ORCID · DanielPalafox · Mar 27, 2026
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,90 @@
+# Node.js
+**/node_modules
+**/npm-debug.log
+**/package-lock.json
+
+# Angular build outputs and cache
+**/.angular
+**/dist
+**/tmp
+
+# Java/Maven
+**/target
+**/.mvn
+
+# IDE - IntelliJ IDEA
+.idea
+*.iml
+*.iws
+*.ipr
+
+# IDE - VSCode
+.vscode
+
+# IDE - Eclipse
+.project
+.classpath
+.settings
+.factorypath
+eclipse_formatter.xml
+eclipse_javascript_formatter.xml
+intellij_codestyle.xml
+
+# Git
+.git
+.gitignore
+
+# GitHub
+.github
+
+# Logs
+logs
+*.log
+**/hs_err_pid*.log
+**/replay_pid*.log
+
+# Environment files
+.env
+.env.example
+
+# Docker
+Dockerfile
+docker-compose.yml
+.dockerignore
+
+# CI/CD and deployment
+release.sh
+deploy-dev-only.sh
+docker-build.sh
+
+# Testing
+**/cypress
+**/*.spec.ts
+**/*.test.ts
+**/karma.conf.js
+**/cypress.config.ts
+
+# Documentation
+README.md
+**/README.md
+
+# Keystores (should be mounted as volumes)
+keystores
+
+# Samples
+samples
+
+# Policy
+policy
+
+# Transifex
+.tx
+
+# Misc
+.trello
+.dclintrc
+.yo-rc.json
+.mise.toml
+.pre-commit-config.yaml
+.editorconfig
+.angulardoc.json
diff --git a/dot_env_example → .env.example b/dot_env_example → .env.example
@@ -1,35 +1,66 @@
+BASE_URL=http://localhost:8080
+DOCKER_REG=
+ENV=local
+ISSUER_URL=http://localhost:9000
+LANDING_PAGE_URL=http://localhost:8080/landing-page
+UI_BASE_URL=[PUBLIC UI URL e.g. https://member-services.orcid.org]
+
 MONGO_DB=[MONGO CONNECTION STRING]
-ORCID_API_ENDPOINT=https://api.sandbox.orcid.org/v3.0/
+
 JWT_SIGNATURE_URL=https://sandbox.orcid.org/oauth/jwks
-LANDING_PAGE_URL=http://localhost:8080/landing-page
-TOKEN_EXCHANGE_ENDPONT=https://sandbox.orcid.org/oauth/token
+INTERNAL_API_ENDPOINT=[ORCID API]
+ORCID_API_ENDPOINT=https://api.sandbox.orcid.org/v3.0/
+TOKEN_EXCHANGE_CLIENT_ID=[ORCID API CLIENT ID]
+TOKEN_EXCHANGE_CLIENT_SECRET=[ORCID API CLIENT SECRET]
+TOKEN_EXCHANGE_ENDPOINT=[ORCID OAUTH]
 TOKEN_EXCHANGE_GRANT_TYPE=urn:ietf:params:oauth:grant-type:token-exchange
-TOKEN_EXCHANGE_SUBJECT_TOKEN_TYPE=urn:ietf:params:oauth:token-type:id_token
 TOKEN_EXCHANGE_REQUESTED_TOKEN_TYPE=urn:ietf:params:oauth:token-type:access_token
-TOKEN_EXCHANGE_CLIENT_ID=[ORCID SANDBOX API CLIENT ID]
-TOKEN_EXCHANGE_CLIENT_SECRET=[ORCID SANDBOX API CLIENT SECRET]
-CRON_POST_AFFILIATIONS=60000
-CRON_PUT_AFFILIATIONS=60000
-MAIL_HOST=[MAIL HOST SMTP]
-MAIL_PORT=25
-MAIL_USER=[MAIL HOST SMTP USER]
-MAIL_PASSWORD=[MAIL HOST SMTP PASSWORD]
-MAIL_FROM=[MAIL FROM ADDRESS]
-BASE_URL=http://localhost:8080
-ENV=local
-TAG=[RELEASE TAG WILL BE OVERWRITTEN BY DEPLOY SCRIPT]
-INSIGHT_TOKEN=[INSIGHT OPS TOKEN]
-JWT_PRIVATE_KEY=file:/keystores/mserv-dev-jwt.key
-JWT_PUBLIC_KEY=file:/keystores/mserv-dev-jwt.pem
-JWT_KEY_ID=dev-key-id-v1
-USER_SERVICE_INTERNAL_CLIENT_SECRET=[GENERATED SECRET]
-ASSERTION_SERVICE_INTERNAL_CLIENT_SECRET=[GENERATED SECRET]
+TOKEN_EXCHANGE_SUBJECT_TOKEN_TYPE=urn:ietf:params:oauth:token-type:id_token
+
 ASSERTION_ENCRYPT_KEY=[GENERATED HEX]
 ASSERTION_ENCRYPT_SALT=[GENERATED HEX]
-USER_ENCRYPT_KEY=[GENERATED HEX]
-USER_ENCRYPT_SALT=[GENERATED HEX]
+ASSERTION_SERVICE_INTERNAL_CLIENT_SECRET=[GENERATED SECRET]
+JWT_KEY_ID=dev-key-id-v1
+JWT_PRIVATE_KEY=file:/keystores/mserv-dev-jwt.key
+JWT_PUBLIC_KEY=file:/keystores/mserv-dev-jwt.pem
 MEMBER_ENCRYPT_KEY=[GENERATED HEX]
 MEMBER_ENCRYPT_SALT=[GENERATED HEX]
-USER_SERVICE_URL=http://userservice-2-app:9000
+USER_ENCRYPT_KEY=[GENERATED HEX]
+USER_ENCRYPT_SALT=[GENERATED HEX]
+USER_SERVICE_INTERNAL_CLIENT_SECRET=[GENERATED SECRET]
+
 MEMBER_SERVICE_URL=http://memberservice-2-app:9010
-UI_BASE_URL=[PUBLIC UI URL e.g. https://member-services.orcid.org]
+USER_SERVICE_URL=http://userservice-2-app:9000
+
+CONTACT_UPDATE_RECIPIENT=email@orcid.org
+MAIL_CONTACT_UPDATE_RECIPIENT=email@orcid.org
+MAIL_API_KEY=key
+MAIL_API_URL=[API URL]
+MAIL_FROM_ADDRESS=no-reply@orcid.org
+MAIL_FROM_NAME=ORCID Member Portal
+MAIL_TEST_MODE=true
+
+CRON_GENERATE_MEMBER_ASSERTION_STATS=0 0 10 ? * MON
+CRON_POST_AFFILIATIONS=60000
+CRON_PUT_AFFILIATIONS=60000
+CRON_SYNC_AFFILIATIONS=60000
+RESEND_NOTIFICATION_DAYS=1,2
+RESEND_NOTIFICATION_CRON=0 0/10 * * * ?
+STORED_FILE_LIFESPAN=7
+
+HOLISTICS_AFFILIATION_DASHBOARD_SECRET=secret
+HOLISTICS_AFFILIATION_DASHBOARD_URL=blah
+HOLISTICS_CONSORTIA_DASHBOARD_SECRET=secret
+HOLISTICS_CONSORTIA_DASHBOARD_URL=blah
+HOLISTICS_INTEGRATION_DASHBOARD_SECRET=blah
+HOLISTICS_INTEGRATION_DASHBOARD_URL=blah
+HOLISTICS_MEMBERAFFILIATIONS_DASHBOARD_SECRET=blah
+HOLISTICS_MEMBERAFFILIATIONS_DASHBOARD_URL=blah
+HOLISTICS_MEMBER_DASHBOARD_SECRET=secret
+HOLISTICS_MEMBER_DASHBOARD_URL=blah
+HTTP_CONN_TTL=20
+HTTP_MAX_CONN_PER_ROUTE=20
+HTTP_MAX_CONN_TOTAL=100
+INSIGHT_TOKEN=[INSIGHT OPS TOKEN]
+
+TAG=[RELEASE TAG WILL BE OVERWRITTEN BY DEPLOY SCRIPT]
diff --git a/README.md b/README.md
@@ -8,9 +8,9 @@ Project tasks are managed in Trello:
 - Current development tasks: https://trello.com/b/a8Cxpwqe/member-services-current-development
 - Release notes: https://trello.com/b/9Xugawlx/member-services-release-notes-2020
 
