Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
41 commits
Select commit Hold shift + click to select a range
834683f
Split .env into scoped env files, begin refactoring services to set a…
OliverWoolland Jan 29, 2026
2dbd96a
Move demo mode password to creds.env
OliverWoolland Feb 6, 2026
fc75b35
Remove keycloak demo mode (already in env)
OliverWoolland Feb 6, 2026
1399ec9
Remove keycloak demo mode (already in env)
OliverWoolland Feb 6, 2026
2902787
Move seq routing to routes.env
OliverWoolland Feb 6, 2026
28cc1a3
Move seq routing to routes.env
OliverWoolland Feb 6, 2026
03fdf0e
Move rabbitmq route to routes.env
OliverWoolland Feb 6, 2026
7bd6df3
Add headers to routes
OliverWoolland Feb 6, 2026
e908fe2
Remove suppress anti forgery (duplicates env)
OliverWoolland Feb 6, 2026
ff1d6f0
Remove sslcookies (already in users env)
OliverWoolland Feb 6, 2026
25c9e5c
Remove httpsredirect (duplicates env)
OliverWoolland Feb 6, 2026
13eba94
Remove demo mode (duplicates env)
OliverWoolland Feb 6, 2026
9c23da6
Internal routes moved to internal env
OliverWoolland Feb 6, 2026
4fae6cf
Move credentialsconnection string
OliverWoolland Feb 6, 2026
8ae8135
Remove hutchssl as already in env
OliverWoolland Feb 6, 2026
2be42c4
move external hangfire to internal env
OliverWoolland Feb 6, 2026
48c23fc
Trename already in env
OliverWoolland Feb 6, 2026
6438adf
Move TES settings out of compose
OliverWoolland Feb 6, 2026
93ae4ab
Move job settings to env
OliverWoolland Feb 6, 2026
fbe8051
Move hutch settings
OliverWoolland Feb 6, 2026
75abb62
Move dareapi settings
OliverWoolland Feb 6, 2026
e345203
Move egress api setting to config
OliverWoolland Feb 6, 2026
118550f
Move tre key cloak settings to config
OliverWoolland Feb 6, 2026
faa269a
Move data egress keycloak settings for tre-api
OliverWoolland Feb 9, 2026
9af6798
Move submission keycloak settings
OliverWoolland Feb 10, 2026
f6e6e14
Remove dangling data egress keycloak settings
OliverWoolland Feb 10, 2026
2f4ec15
Move submission keycloak config
OliverWoolland Feb 10, 2026
d0339f5
Move more submission keycloak to interneal
OliverWoolland Feb 11, 2026
60dda5b
Move vault config to own file
OliverWoolland Feb 12, 2026
5ef9e83
Move ldap config to own file
OliverWoolland Feb 12, 2026
02f79a3
Centralise minio config
OliverWoolland Feb 16, 2026
2ad2947
Rearrange internal for greater readability
OliverWoolland Feb 16, 2026
0f7ed4d
Move zeebe config
OliverWoolland Feb 16, 2026
27100a0
Move postgres creds and config
OliverWoolland Feb 16, 2026
e766dc7
Change my mind about postgres file
OliverWoolland Feb 16, 2026
ae67a5b
Align adminer and postgres
OliverWoolland Feb 16, 2026
c5e7e5d
Ensure environment is not passed to services that don't want it, move…
OliverWoolland Feb 16, 2026
54a3bd0
Move some keycloak config out
OliverWoolland Feb 16, 2026
c140112
Move config files into subdirectory
OliverWoolland Feb 17, 2026
28de5f4
Remove all env tag, apply each env file individually
OliverWoolland Feb 17, 2026
bc223d9
A few small corrections caught on review
OliverWoolland Feb 17, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
148 changes: 0 additions & 148 deletions AllInOne/.env

This file was deleted.

19 changes: 19 additions & 0 deletions AllInOne/config/creds.env
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
POSTGRES_USER=admin
POSTGRES_PASSWORD=admin

TRE_DATA_USER=admin
TRE_DATA_PASSWORD=admin

MinioTRESettings__AccessKey=minio
MinioTRESettings__SecretKey=minio123

MinioSettings__AccessKey=minio
MinioSettings__SecretKey=minio123

DemoModeDefaultP=password123

LDAP_ADMIN_PASSWORD="admin"
LDAP_CONFIG_PASSWORD="config"

KC_BOOTSTRAP_ADMIN_USERNAME=admin
KC_BOOTSTRAP_ADMIN_PASSWORD=admin
143 changes: 143 additions & 0 deletions AllInOne/config/internal.env
Original file line number Diff line number Diff line change
@@ -0,0 +1,143 @@
### internal.env
### This file contains config which users *should not edit* without good reason
### This file will be maintained by the developers

# ==============================================================================
# Core Infrastructure
# ==============================================================================

