config/settings.yml

hostname: 127.0.0.1:3000 # possible fallback for unsafe request.host
virtual_hosts: ["127.0.0.1", "localhost"] # Safe host names

# For CORS requests; separate multiple origins with a comma
web_origin: http://localhost:3000,http://localhost:3001,http://127.0.0.1:3000,http://127.0.0.1:3001,null

# Settings for SAML authentication
saml:
  cert_path: config/certs/vetsgov-localhost.crt
  cert_new_path: config/certs/vetsgov-localhost_new.crt
  key_path: config/certs/vetsgov-localhost.key
  issuer: saml-rp.vetsgov.localhost
  callback_url: http://localhost:3000/auth/saml/callback
  metadata_url: https://api.idmelabs.com/saml/metadata/provider

session_cookie:
  secure: false

# Generate key and iv with: openssl enc -nosalt -aes-256-cbc -k <passphrase> -P
sso:
  cookie_enabled: true
  cookie_signout_enabled: true
  cookie_name: vagov_session_dev
  cookie_key: 095B564B0F29EF88A96F1A7584E17516B14F85C2B3AD431E63349AC5272BC86B
  cookie_iv: A3C0567C78BEC6DDE75E2FEB92DE11AA
  cookie_secure: false
  cookie_domain: localhost

binaries:
  # you can specify a full path in settings.local.yml if necessary
  pdfinfo: pdfinfo
  pdftk: pdftk
  clamdscan: /usr/bin/clamdscan

db_encryption_key: f01ff8ebd1a2b053ad697ae1f0d86adb

database_url: postgis:///vets-api
test_database_url: postgis:///vets-api-test

relative_url_root: /

secret_key_base: 8af0fe1e378586520e4324694897eb269bd0fffa1c5be6cc3b4ffb9dbde095d0bef5c7fdab73cd05685d8fe1dd589287d78b38e4de7116fbe14461e414072677

review_instance_slug: ~

sidekiq_admin_panel: false

salesforce-gibft:
  url: 'https://va--rdtcddev.cs33.my.salesforce.com/'

salesforce:
  env: dev
  signing_key_path: 'spec/fixtures/vic/private.key'
  consumer_key: d669f7d339fd25af442bf75bb643c4c45f0f05fb3cb39cc77521e2011c6bb84086bb624d7ef14d715736

# Settings for Education Benefits
edu:
  prefill: true
  sftp:
    host: ~
    pass: ~
    user: ~
    port: ~


pension_burial:
  prefill: true
  sftp:
    relative_path: '../VETSGOV_PENSION'

central_mail:
  upload:
    enabled: true
    host: 'icmhs-api-test.csrarad.com'
    token: '<PENSIONS_TOKEN>'

# Settings for Vet360
vet360:
  url: "https://int.vet360.va.gov"
  contact_information:
    cache_enabled: false
    enabled: true
    timeout: 30
    mock: false


# Settings for IHub
ihub:
  url: "https://qacrmdac.np.crm.vrm.vba.va.gov"
  appointments:
    timeout: 30
    mock: true
  in_production: false


# Settings for EVSS
evss:
  prefill: true
  url: https://csraciapp6.evss.srarad.com
  service_name: "wss-form526-services-web"
  alternate_service_name: "wss-form526-services-web-v2"
  cert_path: ~
  key_path: ~
  root_cert_path: ~
  versions:
    claims: 3.0
    common: 11.0
    documents: 3.6
  s3:
    uploads_enabled: false
    aws_access_key_id: EVSS_S3_AWS_ACCESS_KEY_ID_XYZ
    aws_secret_access_key: EVSS_S3_AWS_SECRET_ACCESS_KEY_XYZ
    bucket: evss_s3_bucket
    region: evss_s3_region
  disability_compensation_form:
    timeout: 55 # ~1 minute
    submit_timeout: 355 # ~6 minutes
  letters:
    url: https://csraciapp6.evss.srarad.com
    timeout: 55
  pciu:
    timeout: 30
  pciu_address:
    timeout: 30
  mock_claims: false
  mock_letters: false
  mock_gi_bill_status: false
  mock_pciu: true
  mock_pciu_address: false
  mock_ppiu: true
  mock_itf: true
  mock_disabilities_form: true
  mock_vso_search: false
  aws:
    url: http://fake.evss-reference-data-service.dev/v1
    cert_path: ~
    key_path: ~
    root_ca: ~
  jwt:
    issuer: fake_issuer
    key: fake_key
  reference_data_service:
    enabled: false
  international_postal_codes: 'config/evss/international_postal_codes.json'

