forked from taskcluster/taskcluster-secrets
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.yml
110 lines (87 loc) · 3.88 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
defaults:
taskclusterSecrets:
publishMetaData: !env PUBLISH_METADATA
statsComponent: 'secrets'
# Time delay before expiring secrets, in readable format, see:
# taskcluster.fromNow, notice this should be negative!
secretExpirationDelay: '- 30 seconds'
# TaskCluster configuration
taskcluster:
# BaseUrl for auth, if default built-in baseUrl isn't to be provided
authBaseUrl: 'https://auth.taskcluster.net/v1'
# TaskCluster credentials for this server, these must have scopes:
# auth:credentials
# (typically configured using environment variables)
credentials:
clientId: !env TASKCLUSTER_CLIENT_ID
accessToken: !env TASKCLUSTER_ACCESS_TOKEN
azure:
accountName: !env AZURE_ACCOUNT
tableName: !env AZURE_TABLE_NAME
cryptoKey: !env AZURE_CRYPTO_KEY
signingKey: !env AZURE_SIGNING_KEY
raven:
# This can be grabbed from the settings of the sentry project
# and is a string that looks like:
# https://<pubkey>:<privkey>@app.getsentry.com/<port>
sentryDSN: !env SENTRY_DSN
# Server configuration
server:
# Public URL from which the server can be accessed (used for persona)
publicUrl: 'https://secrets.taskcluster.net'
# Port to listen for requests on
port: !env:number PORT
# Environment 'development' or 'production'
env: 'development'
# Force SSL, not useful when runnning locally
forceSSL: false
# Trust a forwarding proxy
trustProxy: false
# InfluxDB configuration
influx:
# Usually provided as environment variables, must be on the form:
# https://<user>:<pwd>@<host>:<port>/db/<database>
connectionString: !env INFLUX_CONNECTION_STRING
# Maximum delay before submitting pending points
maxDelay: 5 * 60
# Maximum pending points in memory
maxPendingPoints: 250
# AWS SDK configuration for publication of schemas and references
aws:
# Access key id (typically configured using environment variables)
accessKeyId: !env AWS_ACCESS_KEY_ID
# Secret access key (typically configured using environment variables)
secretAccessKey: !env AWS_SECRET_ACCESS_KEY
# Default AWS region, this is where the S3 bucket lives
region: 'us-west-2'
# Lock API version to use the latest API from 2013, this is fuzzy locking
# but it does the trick...
apiVersion: '2014-01-01'
production:
taskclusterSecrets:
exchangePrefix: 'v1/'
server:
publicUrl: 'https://secrets.taskcluster.net'
port: 80
env: 'production'
forceSSL: true
# We trust the proxy on heroku, as the SSL end-point provided by heroku
# is a proxy, so we have to trust it.
trustProxy: true
test:
taskclusterSecrets:
publishMetaData: 'false'
statsComponent: 'test-queue'
# Time delay before expiring secrets, in readable format, see:
# taskcluster.fromNow, notice this should be negative!
# But in testing we just expire secrets 4 days into the future that's good
# fun :)
secretExpirationDelay: '4 days'
azure:
accountName: 'inMemory'
tableName: 'SecretsTestTable'
cryptoKey: 'CNcj2aOozdo7Pn+HEkAIixwninIwKnbYc6JPS9mNxZk='
signingKey: 'REALULTIMATEPOWER.NET'
server:
publicUrl: 'http://localhost:60415'
port: 60415