rir-updater/config.example.yaml at main · mozilla-it/rir-updater · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# rir-updater example configuration
#
# All three registry sections are optional — include only the ones you use.
# Credential values are 1Password references (op://vault/item/field).
# Run `op signin` before using this tool.

ripe:
  maintainer: "MAINT-AS12345"
  credentials:
    db_username: "op://vault/item/username"
    db_password: "op://vault/item/password"
    rpki_api_key: "op://vault/item/rpki-api-key"
    # Optional: separate credentials for the RIPE test DB (apps-test.db.ripe.net).
    # If omitted, the production credentials above are used in test mode.
    test_db_username: "op://vault/item/test-username"
    test_db_password: "op://vault/item/test-password"
  # SSO emails are added as auth entries on the test mntner when running --setup-test.
  sso_emails:
    - "admin@example.com"
  routes:
    - prefix: "192.0.2.0/24"
      origin: "AS12345"
      description: "Example IPv4 prefix"
    - prefix: "2001:db8::/32"
      origin: "AS12345"
      description: "Example IPv6 prefix"
    # Set delete: true to remove an object from the registry instead of syncing it.
    # When RADb mirroring is configured, deletions cascade to RADb automatically.
    # - prefix: "198.51.100.0/24"
    #   origin: "AS12345"
    #   delete: true
  roas:
    - prefix: "192.0.2.0/24"
      origin: "AS12345"
      max_length: 24  # exact-match only; omit to default to the prefix length
    - prefix: "2001:db8::/32"
      origin: "AS12345"
      max_length: 48  # allows more-specific announcements up to /48

arin:
  org_handle: "EXAMPLEORG-1"
  credentials:
    api_key: "op://vault/item/arin-api-key"
    # Optional: OTE API key for testing against reg.ote.arin.net.
    # If omitted, the production key above is used in test mode.
    test_api_key: "op://vault/item/arin-ote-api-key"
  routes:
    - prefix: "192.0.2.0/24"
      origin: "AS12345"
      description: "Example IPv4 prefix"
    - prefix: "2001:db8::/32"
      origin: "AS12345"
      description: "Example IPv6 prefix"
  roas:
    - prefix: "192.0.2.0/24"
      origin: "AS12345"
      max_length: 24
    - prefix: "2001:db8::/32"
      origin: "AS12345"
      max_length: 32

# When a radb section is present, every RIPE and ARIN route change is
# automatically mirrored to RADb. Only list routes here that are not already
# covered by the ripe or arin sections above — duplicates are skipped.
radb:
  maintainer: "MAINT-AS12345"
  contact_email: "admin@example.com"
  credentials:
    portal_username: "op://vault/item/portal-username"
    portal_password: "op://vault/item/portal-password"
    mntner_password: "op://vault/item/mntner-password"
  # Routes only managed in RADb (not present in the ripe or arin sections above).
  routes:
    - prefix: "203.0.113.0/24"
      origin: "AS12345"
      description: "RADb-only prefix"