# Settings for GI Bill Data Service
gids:
  url: https://dev.va.gov/gids

mvi_hca:
  url: http://example.com

# Settings for Healthcare Application
# This CA chain is nonsense but allows local development to work with pre-prod environment.
hca:
  prefill: true
  endpoint: https://test-foo.vets.gov
  cert_path: /fake/client/cert/path
  key_path: /fake/client/key/path
  ee:
    endpoint: 'http://example.com'
    user: "HCASvcUsr"
    pass: "password"
  ca:
    - 'VA Internal Root CA.pem'
    - 'VA Internal Subordinate CA 1.pem'
    - 'VA-Internal-S2-ICA1-v1.pem'
    - 'VA-Internal-S2-RCA1-v1.pem'

# Settings for the facility locator
locators:
  vha: https://services3.arcgis.com/aqgBd3l68G8hEFFE/ArcGIS/rest/services/VHA_Facilities/FeatureServer/0
  nca: https://services3.arcgis.com/aqgBd3l68G8hEFFE/ArcGIS/rest/services/NCA_Facilities/FeatureServer/0
  vba: https://services3.arcgis.com/aqgBd3l68G8hEFFE/ArcGIS/rest/services/VBA_Facilities/FeatureServer/0
  vc: https://services3.arcgis.com/aqgBd3l68G8hEFFE/ArcGIS/rest/services/VHA_VetCenters/FeatureServer/0
  vha_access_satisfaction: https://www.accesstopwt.va.gov/
  vha_access_waittime: https://www.accesstocare.va.gov/
  base_path: https://services3.arcgis.com/aqgBd3l68G8hEFFE/ArcGIS/rest/services/
  providers_enabled: false

ppms:
  url: https://some.fakesite.com
  open_timeout: 15
  read_timeout: 55

# Settings for MyHealthEVet
mhv:
  # include ranges first, then individual exceptions to the ranges last.
  facility_range: [[358,718],[720,740],[742,758]]
  facility_specific: [['741MM']] # 741 is excluded, but 741MM is included
  rx:
    host: https://mhv-api.example.com
    app_token: fake-app-token
    collection_caching_enabled: false
    mock: true
  sm:
    host: https://mhv-api.example.com
    app_token: fake-app-token
    mock: true
  bb:
    mock: true
    collection_caching_enabled: true
  account:
    mock: false

# Settings for Master Veteran Index
mvi:
  url: http://ps-dev.commserv.healthevet.va.gov:8110/psim_webservice/IdMWebService
  open_timeout: 15
  timeout: 30
  mock: false
  processing_code: T
  client_cert_path: /fake/client/cert/path
  client_key_path: /fake/client/key/path
  pii_logging: false
  vba_orchestration: false
  edipi_search: false

# Settings for eMIS
# The certs used here can be obtained from the DevOps team. A different set is required for
# each environment when connecting to the service.
emis:
  mock: true
  host: https://vaausvrsapp81.aac.va.gov
  veteran_status_url: /VIERSService/eMIS/v1/VeteranStatusService
  payment_url: /VIERSService/eMIS/v1/PaymentService
  military_information_url: /VIERSService/eMIS/v1/MilitaryInformationService
  client_cert_path: /fake/client/cert/path
  client_key_path: /fake/client/key/path
  soap_namespaces:
    xmlns:xsd: http://www.w3.org/2001/XMLSchema
    xmlns:xsi: http://www.w3.org/2001/XMLSchema-instance
    xmlns:soap: http://www.w3.org/2003/05/soap-envelope
    xmlns:v1: http://viers.va.gov/cdi/CDI/commonService/v1
    xmlns:v12: http://viers.va.gov/cdi/eMIS/RequestResponse/v1
    xmlns:v13: http://viers.va.gov/cdi/eMIS/commonService/v1
  military_information:
    soap_namespaces:
      xmlns:v11: http://viers.va.gov/cdi/eMIS/RequestResponse/MilitaryInfo/v1
  payment:
    soap_namespaces:
      xmlns:v11: http://viers.va.gov/cdi/eMIS/RequestResponse/Payment/v1
  veteran_status:
    soap_namespaces:
      xmlns:v11: http://viers.va.gov/cdi/eMIS/RequestResponse/VetStatus/v1

