Environment Variables

The school experience application supports various environment variables to control different aspects of the application.

These can be configured as part of your shell or more easily by editing the .env file. Optionally .env.development / .env.test files can be created for environment specific variables.

Full documentation is at https://github.com/bkeepers/dotenv/blob/master/README.md

HTTP Basic Auth access control

If its required to password protect then entire application then you can set two environment variables when booting the app. This can either be part of the deployment configuration.

SECURE_USERNAME username for http auth

SECURE_PASSWORD password for http auth

Exception notification

If required Exceptions Notifications can be sent to Sentry.

SENTRY_DSN - Send exception reports to sentry, config value supplied by Sentry. An organisation owner or #digital-tools-support can add new members to the school-experience team in the org dfe-teacher-services. Then a new key can be generated via https://sentry.io/settings/dfe-teacher-services/projects/school-experience/keys/.

Monitoring

APP_INSIGHTS_INSTRUMENTATION_KEY - value supplied by Microsoft Application Insights

Gitis configuration

CRM_PRIVACY_CONSENT_ID - GUID for the privacy policy consent id used by candidates - supplied by Gitis team

GIT_API_TOKEN - API key for the GiT API.

DFE Sign-in configuration

DFE_SIGNIN_SECRET - Secret string used to encore/decode the payload when communicating with DSI. It it generated on the manage service page in OpenID Connect / Client secret

DFE_SIGNIN_API_ENDPOINT - DSI API endpoint to access extra data from the API. May point to preprod or prod DSI environment.

DFE_SIGNIN_API_SECRET - Secret string used to decode the payload from DSI API. It it generated on the manage service page in API / Secret.

DFE_SIGNIN_BASE_URL - URL for the site which DfE Sign-in OIDC flow will link back to. Shown on DSI /my-services page. It it set on the manage service page in Service details / Home Url.

DFE_SIGNIN_CLIENT_ID - Client ID used to connect to DSI via OIDC. It it set on the manage service page in OpenID Connect / Client Id.

DFE_SIGNIN_HOST - DSI OIDC environment endpoint for authentication. May point to preprod or prod DSI environment.

DFE_SIGNIN_API_ENABLED - Enhance the integration using the Sign-in API, also turns on check if the user belongs to multiple organisations, 1 = on, blank = off

DFE_SIGNIN_API_ROLE_CHECK_ENABLED - Enables checking the user supplied by DfE Sign-in has the appropriate role over the Organisation supplied by DfE Sign-in

DFE_SIGNIN_API_SCHOOL_CHANGE_ENABLED - Moves choosing an organisation from the Sign-in chooser to the the Change school screen within the app.

DFE_SIGNIN_SCHOOL_EXPERIENCE_ADMIN_SERVICE_ID - UUID of the School experience service within the designated Sign-in environment, needed for the role check functionality. It can be found in the URL of the manage service.

DFE_SIGNIN_SCHOOL_EXPERIENCE_ADMIN_ROLE_ID - UUID of the School experience administrator role within the designated Sign-in environment, needed for the role check functionality. It can be found in the manage service in the Manage roles section.

DFE_SIGNIN_API_CLIENT - Sets the iss claim in the payload. The “iss” (issuer) claim identifies the principal that issued the JWT. It it set on the manage service page in OpenID Connect / Client Id.

Other integrations

NOTIFY_API_KEY - API key used to send emails via Notify. Tech leads and senior developers have access to the Notify account.

GOOGLE_MAPS_KEY - API key used to query Google Maps. Created in the “Becoming a Teacher” Google cloud project.

GTM_ID - Google Tag Manager account id

GTM_UA_ID - Universal Analytics ID (required for clearning the cookie)

SLACK_WEBHOOK - Webhook to communicate pipeline events to Slack channel. A new token may be generated on Slack app https://ukgovernmentdfe.slack.com/apps/A02HUD62ADP-school-experience-deployments. New collaborators may be added by existing collaborators or #digital-tools-support.

Deactivating the service

MAINTENANCE_MODE - Put entire service into maintenance mode, 1 = on, blank = off

DFE_SIGNIN_DEACTIVATED - Disable sign-in, useful if their is a Sign-in outage - 1 = on, blank = off

DEACTIVATE_CANDIDATES - Deactivates candidate applications, including searching

Database configuration

DATABASE_URL - normal rails variable

DB_HOST - postgres host, defaults to nil - ie, use socket

DB_DATABASE - name of database to use

DB_USERNAME - username for postgres

DB_PASSWORD - password for postgres

REDIS_URL - url for Redis server, defaults to local Redis server

Redirection

CANONICAL_DOMAIN - if set, connections via a different domain are redirected to the canonical one

Deployment tools

DEPLOYMENT_ID - String to be available at /healthcheck - used to check the deployed version

Other

CANDIDATE_URN_WHITELIST - Comma separated whitelist of school URNS which will always be shown in the search results.

SECRET_KEY_BASE - Key used by Rails to verify the integrity of signed cookies.