory: "/directory"
usps_upload_sftp_host: example.com
usps_upload_sftp_password: pass
usps_upload_sftp_username: user