Process Data Sharing Configuration v0.3.1

The data-sharing process can be configured using the following mandatory and optional environment variables depending on the organization's role. Add the necessary environment variables to the /opt/bpe/docker-compose.yml file of your BPE.

Important:

To receive eMail notifications, configure the e-mail environment variables described as part of the DSF BPE deployment starting with ORG_HIGHMED_DSF_BPE_MAIL_....

Especially for the DICs and the COS it would be important to have e-mail notifications enabled in order to receive information about new manual user tasks requiring input in the DSF user interface.

DIC Mandatory

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_BASE_URL

• Property: de.medizininformatik.initiative.kds.fhir.server.base.url
• Required: true
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: The base address of the KDS FHIR server to read/store FHIR resources
• Example: http://foo.bar/fhir
• Recommendation: None
• Default: not set by default

COS Mandatory

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_BASE_URL

• Property: de.medizininformatik.initiative.kds.fhir.server.base.url
• Required: true
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: The base address of the KDS FHIR server to read/store FHIR resources
• Example: http://foo.bar/fhir
• Recommendation: None
• Default: not set by default

The following keypair could be generated by using the commands:

openssl genrsa -out cos_keypair.pem 4096
openssl rsa -in cos_keypair.pem -pubout -out cos_public_key.pem
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in cos_keypair.pem -out cos_private_key.pem

DE_MEDIZININFORMATIK_INITIATIVE_COS_PUBLIC_KEY

• Property: de.medizininformatik.initiative.cos.public.key
• Required: true
• Processes: medizininformatik-initiativede_dataReceive/
• Description: Location of the COS public-key as 4096 Bit RSA PEM encoded file
• Example: /run/secrets/cos_public_key.pem
• Recommendation: Use docker secret file to configure
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_COS_PRIVATE_KEY

• Property: de.medizininformatik.initiative.cos.private.key
• Required: true
• Processes: medizininformatik-initiativede_dataReceive/
• Description: Location of the COS private-key as 4096 Bit RSA PEM encoded, not encrypted file
• Example: /run/secrets/cos_private_key.pem
• Recommendation: Use docker secret file to configure
• Default: not set by default

DIC & COS as Needed

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_DATALOGGINGENABLED

• Property: de.medizininformatik.initiative.kds.fhir.dataLoggingEnabled
• Required: No
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: To enable debug logging of FHIR resources set to true
• Default: false

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_TRUST_CERTIFICATES

• Property: de.medizininformatik.initiative.kds.fhir.server.trust.certificates
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: PEM encoded file with one or more trusted root certificate to validate the KDS FHIR server certificate when connecting via https
• Example: /run/secrets/hospital_ca.pem
• Recommendation: Use docker secret file to configure
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_BASICAUTH_USERNAME

• Property: de.medizininformatik.initiative.kds.fhir.server.basicauth.username
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: Basic authentication username, set if the server containing the FHIR KDS data requests authentication using basic auth
• Example: None
• Recommendation: None
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_BASICAUTH_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_BASICAUTH_PASSWORD_FILE

• Property: de.medizininformatik.initiative.kds.fhir.server.basicauth.password
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: Basic authentication password, set if the server containing the FHIR KDS data requests authentication using basic auth
• Example: /run/secrets/kds_server_basicauth.password
• Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_BASICAUTH_PASSWORD_FILE. Caution! Editors like nano will add a LF (hex 0A) character at the end of the last line. Make sure that the password file does not end with the LF character. For example by starting nano with nano -L file.password. If you want to check that the file does not end with an LF (hex 0A) character, use xxd file.password to look at a hexdump.
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_BEARER_TOKEN

• Property: de.medizininformatik.initiative.kds.fhir.server.bearer.token
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: Bearer token for authentication, set if the server containing the FHIR KDS data requests authentication using a bearer token, cannot be set using docker secrets
• Example: None
• Recommendation: None
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_CERTIFICATE