-# Development setup
+## Development setup
 
-## Prerequisites
+### Prerequisites
 
 - [OpenJDK 11](https://openjdk.java.net/install/)
 - [Git](https://git-scm.com/downloads)
@@ -21,104 +21,91 @@ Project tasks are managed in Trello:
 - [MongoDB compass](https://www.mongodb.com/products/compass) also recommended
 - [Angular CLI](https://v16.angular.io/cli)
 
-## Install and start MongoDB
+### Environment configuration
+
+Use the provided `.env.example` as the starting point for local configuration.
+
+Copy it to a local `.env` file and update the values for your environment. Keep secrets out of version control.
+
+### Install and start MongoDB
 
 Install and start [MongoDB Community Edition for your OS](https://docs.mongodb.com/manual/administration/install-community/)
 
-## Clone the orcid-member-services repository
+### Clone the repository
 
 Create a `git` directory in your home folder, and clone the orcid-member-services project there:
 
+```bash
     mkdir ~/git
     cd ~/git
     git clone git@github.com:ORCID/orcid-member-services.git
+```
 
-## Set Java version to Open JDK 11
+### Set Java version to Open JDK 11
 
 Edit bash profile to set JAVA_HOME to your OpenJDK 11 path, ex:
 
+```bash
     vim ~/.bash_profile
     export JAVA_HOME=$(/usr/libexec/java_home -v 11)
+```
 
