--- logging: level: org: springframework: web: INFO app: coronawarn: INFO com: netflix: config: sources: URLConfigurationSource: ERROR services: distribution: # Infection threshold in percentage. infection-threshold: ${INFECTION_THRESHOLD:1} # The name of the distribution output file. output-file-name: index # The name of the distribution output file v2. output-file-name-v2: index-v2 # The number of days to retain diagnosis keys and trace time warnings for both database persistency layer and files stored on the object store. retention-days: 14 # The number of days to keep 'submisson_type' records in 'self_report_submissions' table. srs-type-statistics-days: ${SRS_TYPE_STATISTICS_DAYS:400} # The number of days for diagnosis keys (based upon submission timestamp) to publish on CDN. days-to-publish: ${DAYS_TO_PUBLISH:10} # The number of minutes that diagnosis keys must have been expired for (since the end of the rolling interval window) before they can be distributed. expiry-policy-minutes: 120 # The minimum number of diagnosis keys per bundle. shifting-policy-threshold: 140 # The maximum number of keys per bundle. maximum-number-of-keys-per-bundle: 600000 # Indicates whether the current incomplete day will be included in the distribution (used for testing purposes). include-incomplete-days: false # Indicates whether the current incomplete hour will be included in the distribution (used for testing purposes). include-incomplete-hours: false # The naming of the eu package that provides all keys in a single package. eu-package-name: EUR # Indicates whether the shifting and expiry policies are applied to all supported countries during distribution. apply-policies-for-all-countries: false card-id-sequence: ${STATS_CARD_ID_SEQUENCE:[13,12,999,10,2,8,9,1,3,4,5,6,11,7]} # Local paths, that are used during the export creation. connection-pool-size: 200 default-archive-name: export.bin # Minimum value allowed for the diagnosis keys TRLs. minimum-trl-value-allowed: ${MINIMUM_TRL_VALUE_ALLOWED:3} paths: # The output path. output: out # The location of the private key. privatekey: ${VAULT_FILESIGNING_SECRET} # Configuration for the exported archive, that is saved on the S3-compatible storage. tek-export: # The TEK file name included in the zip archive, containing the list of diagnosis keys. file-name: export.bin # The TEK file header. file-header: EK Export v1 # The fixed (ensured by right whitespace padding) TEK file header width. file-header-width: 16 # Configuration for the API which is used by the mobile app to query diagnosis keys. api: version-path: version version-v1: v1 version-v2: v2 country-path: country origin-country: ${ORIGIN_COUNTRY:DE} date-path: date hour-path: hour diagnosis-keys-path: diagnosis-keys trace-warnings-path: twp parameters-path: configuration app-config-file-name: app_config app-config-v2-android-file-name: app_config_android app-config-v2-ios-file-name: app_config_ios statistics-file-name: stats local-statistics-file-name: local_stats # Signature configuration, used for signing the exports. signature: # The alias with which to identify public key to be used for verification. verification-key-id: 262 # The key version for rollovers. verification-key-version: v1 # The ASN.1 OID for algorithm identifier. algorithm-oid: 1.2.840.10045.4.3.2 # The algorithm name. algorithm-name: SHA256withECDSA # The signature file name included in the zip archive. file-name: export.sig # The security provider. security-provider: BC # Configuration for the S3 compatible object storage hosted by Telekom in Germany. objectstore: access-key: ${CWA_OBJECTSTORE_ACCESSKEY:accessKey1} secret-key: ${CWA_OBJECTSTORE_SECRETKEY:verySecretKey1} endpoint: ${CWA_OBJECTSTORE_ENDPOINT:http://localhost} bucket: ${CWA_OBJECTSTORE_BUCKET:cwa} port: ${CWA_OBJECTSTORE_PORT:8003} # Indicates whether the S3 Access Control List (ACL) header should be set to 'public-read' on put object. set-public-read-acl-on-put-object: true # The number of maximum retry attempts used for configuring Spring @Retryable annotation. retry-attempts: 3 # The backoff period in milliseconds used for configuring Spring @Retryable annotation. retry-backoff: 2000 # The maximum number of failed operations before giving up. max-number-of-failed-operations: 5 # The ThreadPoolTaskExecutor's maximum thread pool size. max-number-of-s3-threads: 4 # Allows distribution to overwrite files which are published on the object store force-update-keyfiles: ${FORCE_UPDATE_KEYFILES:false} # The number of days to retain hourly diagnosis keys file in S3. Database entries are still managed by the standard retention policy. hour-file-retention-days: 2 # Configuration for the publishing of app statistics statistics: statistic-path: ${STATISTICS_FILE_NAME:json/v1/cwa_reporting_public_data.json} local-statistic-path: ${LOCAL_STATISTICS_FILE_NAME:json/v1/cwa_reporting_public_data_region.json} access-key: ${STATISTICS_FILE_ACCESS_KEY_ID:} secret-key: ${STATISTICS_FILE_SECRET_ACCESS_KEY:} endpoint: ${STATISTICS_FILE_S3_ENDPOINT:} bucket: ${STATISTICS_FILE_S3_BUCKET:obs-cwa-public-dev} pandemic-radar-url: ${STATISTICS_PANDEMIC_RADAR_URL:https://www.rki.de/DE/Content/InfAZ/N/Neuartiges_Coronavirus/Situationsberichte/COVID-19-Trends/COVID-19-Trends.html?__blob=publicationFile#/home} pandemic-radar-bmg-url: ${STATISTICS_PANDEMIC_RADAR_BMG_URL:https://corona-pandemieradar.de/:lang} app-features: - label: unencrypted-checkins-enabled value: ${EVREG_UNENCRYPTED_CHECKINS_ENABLED:0} - label: validation-service-android-min-version-code value: ${VALIDATION_SERVICE_ANDROID_MIN_VERSION_CODE:0} - label: validation-service-ios-min-version-major value: ${VALIDATION_SERVICE_IOS_MIN_VERSION_MAJOR:0} - label: validation-service-ios-min-version-minor value: ${VALIDATION_SERVICE_IOS_MIN_VERSION_MINOR:0} - label: validation-service-ios-min-version-patch value: ${VALIDATION_SERVICE_IOS_MIN_VERSION_PATCH:0} - label: dcc-person-count-max value: ${DCC_PERSON_COUNT_MAX:20} - label: dcc-person-warn-threshold value: ${DCC_PERSON_WARN_THRESHOLD:4} - label: dcc-admission-check-scenarios-enabled value: ${DCC_ADMISSION_CHECK_SCENARIOS_ENABLED:0} supported-countries: ${SUPPORTED_COUNTRIES} app-versions: latest-ios: ${IOS_LATEST_VERSION:1.5.3} min-ios: ${IOS_MIN_VERSION:1.5.3} latest-android: ${ANDROID_LATEST_VERSION:1.0.4} min-android: ${ANDROID_MIN_VERSION:1.0.4} # With ENF v2 Android apps are versioned by Version Code and not by Semantic Versioning min-android-version-code: ${ANDROID_MIN_VERSION_CODE:31} latest-android-version-code: ${ANDROID_LATEST_VERSION_CODE:31} app-config-parameters: dgcParameters: testCertificateParameters: # validation rule for waitAfterPublicKeyRegistrationInSeconds: # * must be a number # * >= 0 # * <= 60 waitAfterPublicKeyRegistrationInSeconds: ${DGC_TC_WAIT_AFTER_PUBLIC_KEY_REGISTRATION_IN_SECONDS:10} # validation rule for waitForRetryInSeconds: # * must be a number # * >= 0 # * <= 60 waitForRetryInSeconds: ${DGC_TC_WAIT_FOR_RETRY_IN_SECONDS:10} expiration-threshold-in-days: ${DGC_EXPIRATION_THRESHOLD_IN_DAYS:27} block-list-parameters: # the value shall be parsed as a JSON string to # generate the individual items, e.g. # '[{"indices":[0],"hash":"9B09CAFEC0A6808411C348880C9C2D920646DFB980B5C959DC6EBF8A19B98120","validFrom":1636040446},{"indices":[0,2],"hash":"7D5D5B336E903086D64D1207EC6E957A4B1301026699011026F84A5156317C2B","validFrom":1638369640}]' # note that `hash` shall be parsed from a hex string to a byte sequence blocked-uvci-chunks: ${DGC_BLOCKED_UVCI_CHUNKS:[]} ios-dgc-reissue-service-public-key-digest: ${IOS_DGC_REISSUE_SERVICE_PUBLIC_KEY_DIGEST:} android-dgc-reissue-service-public-key-digest: ${ANDROID_DGC_REISSUE_SERVICE_PUBLIC_KEY_DIGEST:} ios-key-download-parameters: revoked-day-packages: ${KEY_DOWNLOAD_REVOKED_DAY_PACKAGES:[]} revoked-hour-packages: ${KEY_DOWNLOAD_REVOKED_HOUR_PACKAGES:[]} android-key-download-parameters: revoked-day-packages: ${KEY_DOWNLOAD_REVOKED_DAY_PACKAGES:[]} revoked-hour-packages: ${KEY_DOWNLOAD_REVOKED_HOUR_PACKAGES:[]} download-timeout-in-seconds: ${ANDROID_KEY_DOWNLOAD_DOWNLOAD_TIMEOUT_IN_SECONDS:60} overall-timeout-in-seconds: ${ANDROID_KEY_DOWNLOAD_OVERALL_TIMEOUT_IN_SECONDS:480} ios-exposure-detection-parameters: max-exposure-detections-per-interval: ${IOS_EXPOSURE_DETECTION_MAX_ED_PER_INTERVAL:6} android-exposure-detection-parameters: max-exposure-detections-per-interval: ${ANDROID_EXPOSURE_DETECTION_MAX_ED_PER_INTERVAL:6} overall-timeout-in-seconds: ${ANDROID_EXPOSURE_DETECTION_OVERALL_TIMEOUT_IN_SECONDS:900} ios-event-driven-user-survey-parameters: otp-query-parameter-name: ${EDUS_OTP_QUERY_PARAMETER_NAME:otp} survey-on-high-risk-enabled: ${EDUS_SURVEY_ON_HIGH_RISK_ENABLED:true} survey-on-high-risk-url: ${EDUS_SURVEY_ON_HIGH_RISK_URL:https://befragungen.rki.de/CWABasisbefragung} android-event-driven-user-survey-parameters: otp-query-parameter-name: ${EDUS_OTP_QUERY_PARAMETER_NAME:otp} survey-on-high-risk-enabled: ${EDUS_SURVEY_ON_HIGH_RISK_ENABLED:false} survey-on-high-risk-url: ${EDUS_SURVEY_ON_HIGH_RISK_URL:https://befragungen.rki.de/CWABasisbefragung} require-basic-integrity: ${EDUS_PPAC_REQUIRE_BASIC_INTEGRITY:true} require-cts-profile-match: ${EDUS_PPAC_REQUIRE_CTS_PROFILE_MATCH:true} require-evaluation-type-basic: ${EDUS_PPAC_REQUIRE_EVALUATION_TYPE_BASIC:false} require-evaluation-type-hardware-backed: ${EDUS_PPAC_REQUIRE_EVALUATION_TYPE_HARDWARE_BACKED:true} ios-privacy-preserving-analytics-parameters: probability-to-submit: ${PPA_PROBABILITY_TO_SUBMT:1} probability-to-submit-exposure-windows: ${PPA_PROBABILOITY_TO_SUBMIT_EXPOSURE_WINDOWS:1} hours-since-test-registration-to-submit-test-result-metadata: ${PPA_HOURS_SINCE_TEST_RESULT_TO_SUBMIT_KEY_RESULT_METADATA:165} hours-since-test-to-submit-key-submission-metadata: ${PPA_HOURS_SINCE_TEST_RESULT_TO_SUBMIT_KEY_SUBMISSION_METADATA:36} android-privacy-preserving-analytics-parameters: probability-to-submit: ${PPA_PROBABILITY_TO_SUBMT:1} probability-to-submit-exposure-windows: ${PPA_PROBABILOITY_TO_SUBMIT_EXPOSURE_WINDOWS:1} hours-since-test-registration-to-submit-test-result-metadata: ${PPA_HOURS_SINCE_TEST_RESULT_TO_SUBMIT_KEY_RESULT_METADATA:165} hours-since-test-to-submit-key-submission-metadata: ${PPA_HOURS_SINCE_TEST_RESULT_TO_SUBMIT_KEY_SUBMISSION_METADATA:36} require-basic-integrity: ${PPA_PPAC_REQUIRE_BASIC_INTEGRITY:false} require-cts-profile-match: ${PPA_PPAC_REQUIRE_CTS_PROFILE_MATCH:false} require-evaluation-type-basic: ${PPA_PPAC_REQUIRE_EVALUATION_TYPE_BASIC:false} require-evaluation-type-hardware-backed: ${PPA_PPAC_REQUIRE_EVALUATION_TYPE_HARDWARE_BACKED:false} srs-time-since-onboarding-in-hours: ${SRS_TIME_SINCE_ONBOARDING_IN_HOURS:48} srs-time-between-submissions-in-days: ${SRS_TIME_BETWEEN_SUBMISSIONS_IN_DAYS:90} android-srs-ppac-parameters: require-basic-integrity: ${SRS_PPAC_REQUIRE_BASIC_INTEGRITY:false} require-cts-profile-match: ${SRS_PPAC_REQUIRE_CTS_PROFILE_MATCH:false} require-evaluation-type-basic: ${SRS_PPAC_REQUIRE_EVALUATION_TYPE_BASIC:false} require-evaluation-type-hardware-backed: ${SRS_PPAC_REQUIRE_EVALUATION_TYPE_HARDWARE_BACKED:false} ios-qr-code-poster-template: published-archive-name: qr_code_poster_template_ios template: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_FILE:} offsetX: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_OFFSET_X:97} offsetY: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_OFFSET_Y:82} qr-code-side-length: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_QR_CODE_SIDE_LENGTH:400} description-text-box: offsetX: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_DESCRIPTION_OFFSET_X:80} offsetY: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_DESCRIPTION_OFFSET_Y:510} width: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_DESCRIPTION_WIDTH:420} height: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_DESCRIPTION_HEIGHT:15} fontSize: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_DESCRIPTION_FONT_SIZE:10} fontColor: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_DESCRIPTION_FONT_COLOR:#000000} address-text-box: offsetX: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_ADDRESS_OFFSET_X:80} offsetY: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_ADDRESS_OFFSET_Y:525} width: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_ADDRESS_WIDTH:420} height: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_ADDRESS_HEIGHT:15} fontSize: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_ADDRESS_FONT_SIZE:10} fontColor: ${EVREG_QR_CODE_POSTER_TEMPLATE_IOS_ADDRESS_FONT_COLOR:#000000} android-qr-code-poster-template: published-archive-name: qr_code_poster_template_android template: ${EVREG_QR_CODE_POSTER_TEMPLATE_ANDROID_FILE:} offsetX: ${EVREG_QR_CODE_POSTER_TEMPLATE_ANDROID_OFFSET_X:0.16} offsetY: ${EVREG_QR_CODE_POSTER_TEMPLATE_ANDROID_OFFSET_Y:0.095} qr-code-side-length: ${EVREG_QR_CODE_POSTER_TEMPLATE_ANDROID_QR_CODE_SIDE_LENGTH:1000} description-text-box: offsetX: ${EVREG_QR_CODE_POSTER_TEMPLATE_ANDROID_DESCRIPTION_OFFSET_X:0.132} offsetY: ${EVREG_QR_CODE_POSTER_TEMPLATE_ANDROID_DESCRIPTION_OFFSET_Y:0.61} width: ${EVREG_QR_CODE_POSTER_TEMPLATE_ANDROID_DESCRIPTION_WIDTH:100} height: ${EVREG_QR_CODE_POSTER_TEMPLATE_ANDROID_DESCRIPTION_HEIGHT:20} font-size: ${EVREG_QR_CODE_POSTER_TEMPLATE_ANDROID_DESCRIPTION_FONT_SIZE:10} font-color: ${EVREG_QR_CODE_POSTER_TEMPLATE_ANDROID_DESCRIPTION_FONT_COLOR:#000000} presence-tracing-parameters: qr-code-error-correction-level: ${EVREG_QR_CODE_ERROR_CORRECTION_LEVEL:0} plausible-deniability-parameters: probability-to-fake-check-ins-if-no-check-ins: ${EVREG_PROBABILITY_TO_FAKE_CHECK_INS_IF_NO_CHECK_INS:0} probability-to-fake-check-ins-if-some-check-ins: ${EVREG_PROBABILITY_TO_FAKE_CHECK_INS_IF_SOME_CHECK_INS:0.005} digital-green-certificate: mah-json-path: ${DIGITAL_GREEN_CERTIFICATE_MAH_JSON_PATH:} prophylaxis-json-path: ${DIGITAL_GREEN_CERTIFICATE_PROPHYLAXIS_JSON_PATH:} medicinal-products-json-path: ${DIGITAL_GREEN_CERTIFICATE_MEDICINAL_PRODUCTS_JSON_PATH:} disease-agent-targeted-path: ${DIGITAL_GREEN_CERTIFICATE_DISEASE_AGENT_TARGETED_JSON_PATH:} test-manf-path: ${DIGITAL_GREEN_CERTIFICATE_TEST_MANF_JSON_PATH:} test-result-path: ${DIGITAL_GREEN_CERTIFICATE_TEST_RESULT_JSON_PATH:} test-type-path: ${DIGITAL_GREEN_CERTIFICATE_TEST_TYPE_JSON_PATH:} dgc-directory: ${DIGITAL_GREEN_CERTIFICATE_DIRECTORY:ehn-dgc} valuesets-file-name: ${DIGITAL_GREEN_CERTIFICATE_VALUESETS_FILE_NAME:value-sets} supported-languages: ${DIGITAL_GREEN_CERTIFICATE_SUPPORTED_LANGUAGES:de, en, bg, pl, ro, tr, uk} booster-notification: ${BOOSTER_NOTIFICATION_DIRECTORY:booster-notification-rules} export-archive-name: ${DIGITAL_GREEN_CERTIFICATE_ARCHIVE_NAME:export.bin} allow-list: ${DCC_VALIDATION_SERVICE_ALLOWLIST} allow-list-signature: ${DCC_VALIDATION_SERVICE_ALLOWLIST_SIGNATURE} allow-list-certificate: ${DCC_VALIDATION_SERVICE_ALLOWLIST_CERTIFICATE} ccl-directory: ${COMMON_COVID_LOGIC:ccl} ccl-allow-list: ${CCL_ALLOW_LIST:CCL-DE-0001} dsc-client: public-key: ${DSC_PUBLIC_KEY:MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIxHvrv8jQx9OEzTZbsx1prQVQn/3ex0gMYf6GyaNBW0QKLMjrSDeN6HwSPM0QzhvhmyQUixl6l88A7Zpu5OWSw==} base-url: ${DSC_BASE_PATH:https://de.dscg.ubirch.com} dsc-list-path: ${DSC_LIST_PATH:/trustList/DSC/} ssl: trust-store: ${DSC_TRUST_STORE:../../docker-compose-test-secrets/dsc_truststore} trust-store-password: ${DSC_TRUST_STORE_PASSWORD:123456} client: public-key: ${DCC_PUBLIC_KEY:MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEnQmn1s+sTWqFPuRhqFRide7HD52SrsD01ZdX4cxN1r0pnZ0Zh7JNwZxmXlOQW5NDVlPdHq2QcD06gmP/10QizA==} retry-period: 2 max-retry-period: 5 max-retry-attempts: 2 base-url: ${BUSSINESS_RULES_BASE_PATH:https://distribution.dcc-rules.de/} country-list-path: ${BUSSINESS_RULES_COUNTRY_LIST_PATH:/countrylist} value-sets-path: ${BUSSINESS_RULES_VALUE_SETS_PATH:/valuesets} rules-path: ${BUSSINESS_RULES_RULES_PATH:/rules} bn-rules-path: ${BUSSINESS_RULES_BN_RULES_PATH:/bnrules} ccl-rules-path: ${COMMON_COVID_LOGIC:/cclrules} ssl: trust-store: ${DCC_TRUST_STORE:../../docker-compose-test-secrets/dcc_truststore} trust-store-password: ${DCC_TRUST_STORE_PASSWORD:123456} dcc-revocation: client: public-key: ${DCC_REVOCATION_LIST_PUBLIC_KEY:MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6Ft4aTjScTpsvY0tg2Lx0AK0Ih3Z2VKXnyBvoZxngB9cXmNtTg+Va3fY3QJduf+OXaWsE34xvMTIHxw+MpOLkw==} base-url: ${DCC_REV_BASE_PATH:https://de.crl.dscg.ubirch.com} ssl: trust-store: ${DCC_REV_TRUST_STORE:../../docker-compose-test-secrets/dcc_rev_truststore} trust-store-password: ${DCC_REV_TRUST_STORE_PASSWORD:testtest} retry-period: 2 max-retry-period: 5 max-retry-attempts: 2 dcc-list-path: /chunk.lst dcc-revocation-directory: dcc-rl certificate: ${DCC_REVOCATION_LIST_CERTIFICATE} spring: main: web-application-type: NONE # Postgres configuration flyway: enabled: true locations: classpath:/db/migration, classpath:/db/specific/{vendor} password: ${POSTGRESQL_PASSWORD_FLYWAY:local_setup_flyway} user: ${POSTGRESQL_USER_FLYWAY:local_setup_flyway} datasource: driver-class-name: org.postgresql.Driver url: jdbc:postgresql://${POSTGRESQL_SERVICE_HOST}:${POSTGRESQL_SERVICE_PORT}/${POSTGRESQL_DATABASE}?ssl=true&sslmode=verify-full&sslrootcert=${SSL_POSTGRES_CERTIFICATE_PATH}&sslcert=${SSL_DISTRIBUTION_CERTIFICATE_PATH}&sslkey=${SSL_DISTRIBUTION_PRIVATE_KEY_PATH} username: ${POSTGRESQL_USER_DISTRIBUTION:local_setup_distribution} password: ${POSTGRESQL_PASSWORD_DISTRIBUTION:local_setup_distribution}