• Property: de.medizininformatik.initiative.kds.fhir.server.certificate
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: PEM encoded file with client-certificate, if KDS FHIR server requires mutual TLS authentication
• Example: /run/secrets/kds_server_client_certificate.pem
• Recommendation: Use docker secret file to configure
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY

• Property: de.medizininformatik.initiative.kds.fhir.server.private.key
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: Private key corresponding to the KDS FHIR server client-certificate as PEM encoded file. Use DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE if private key is encrypted
• Example: /run/secrets/kds_server_private_key.pem
• Recommendation: Use docker secret file to configure
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE

• Property: de.medizininformatik.initiative.kds.fhir.server.private.key.password
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: Password to decrypt the KDS FHIR server client-certificate encrypted private key
• Example: /run/secrets/kds_server_private_key.pem.password
• Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PRIVATE_KEY_PASSWORD_FILE. Caution! Editors like nano will add a LF (hex 0A) character at the end of the last line. Make sure that the password file does not end with the LF character. For example by starting nano with nano -L file.password. If you want to check that the file does not end with an LF (hex 0A) character, use xxd file.password to look at a hexdump.
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PROXY_URL

• Property: de.medizininformatik.initiative.kds.fhir.server.proxy.url
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: Proxy location, set if the server containing the FHIR KDS data can only be reached through a proxy
• Example: http://proxy.foo:8080
• Recommendation: None
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PROXY_USERNAME

• Property: de.medizininformatik.initiative.kds.fhir.server.proxy.username
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: Proxy username, set if the server containing the FHIR KDS data can only be reached through a proxy which requests authentication
• Example: None
• Recommendation: None
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PROXY_PASSWORD or DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PROXY_PASSWORD_FILE

• Property: de.medizininformatik.initiative.kds.fhir.server.proxy.password
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: Proxy password, set if the server containing the FHIR KDS data can only be reached through a proxy which requests authentication
• Example: None
• Recommendation: Use docker secret file to configure by using DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_PROXY_PASSWORD_FILE. Caution! Editors like nano will add a LF (hex 0A) character at the end of the last line. Make sure that the password file does not end with the LF character. For example by starting nano with nano -L file.password. If you want to check that the file does not end with an LF (hex 0A) character, use xxd file.password to look at a hexdump.
• Default: not set by default

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_CLIENT

• Property: de.medizininformatik.initiative.kds.fhir.server.client
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: Client implementation used to connect to the KDS FHIR server in order to read/store FHIR resources
• Example: None
• Recommendation: Use default value
• Default: de.medizininformatik_initiative.processes.projectathon.data_transfer.client.fhir.KdsFhirClientImpl

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_CLIENT_VERBOSE

• Property: de.medizininformatik.initiative.kds.fhir.server.client.verbose
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: The KDS client will log additional debug output
• Example: See default value
• Recommendation: Change default value only if exceptions occur
• Default: false

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_TIMEOUT_CONNECT

• Property: de.medizininformatik.initiative.kds.fhir.server.timeout.connect
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: The timeout in milliseconds until a connection is established between the KDS client and the KDS FHIR server
• Example: See default value
• Recommendation: Change default value only if timeout exceptions occur
• Default: 20000

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_TIMEOUT_CONNECTION_REQUEST

• Property: de.medizininformatik.initiative.kds.fhir.server.timeout.connection.request
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: The timeout in milliseconds used when requesting a connection from the connection manager between the KDS client and the KDS FHIR server
• Example: See default value
• Recommendation: Change default value only if timeout exceptions occur
• Default: 20000

DE_MEDIZININFORMATIK_INITIATIVE_KDS_FHIR_SERVER_TIMEOUT_SOCKET

• Property: de.medizininformatik.initiative.kds.fhir.server.timeout.socket
• Required: false
• Processes: medizininformatik-initiativede_dataSend/, medizininformatik-initiativede_dataReceive/
• Description: Maximum period of inactivity in milliseconds between two consecutive data packets of the KDS client and the KDS FHIR server
• Example: See default value
• Recommendation: Change default value only if timeout exceptions occur
• Default: 60000

HRP Mandatory & as Needed

There are no additional configuration options for the HRP.