TRE_DATA_SERVER=postgres
TRE_DATA_PORT=5432
TRE_DATA_DATABASE=tredata

RabbitMQ__HostAddress=rabbitmq

CAMUNDA_VERSION=8.8.0
CAMUNDA_BUNDLE_VERSION=8.8.1
ELASTIC_VERSION=8.17.5

URLSettingsFrontEnd__QueryImage=harbor.ukserp.ac.uk/dare-trefx/control-tre-hasura:1.34.1


# ==============================================================================
# TRE API & UI
# ==============================================================================

TreAPISettings__InternalApiBaseUrl=http://treAPI:8080
TreAPISettings__PublicApiBaseUrl=http://localhost:8072

TreAPIKeyCloakUseRedirect=false
TreAPIKeyCloakSecret=e9021a57-3f4f-4254-ba27-2cdbb99a2cb5
TreAPIKeyCloakBaseRealmAddress=http://keycloak:8080/realms/Dare-TRE
TreAPIKeyCloakAuthority=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration
TreAPIKeyCloakClientId=Dare-TRE-API
TreAPIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration
TreAPIAccountManagementURLUI=http://localhost:8085/realms/Dare-TRE/account
TreAPIValidAudiences=Dare-TRE-API,Dare-TRE-UI


# ==============================================================================
# TRE Keycloak Settings
# ==============================================================================

TreKeyCloakSettings__Authority=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration
TreKeyCloakSettings__MetadataAddress=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuratio
TreKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Dare-TRE
TreKeyCloakSettings__ClientId=Dare-TRE-UI
TreKeyCloakSettings__ClientSecret=2de114bc-3599-45f1-9b61-5090c6859dfe
TreKeyCloakSettings__ValidAudiences=Dare-TRE-API,Dare-TRE-UI
TreKeyCloakSettings__AccountManagementURL=http://localhost:8085/realms/Dare-TRE/account
TreKeyCloakSettings__BypassProxy="treAPI,seq-tre"
TreKeyCloakSettings__UseRedirectURL=false

KeyCloakUseRedirect=false


# ==============================================================================
# Submission API & UI
# ==============================================================================

DareAPISettings__Address=http://submissionAPI:8080

SubmissionUIAccountManagementURL=http://keycloak:8080/realms/Dare-Control/account
SubmissionUIKeyCloakBaseUrl=http://keycloak:8080/realms/Dare-Control
SubmissionUIClientSecret=1218304e-bf92-4706-83f6-912e0b04ecb9
SubmissionUIKeyCloakMetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration
SubmissionUIKeyCloakAuthority=http://keycloak:8080/realms/Dare-Control/

SubmissionKeyCloakSettings__Authority=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration
SubmissionKeyCloakSettings__MetadataAddress=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

also commented on Nottingham's PR but Posting it here too,
It might be useful to use a compound environment variable
keycloakURL=http://keycloak:8080

SubmissionKeyCloakSettings__MetadataAddress={keycloakURL}/realms/Dare-Control/.well-known/openid-configuration

(this would be in the compose so, It doesn't clog up the environment list)

Then you only need to specify keycloakURL,
since the rest should stay pretty static, I can't think of any reason why anyone would need to change the realm name but, It wouldn't be too hard to modify it to have the realm name as well that you can specify

e.g like so
keycloakURL=http://keycloak:8080
realm=Dare-Control

SubmissionKeyCloakSettings__MetadataAddress={keycloakURL}/realms/{realm}/.well-known/openid-configuration

SubmissionKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Dare-Control
SubmissionKeyCloakSettings__ClientId=Dare-Control-API
SubmissionKeyCloakSettings__ClientSecret=2e60b956-16bc-4dea-8b49-118a8baac5e5
SubmissionKeyCloakSettings__ValidAudiences=Dare-Control-UI,Dare-Control-API,Dare-Control-Minio
SubmissionKeyCloakSettings__BypassProxy="submissionAPI,seq-tre"
SubmissionKeyCloakSettings__UseRedirectURL=false
SubmissionKeyCloakSettings__SignedOutRedirectUri=/
SubmissionKeyCloakSettings__TokenRefreshSeconds=3600
SubmissionKeyCloakSettings__Server=keycloak:8080
SubmissionKeyCloakSettings__Protocol=http
SubmissionKeyCloakSettings__Realm=Dare-Control
SubmissionKeyCloakSettings__AutoTrustKeycloakCert=false
SubmissionKeyCloakSettings__ValidIssuer=
SubmissionKeyCloakSettings__ValidAudience=


# ==============================================================================
# Data Egress
# ==============================================================================

DataEgressAPISettings__Address=http://DataEgressAPI:8080

DataEgressKeyCloakSettings__Authority=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration
DataEgressKeyCloakSettings__MetadataAddress=http://keycloak:8080/realms/Data-Egress/.well-known/openid-configuration
DataEgressKeyCloakSettings__BaseUrl=http://keycloak:8080/realms/Data-Egress
DataEgressKeyCloakSettings__ClientId=Data-Egress-API
DataEgressKeyCloakSettings__ClientSecret=81c1f071-8c45-49ef-a966-84ca8f420b7e
DataEgressKeyCloakSettings__ValidAudiences=Data-Egress-UI,Data-Egress-API
DataEgressKeyCloakSettings__UseRedirectURL=false
DataEgressKeyCloakSettings__BypassProxy="DataEgressUI,treAPI,seq-tre"


