forked from zendesk/samson
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.env.example
118 lines (95 loc) · 5.37 KB
/
.env.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
PLUGINS=all
DEFAULT_URL=http://localhost:3000
SECRET_TOKEN={bundle exec rake secret}
RAILS_MIN_THREADS=5
RAILS_MAX_THREADS=10
# Required token to fetch commit diff / PR status / create tags etc
GITHUB_TOKEN=
## Auth with Github (optional)
# AUTH_GITHUB=true
# GITHUB_CLIENT_ID=
# GITHUB_SECRET=
# GITHUB_ORGANIZATION= # optional, users need to be member of this organization to sign up eg. 'zendesk'
# GITHUB_ADMIN_TEAM= # optional, users in this team are made into admins eg. owners
# GITHUB_DEPLOY_TEAM= # optional, users in this team are made into deployers eg. developers
# GITHUB_WEB_URL= # optional, replaces https://github.com
# GITHUB_API_URL= # optional, replaces https://api.github.com
# GITHUB_STATUS_URL= # optional, replaces https://status.github.com
## Auth with Google (optional)
# AUTH_GOOGLE=true
# GOOGLE_CLIENT_ID=
# GOOGLE_CLIENT_SECRET=
# GOOGLE_DOMAIN= # optional, set to @company.com to limit login only for people at Company
## Auth with LDAP (optional)
# AUTH_LDAP=true
# LDAP_TITLE= # eg. My LDAP Server}
# LDAP_HOST=192.168.25.188
# LDAP_PORT=389
# LDAP_BASE='dc=domain,dc=com'
# LDAP_UID=uid
# LDAP_BINDDN=userldap
# LDAP_PASSWORD=myldapsecret
## Auth with Gitlab (optional)
# AUTH_GITLAB=true
# GITLAB_APPLICATION_ID=
# GITLAB_SECRET=
# GITLAB_URL= # optional, replaces https://gitlab.com
## Buddy Check feature: deploys to production require a buddy
# BUDDY_CHECK_FEATURE=1 # optional, enable
# BUDDY_CHECK_TIME_LIMIT=20 # optional, max minutes a deploy is pending
# BYPASS_EMAIL= # optional, email destination that is alerted about buddy_check bypasses
# BYPASS_JIRA_EMAIL= # optional, jira email destination that is alerted about buddy_check bypasses
# BYPASS_DETAILS= # optional 'Some text explaining bypass procedure'
# PROJECT_CREATED_NOTIFY_ADDRESS=bobby-the-security-auditor@yourcompany.com
# PROJECT_DELETED_NOTIFY_ADDRESS=bobby-the-security-auditor@yourcompany.com # if not set uses PROJECT_CREATED_NOTIFY_ADDRESS
# DEPLOY_GROUP_FEATURE=1 # optional, enable Environments and DeployGroups
# GITHUB_HOOK_SECRET=abcdef # optional, verify github hooks are signed with webhook secret
# AIRBRAKE_API_KEY= # optional, report errors to airbrake
# FORCE_SSL=1 # optional, to require SSL
# SESSION_EXPIRATION=3600 # optional, after how much time (seconds) to expire sessions, default: 1 month
# ENV_WHITELIST=FOOBAR,BARFOO # optional, list of env values that should be passed to the command when deploying
## Docker
# DOCKER_FEATURE=1 # optional, docker support
# DOCKER_REGISTRIES=https://user:[email protected]/some-namespace # required, where to push/pull your docker images
# DOCKER_URL= # optional, use this url instead of connecting to unix socket
# DOCKER_KEEP_BUILT_IMGS # optional. Set to 1 to keep built images for cache. Fills the disk so some cleanup machanism is needed
# FLOWDOCK_API_TOKEN= # optional. only required for the flowdock integration user mention autocomplete in the buddy approval request form (when BUDDY_CHECK_FEATURE=1). Buddy approval notification would still work without this
## Slack
# SLACK_API_TOKEN= # optional. only required for the slack integration user mention autocomplete in the buddy approval request form (when BUDDY_CHECK_FEATURE=1). Buddy approval notification would still work without this
# SLACK_CLIENT_ID= # optional, see plugins/slack_app/README.md
# SLACK_CLIENT_SECRET= # optional, see plugins/slack_app/README.md
# SLACK_VERIFICATION_TOKEN= # optional, see plugins/slack_app/README.md
## Export job cleanup
## EXPORT_JOB_DOWNLOADED_AGE determines how long a csv export job and file should
## persist after it is downloaded before cleanup, default is 12 hours.
##
## EXPORT_JOB_MAX_AGE determines how long a csv export job and file should persist
## from it's creation date, default is 1 day.
# EXPORT_JOB_DOWNLOADED_AGE=43200 # optional
# EXPORT_JOB_MAX_AGE=86400 # optional
## JIRA_BASE_URL, if set, would enable the auto-detection of JIRA issue keys
## (e.g., KEY-123, SAMSON-456) in the titles and bodies of the pull requests
## associated with a deploy. The auto-detected JIRA issues will be displayed
## and linked (by prepending JIRA_BASE_URL) in the "JIRA Issues" tab of a deploy
##
## Full absolute JIRA URLs will still be detected, and they will take precedence
## over generated ones (i.e., if JIRA_BASE_URL is https://a.atlassian.net/browse/
## and both "KEY-123" and "http://z.atlassian.net/browse/KEY-123" appear in a
## pull request's title and body, only "http://z.atlassian.net/browse/KEY-123"
## would appear in the "JIRA Issues" tab).
##
# JIRA_BASE_URL= # optional, eg. https://jira.atlassian.net/browse/
## Request access UI on users profile page
# REQUEST_ACCESS_FEATURE=1 # optional, enable request access link
# REQUEST_ACCESS_EMAIL_ADDRESS_LIST= # optional, space separated list of email addresses (managers mailing list, JIRA, etc.)
# REQUEST_ACCESS_EMAIL_PREFIX= # optional, email subject prefix
## Secret storage
# SECRET_STORAGE_BACKEND= # optional, should be one of: SecretStorage::DbBackend (default) or SecretStorage::HashicorpVault
## Kubernetes
# SECRET_PULLER_IMAGE=zendesk/samson_secret_puller:latest # optional, docker image for zendesk/samson_secret_puller
## Jenkins, optional, for triggering Jenkins builds after deployment
# JENKINS_URL= # server_url of jenkins
# JENKINS_USERNAME= # user id
# JENKINS_API_KEY= # API Token from user / Configure page
## Hyperclair, optional to security scan built docker images
# HYPERCLAIR_PATH=/usr/local/bin/hyperclair