-
Notifications
You must be signed in to change notification settings - Fork 8
/
application.yml.default
87 lines (78 loc) · 4.26 KB
/
application.yml.default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# Be sure to restart your server when you modify this file.
# trusted roots are not verified as part of the certificate store
# all other certificates in the certificate store will have to trace
# back to one of these roots. The first one is the ultimate public root.
# The others are DoD certs 2-4 from the archive available at
# http://iasecontent.disa.mil/pki-pke/Certificates_PKCS7_v5.0u1_DoD.zip
aws_http_timeout: '5'
http_read_timeout: '5'
http_open_timeout: '5'
ca_issuer_host_allow_list: 'aia.certipath.com,repo.fpki.gov,crl.disa.mil,http.fpki.gov,ssp-aia.symauth.com,pki.treasury.gov,rootweb.managed.entrust.com,aia1.ssp-strong-id.net,pki.treas.gov,crls.pki.state.gov,sspweb.managed.entrust.com,nfirootweb.managed.entrust.com,ssp-aia.digicert.com,www.fis.evincible.com,crl-server.orc.com,ipki.uspto.gov'
ficam_certificate_bundle_file: 'config/cert_bundles/ficam_bundle.pem'
login_certificate_bundle_file: 'config/cert_bundles/login_bundle.pem'
client_cert_logger_s3_bucket_name: ''
database_host: ''
database_password: ''
database_statement_timeout: '2500'
database_timeout: '5000'
database_username: ''
database_sslmode: ''
domain_name: ''
identity_idp_host: 'localhost'
log_to_stdout: false
openssl_verify_enabled: 'true'
newrelic_license_key : ''
nonce_bloom_filter_hash_count: '4'
nonce_bloom_filter_prefix: 'nonce'
nonce_bloom_filter_server: 'redis://localhost/'
nonce_bloom_filter_size: '100_000'
nonce_bloom_filter_ttl: '300'
piv_cac_verify_token_secret: ''
token_encryption_key_pepper_old: ''
token_encryption_key_salt_old: ''
# Trusted roots:
# F4:27:5C:A9:C3:7C:47:F4:FA:A6:A7:B0:59:97:AA:DD:35:26:17:E3 - Federal Common Policy G2
trusted_ca_root_identifiers: "F4:27:5C:A9:C3:7C:47:F4:FA:A6:A7:B0:59:97:AA:DD:35:26:17:E3"
required_policies: |
[
"2.16.840.1.101.3.2.1.3.7",
"2.16.840.1.101.3.2.1.3.13",
"2.16.840.1.101.3.2.1.12.6"
]
development:
aws_region: 'us-east-1'
client_cert_escaped: 'true'
database_name: 'identity_pki_dev'
nonce_bloom_filter_server: 'redis://localhost:6379/2'
nonce_bloom_filter_enabled: 'true'
token_encryption_key_salt: 23df6c812fb1ca9c17debee3a91aba30bc0e85c38b414ee59a9e3d3eb5ec5c0221e2558cac8a808375711cb1450a9db40b8aec74f147e4a3e15dc3c304f1b23e
token_encryption_key_pepper: c6b4a68a3adf0ff2069d5240bb71532c7a8c0dbb77bba5f9070e2d8ab1ebcc918cc8d8cdbb04fa34ed71126fac3e02d9c85280ae0f7c42d22b678e3e5eb67cfe
token_encryption_key_salt_old: de+hXqHqjAIIKq+mgdbUdTfvOZQP7ya1MPsUKgy1/ueEl+Yw1w7ZzaObENqDD4DhrWD3zXUgI3UQm9ZISzOwpEk8lq/azWg8Pw9lPL1yBUR2easxcgbAl6gjPB+8fAFD
token_encryption_key_pepper_old: 1HkCB/IADCORWlBAUmeM9S+KBBv0eWzxJG8NM6+A1/f7K3KoVpa2HTED4pTNf8DGp834etYxOL+NdjvH88Lk1s5u401Hu3d3nPbnI11nWTfhaBCz6foOfS/3KGBd/8hz
certificate_store_directory: 'config/certs'
secret_key_base: development_secret_key_base
test:
aws_region: 'us-east-1'
client_cert_escaped: 'true'
database_name: 'identity_pki_test'
nonce_bloom_filter_server: 'redis://localhost:6379/2'
nonce_bloom_filter_enabled: 'true'
token_encryption_key_salt: 23df6c812fb1ca9c17debee3a91aba30bc0e85c38b414ee59a9e3d3eb5ec5c0221e2558cac8a808375711cb1450a9db40b8aec74f147e4a3e15dc3c304f1b23e
token_encryption_key_pepper: c6b4a68a3adf0ff2069d5240bb71532c7a8c0dbb77bba5f9070e2d8ab1ebcc918cc8d8cdbb04fa34ed71126fac3e02d9c85280ae0f7c42d22b678e3e5eb67cfe
token_encryption_key_salt_old: de+hXqHqjAIIKq+mgdbUdTfvOZQP7ya1MPsUKgy1/ueEl+Yw1w7ZzaObENqDD4DhrWD3zXUgI3UQm9ZISzOwpEk8lq/azWg8Pw9lPL1yBUR2easxcgbAl6gjPB+8fAFD
token_encryption_key_pepper_old: 1HkCB/IADCORWlBAUmeM9S+KBBv0eWzxJG8NM6+A1/f7K3KoVpa2HTED4pTNf8DGp834etYxOL+NdjvH88Lk1s5u401Hu3d3nPbnI11nWTfhaBCz6foOfS/3KGBd/8hz
certificate_store_directory: 'config/test-certs'
ca_issuer_host_allow_list: 'uri1.example.com,uri2.example.com'
secret_key_base: test_secret_key_base
production:
aws_region:
ca_issuer_host_allow_list: 'repo.fpki.gov,crl.disa.mil,http.fpki.gov,ssp-aia.symauth.com,pki.treasury.gov,rootweb.managed.entrust.com,aia1.ssp-strong-id.net,pki.treas.gov,crls.pki.state.gov,sspweb.managed.entrust.com,crl-server.orc.com'
certificate_store_directory: 'config/certs'
client_cert_escaped: 'true'
database_sslmode: 'verify-full'
identity_idp_host: ''
openssl_verify_enabled: 'false'
nonce_bloom_filter_enabled: 'false'
token_encryption_key_salt: ''
token_encryption_key_pepper: ''
secret_key_base: