config.yml

defaults:
  app:
    publishMetaData:              !env:bool PUBLISH_METADATA
    statsComponent:               'secrets'
    # Time delay before expiring secrets, in readable format, see:
    # taskcluster.fromNow, notice this should be negative!
    secretExpirationDelay:        '- 30 seconds'


  # TaskCluster configuration
  taskcluster:
    rootUrl:                      !env TASKCLUSTER_ROOT_URL

    # TaskCluster credentials for this server, allowing access to the Azure table,
    # sentry, statsum, etc.
    credentials:
      clientId:                   !env TASKCLUSTER_CLIENT_ID
      accessToken:                !env TASKCLUSTER_ACCESS_TOKEN

  azure:
    accountId:                    !env AZURE_ACCOUNT
    tableName:                    !env AZURE_TABLE_NAME
    cryptoKey:                    !env AZURE_CRYPTO_KEY
    signingKey:                   !env AZURE_SIGNING_KEY

  monitoring:
    project:                    !env MONITORING_PROJECT
    enable:                     !env:bool MONITORING_ENABLE

  # Server configuration
  server:
    # Port to listen for requests on
    port:                           !env:number PORT

    # Environment 'development' or 'production'
    env:                            'development' 
    # Force SSL, not useful when runnning locally
    forceSSL:                       false

    # Trust a forwarding proxy
    trustProxy:                     false

  # AWS SDK configuration for publication of schemas and references
  aws:
    # Access key id (typically configured using environment variables)
    accessKeyId:                    !env AWS_ACCESS_KEY_ID

    # Secret access key (typically configured using environment variables)
    secretAccessKey:                !env AWS_SECRET_ACCESS_KEY

    # Default AWS region, this is where the S3 bucket lives
    region:                         'us-west-2'

    # Lock API version to use the latest API from 2013, this is fuzzy locking
    # but it does the trick...
    apiVersion:                     '2014-01-01'

staging:
  app:
    statsComponent: 'secrets-staging'

production:
  server:
    port:                         80
    env:                          'production'
    # We trust the proxy on heroku, as the SSL end-point provided by heroku
    # is a proxy, so we have to trust it.
    trustProxy:                   true

test:
  app:
    publishMetaData: false
    statsComponent:               'test-queue'
    # four days in the future, so secrets are always expired
    secretExpirationDelay:        '4 days'

  azure:
    accountId:                    'jungle'
    tableName:                    'SecretsTestTable'
    cryptoKey:                    'CNcj2aOozdo7Pn+HEkAIixwninIwKnbYc6JPS9mNxZk='
    signingKey:                   'REALULTIMATEPOWER.NET'

  monitoring:
    enable: false

  server:
    port:                         60415