# ==============================================================================
# Credential API
# ==============================================================================

CredentialAPISettingsStartWebhookUrl=http://connectors:8080/inbound/StartCredentials
CredentialAPISettingsRevokeWebhookUrl=http://connectors:8080/inbound/RevokeCredentials


# ==============================================================================
# Agent / TES Execution
# ==============================================================================

AgentSettings__TESKOutputBucketPrefix=s3://
AgentSettings__UseTESK=false
AgentSettings__UseRabbit=false
AgentSettings__TESKAPIURL=


# ==============================================================================
# Hutch
# ==============================================================================

Hutch__DbServer=theserver
Hutch__DbName=theDb
Hutch__DbPort=24


# ==============================================================================
# Jobs & Scheduling
# ==============================================================================

JobSettings__scanSchedule=1
JobSettings__syncSchedule=2
EnableExternalHangfire=false


# ==============================================================================
# Logging
# ==============================================================================

Serilog__SeqServerUrl=http://seq:5341

8 changes: 8 additions & 0 deletions AllInOne/config/ldap.env
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
# LDAP settings
LdapSettings__Host=openldap
LdapSettings__Port=389
LdapSettings__AdminDn=cn=admin,dc=camundaephemeral,dc=local
LdapSettings__AdminPassword=admin
LdapSettings__BaseDn=dc=camundaephemeral,dc=local
LdapSettings__UserOu=ou=Users
LdapSettings__UseSSL=false
21 changes: 21 additions & 0 deletions AllInOne/config/minio.env
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
MINIO_IDENTITY_OPENID_DISPLAY_NAME=SSO_IDENTIFIER
MINIO_IDENTITY_OPENID_SCOPES=openid

MinioOpenidSecret=8a11bbcd-693a-4549-bda4-3e978fcf4de1
MinioIdentityIDURL=Dare-Control-Minio
MinioIdentityConfigURL=http://keycloak:8080/realms/Dare-Control/.well-known/openid-configuration

MinioTreOpenidSecret=71ee3de3-0e0c-49c8-a0b2-c0e490c90591
MinioTreIdentityID=Dare-TRE-Minio
MinioTreIdentityConfigURL=http://keycloak:8080/realms/Dare-TRE/.well-known/openid-configuration

MinioTRESettings__Url=http://minioTRE:9000
MinioTRESettings__AdminConsole=http://minioTRE:9001
MinioTRESettings__AWSRegion=us-east-1

MinioSubSettings__Url=http://minioSubmission:9000
MinioSubSettings__AdminConsole=http://minioSubmission:9001
MinioSubSettings__BucketName=testbucket
MinioSubSettings__AWSRegion=us-east-1

MinioSettings__BucketName=testbucket
1 change: 1 addition & 0 deletions AllInOne/config/postgres.env
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
POSTGRES_DB=DARE-Control
40 changes: 40 additions & 0 deletions AllInOne/config/routes.env
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
### routes.env
### This file contains the public URLs used by the stack, these should be
### customised for your domain and needs

# -------------------------------------------------------------------------------
# External routes

MinioBrowser=http://localhost:9000
#MinioServerApi=http://127.0.0.1:9000

# Where TESK or Funnel API is hosted:
TesAPIUrl=http://host.docker.internal:8000/v1/tasks

# Hutch config
Hutch__HutchAPIAddress=https://localhost:7239
MinioTRESettings__HutchMinioURLOverride=

# Egress config
DataEgressKeyCloakSettings__RedirectURL=https//localhost:8100/
DataEgressKeyCloakSettings__TokenExpiredAddress=http://localhost:8100/Account/LoginAfterTokenExpired

# Submission config
SubmissionKeyCloakSettings__TokenExpiredAddress=http://localhost:8989/Account/LoginAfterTokenExpired
SubmissionKeyCloakSettings__RedirectURL=http://localhost:8989/

# Keycloak config
KeyCloakClientUIRediretURL=http://localhost:8888/
KeyCloakTokenExpredAddressUI=http://localhost:8888/Account/LoginAfterTokenExpired

# TRE config
TreKeyCloakSettings__RedirectURL=http://localhost:8989/
TreKeyCloakSettings__TokenExpiredAddress=http://localhost:8989/Account/LoginAfterTokenExpired

# TRE API config
TreAPIKeyCloakClientUIRediretURL=http://localhost:8989/
TreAPIKeyCloakTokenExpredAddressUI=http://localhost:8989/Account/LoginAfterTokenExpired
URLSettingsFrontEnd__MinioUrl=localhost:9001

# Keycloak UI
KEYCLOAK_FRONTEND_URL=http://localhost:8085/auth
Loading