appeals:
  mock: true
  app_token: PUBLICDEMO123
  host: https://dsva-appeals-certification-dev-1895622301.us-gov-west-1.elb.amazonaws.com

vic:
  url: https://some.fakesite.com
  signing_key_path: /fake/signing/key/path
  prefill: true
  s3:
    aws_access_key_id: 'aws_access_key_id'
    aws_secret_access_key: 'aws_secret_access_key'
    region: 'region'
    bucket: 'bucket'

# Settings for (preneeds) burials.
preneeds:
  host: http://some.fakesite.com
  wsdl: 'config/preneeds/wsdl/preneeds.wsdl'

# Settings for VBA Document upload service module
vba_documents:
  location:
    prefix:  http://some.fakesite.com/path
    replacement: http://another.fakesite.com/rewrittenpath
  s3:
    enabled: false
    aws_access_key_id: 'aws_access_key_id'
    aws_secret_access_key: 'aws_secret_access_key'
    region: 'region'
    bucket: 'bucket'
  sns:
    topic_arn: ~

#Settings for Claims Api Module
claims_api:
  s3:
    enabled: false
    aws_access_key_id: ~
    aws_secret_access_key: ~
    region: ~
    bucket: ~
  disability_claims_mock_override: false
  schema_dir: config/schemas

# Settings for Redis
# TODO(knkski): Move all redis settings here?
redis:
  host: localhost
  port: 6379

# Settings for GovDelivery (email delivery)
govdelivery:
  staging_service: true
  server: stage-tms.govdelivery.com
  token: ~

# Settings for Education Benefits report uploading
reports:
  send_email: true
  aws:
    access_key_id: ~
    bucket: ~
    region: ~
    secret_access_key: ~

oidc:
  auth_server_metadata_url: ~
  issuer: ~
  audience: ~
  base_api_url: https://example.com
  base_api_token: ~

sentry:
  dsn: ~

statsd:
  host: ~
  port: ~

shrine:
  claims:
    type: local
    path: claims
github:
  api_key: abcd1234abcd1234abcd1234abcd1234abcd1234

# Settings for maintenance window API
# Services should be a map from logical service name to PagerDuty service id
maintenance:
  pagerduty_api_url: https://api.pagerduty.com
  pagerduty_api_token: FAKE
  services:
    appeals: P9S4RFU
    arcgis: P45YBFA
    dslogon: P9DJJAV
    emis: P0HNT0I
    es: PH7OPR4
    evss: PZKWB6Y
    idme: PVWB4R8
    mvi: PCIPVGJ
    mhv: PP2ZZ2V
    search: PRG8HJI
    tims: PUL8OQ4
    vet360: PHVOGQ1
    vic: P7LW3MS

# Note: in addition to enabling / disabling betamocks here, you _must_ also
# change the 'mock' bool for each service you want to mock in this settings file
betamocks:
  enabled: true
  recording: false
  cache_dir: /cache
  services_config: config/betamocks/services_config.yml

faraday_socks_proxy:
  enabled: false
  uri: socks5://localhost:2002

google_analytics_tracking_id: ~

# Settings for search
search:
  access_key: SEARCH_GOV_ACCESS_KEY
  affiliate: va
  mock_search: true
  url: https://search.usa.gov/api/v2

bing:
  base_api_url: 'https://dev.virtualearth.net/REST/v1/Routes'
  key: fake_key

flipper:
  username: SUPER_SECRET_USERNAME
  password: SUPER_SECRET_PASSWORD