-##
-
-Set up environment variables required by the application:
-
-- APPLICATION_BASEURL : base url of the application, eg https://member-portal.qa.orcid.org for ORCID's QA instance
-- APPLICATION_CONTACT_UPDATE_RECIPIENT : email of contact update recipient
-- APPLICATION_ENCRYPT_KEY : encryption key
-- APPLICATION_ENCRYPT_SALT : encryption salt
-- APPLICATION_INTERNAL_ACCESS_TOKEN : access token for internal ORCID endpoints
-- APPLICATION_INTERNAL_API_ENDPOINT : base url of internal ORCID endpoint
-- APPLICATION_LANDING_PAGE_URL : oauth landing page
-- APPLICATION_MAIL_API_KEY : mail api key
-- APPLICATION_MAIL_API_URL : mail api url 
-- APPLICATION_MAIL_DOMAIN : mail domain
-- APPLICATION_MAIL_FROM_ADDRESS : mail from address
-- APPLICATION_MAIL_FROM_NAME : mail from name
-- APPLICATION_ORCIDAPIENDPOINT : orcid api endpoint
-- APPLICATION_RESEND_NOTIFICATION_CRON : cron expression for resending notifications job
-- APPLICATION_RESEND_NOTIFICATION_DAYS : time delay in days for resending notifications
-- APPLICATION_SALESFORCE_REQUEST_TIMEOUT : salesforce client timeout
-- APPLICATION_TOKEN_EXCHANGE_CLIENT_ID : salesforce client id
-- APPLICATION_TOKEN_EXCHANGE_CLIENT_SECRET : salesforce client secret
-- APPLICATION_TOKEN_EXCHANGE_ENDPOINT : token exchange endpoint for salesforce client
-- MEMBER_ASSERTION_STATS_CRON : cron expression for affiliation stats job
-- SALESFORCE_CLIENT_ENDPOINT : salesforce client endpoint 
-- SALESFORCE_CLIENT_TOKEN : salesforce client token
-- STORED_FILE_LIFESPAN : lifespan of stoerd files 
-- UAA_KEYSTORE_NAME : keystore file
-- UAA_KEYSTORE_PASSWORD : keystore password
-
-## Start the discovery service
-
-- Open a new terminal
-- cd orcid-member-services/discovery-service/
-- Run `bash mvnw`
-- Wait for it to start
-- Verify it has started properly. Go to http://localhost:8761/#/ and sign in with `admin`, password `admin`
-
-
-## Start the user service
-
-Our user service, based on [JHipster UAA](https://www.jhipster.tech/using-uaa/), is the service we use to secure our member services app. We also use it for all user based functionality.
+### Start the user service
 
 > **IMPORTANT!** For running locally without an email server connected, disable mail health check for oauth2-services before starting. Edit [oauth2-service/src/main/resources/config/application.yml](https://github.com/ORCID/orcid-member-services/blob/master/oauth2-service/src/main/resources/config/application.yml#L60) and set health - mail - enabled to false.
 
-- Open a new terminal
-- cd orcid-member-services/user-service/
-- Run `bash mvnw`
-- Wait for it to start
+```bash
+cd user-service-2
+./mvnw
+```
+
+### Start the Angular frontend
+
+```bash
+cd ui-2
+ng serve
+```
+
+### Start the assertion service
+
+```bash
+cd assertion-service-2
+./mvnw
+```
+
+### Start the member service
+
+```bash
+cd member-service-2
+./mvnw
+```
+
+## Docker-based setup
+
+The project can also be run with Docker.
+
+### 1. Prepare environment variables
 
-## Start the gateway:
+Start from `.env.example`, copy it to `.env`, and fill in the values required for your environment.
 
-- Start MongoDB (e.g. `mongod --config /usr/local/etc/mongod.conf --fork`)
-- Open a new terminal
-- cd orcid-member-services/gateway/
-- Run `bash mvnw`
-- Wait for it to start
-- Go to [http://localhost:8080/](http://localhost:8080/) and sign in with the admin credentials `admin / admin`
+### 2. Build and start the stack
 
-## Start the Angular frontend
-- Open a new terminal 
-- cd orcid-member-services/ui
-- Run `ng serve`
-- Wait for it to start
+Use the provided script to build the Java services and start the containers:
 
-## Start the assertion service
+```bash
+./docker-build.sh
+```
 
-- Open a new terminal
-- cd orcid-member-services/assertion-service
-- Run `bash mvnw`
-- Wait for it to start
+This script:
+- builds the Java service JARs
+- runs `docker compose build`
+- starts the containers in detached mode
 
-## Start the member service
+### 3. Verify the services
 
-- Open a new terminal
-- cd orcid-member-services/member-service
-- Run `bash mvnw`
-- Wait for it to start
+After startup, check that the services are available through your configured Docker setup.
 
 ## Notes
 
-- As long as the jhipster-registry is running first, the starting order of the other services is not important. They can also be started concurrently.
+- Keep `.env` local and uncommitted.
+- `.env.example` should remain a safe template for new contributors.