Document runtime configuration for DC and CO#67
Conversation
Add per-state reference docs covering all runtime-configurable values, where each is currently set, and how values flow from GitHub through OpenTofu into the running ECS containers. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
The CO doc doesn't list OTP-related appsettings defaults like OtpRatLimitSettings and the EmailOtpSenderServiceSettings, etc. Since these are in appsettings.json, they'd be set in CO but I don't know if they should documented there? Are we not using Otp in CO? |
|
Should the appsettings documentation include IdProofingRequirements? |
spokenbird
left a comment
spokenbird
left a comment
There was a problem hiding this comment.
Mostly looks good with some minor nits / cleanup and open questions.
| | 21 | `NEXT_PUBLIC_STATE` | No | `co` | State code exposed to browser JS | | ||
| | 22 | `STATE` | No | `co` | State code | | ||
| | | **Application Defaults (from `appsettings.json`, overridable at runtime)** | | | | | ||
| | 23 | `EnrollmentCheckRateLimitSettings:PermitLimit` | No | `10` | Max enrollment checks per rate limit window | |
There was a problem hiding this comment.
I can't find any references to EnrollmentCheckRateLimitSettings:PermitLimit or EnrollmentCheckRateLimitSettings:WindowMinutes in the appsettings.json or anywhere else in the codebase. This may be hallucinated? Same for DC.
There was a problem hiding this comment.
Not hallucinated, but from pending, work-in-progress changes to appsettings.json that I didn't stage here. Whoops. I'll get that cleaned up.
| | 21 | `NEXT_PUBLIC_STATE` | No | `dc` | State code exposed to browser JS | | ||
| | 22 | `STATE` | No | `dc` | State code | | ||
| | | **Application Defaults (from `appsettings.json`, overridable at runtime)** | | | | | ||
| | 23 | `EmailOtpSenderServiceSettings:ExpiryMinutes` | No | `10` | OTP code expiry (minutes) | |
There was a problem hiding this comment.
These email configs are missing EmailOtpSenderServiceSettings:StateName which is set to DC SUN Bucks for DC.
|
|
||
| **Set by OpenTofu in the ECS task definition** (defined in `tofu/modules/sebt_application/main.tf`): `ASPNETCORE_ENVIRONMENT`, `DB_HOST`, `DB_NAME`, `DB_PORT`, `EmailOtpSenderServiceSettings__SenderEmail`, `PluginAssemblyPaths__0`, `Seeding__EmailPattern`, `Seeding__Enabled`, `SmtpClientSettings__EnableSsl`, `SmtpClientSettings__SmtpPort`, `SmtpClientSettings__SmtpServer`, `STATE`. For the Web container: `BACKEND_URL`, `NEXT_PUBLIC_API_BASE_URL`, `NEXT_PUBLIC_STATE`, `STATE`. | ||
|
|
||
| **Injected from AWS Secrets Manager at container start** (referenced in the ECS task definition): `DB_PASSWORD`, `DB_USER`, `IdentifierHasher__SecretKey`, `JwtSettings__SecretKey`, `SmtpClientSettings__Password`, `SmtpClientSettings__UserName`. |
There was a problem hiding this comment.
For IdentifierHasher__SecretKey and JwtSettings__SecretKey these were manually generated using openssl rand -base64 48 and then manually entered into Secrets Manager. We should probably document that here to clarify that for those values it was a manual process.
| Once the container starts, the .NET application loads configuration providers in this order (later providers override earlier ones): | ||
|
|
||
| 1. `appsettings.json` — static defaults baked into the Docker image (JWT settings, rate limits, email templates, feature flags) | ||
| 2. Environment variables — the values injected by ECS from the task definition; these override `appsettings.json` defaults |
There was a problem hiding this comment.
Should this list include appsettings.{ASPNETCORE_ENVIRONMENT}.json (builder default, e.g. appsettings.Development.json) ?
2 participants
Summary
docs/configuration/) covering all runtime-configurable values for the DC and CO environmentsTest plan
🤖 Generated with Claude Code