Environment Variables Reference
This document outlines the environment variables used in the Teydex KYC project, along with their default values, example values, and descriptions.
Security
-
SECRET_KEY
-
Default: None
-
Example: (must be overridden in production)
-
Description: Secret key used for cryptographic signing. Should be generated once using:
from django.core.management.utils import get_random_secret_key
get_random_secret_key()and never changed after deployment.
-
-
ALLOWED_HOSTS
- Default:
[*] - Example:
* - Description: List of hosts allowed to access the application.
*allows all hosts (not recommended for production). Use comma-separated values likeexample.com,www.example.comfor secure deployments.
- Default:
-
TRUSTED_ORIGINS
- Default:
[] - Example:
https://example.com,http://localhost:8000 - Description: Trusted origins for CSRF and CORS. Must include full scheme (e.g.,
https://). Do not use wildcards like*; each origin must be explicit.
- Default:
-
SECURE_SSL_REDIRECT
- Default:
True - Description: Redirects all HTTP requests to HTTPS.
- Default:
Storage
-
DEFAULT_STORAGE_BACKEND
- Default:
django.core.files.storage.FileSystemStorage - Example:
storages.backends.ftp.FTPStorage - Description: Storage backend for handling uploaded files. Supported backends include FileSystem, S3, LibCloud, Azure Storage, MinIO, Dropbox, FTP, SFTP, and Google Cloud. Consult Innovance KYC team if unsure which to use.
- Default:
-
DEFAULT_STORAGE_OPTIONS
- Default:
{} - Example:
location=ftp://...;allow_overwrite=0 - Description: Options specific to the selected storage backend. Format is semicolon-separated. Contact Innovance KYC for backend-specific fields.
- Default:
-
MEDIA_ROOT
- Default:
"" - Example:
/data - Description: Filesystem path where media files will be stored. Only applies when using FileSystemStorage.
- Default:
Email
-
DEFAULT_FROM_EMAIL
- Default:
webmaster@localhost - Example:
application@test-domain.com - Description: Default email address used for sending system messages.
- Default:
-
EMAIL_CONF
- Default:
consolemail:// - Example:
smtp://user:password@localhost:25 - Description: Email backend configuration string. Uses Django-environ email URL format. See email URL format docs or contact Innovance KYC for help.
- Default:
Django Environment
-
DATABASE_URL
- Default: (none)
- Example:
postgres://username:password@hostname:port/database - Description: Full PostgreSQL connection URL.
-
CACHE_URL
- Default:
locmemcache:// - Example:
redis://username:password@localhost:6379/0 - Description: URL of the caching backend.
- Default:
JWT Authentication
-
ACCESS_TOKEN_LIFETIME
- Default:
3600(1 hour) - Example:
3600 - Description: Duration (in seconds) for access token validity.
- Default:
-
REFRESH_TOKEN_LIFETIME
- Default:
86400(24 hours) - Example:
86400 - Description: Duration (in seconds) for refresh token validity.
- Default:
Celery
-
CELERY_BROKER_URL
- Default:
"" - Example:
amqp://username:password@hostname:port/virtual_host - Description: URL to the Celery message broker. See Celery broker documentation or contact Innovance KYC for setup support.
- Default:
-
CELERY_RESULT_BACKEND
- Default:
None - Description: Backend for storing Celery task results. Disabled by default. See Celery result backends for more.
- Default:
LDAP Integration
LDAP authentication can be configured for enterprise environments using the following environment variables:
-
AUTH_LDAP_SERVER_URI
- Default:
None - Example:
ldap://localhost:389 - Description: LDAP server endpoint URL. The application connects to this server for user authentication and directory lookups.
- Default:
-
AUTH_LDAP_USER_SEARCH_BASE
- Default:
None - Example:
ou=users,dc=mycompany,dc=local - Description: Organizational unit where user accounts are stored in the LDAP directory.
- Default:
-
AUTH_LDAP_USER_SEARCH_FILTER
- Default:
None - Example:
(uid=%(user)s) - Description: LDAP filter pattern to locate specific user accounts. Uses
%(user)splaceholder for the username.
- Default:
-
AUTH_LDAP_GROUP_SEARCH_BASE
- Default:
None - Example:
ou=groups,dc=mycompany,dc=local - Description: Organizational unit where groups are stored in the LDAP directory.
- Default:
-
AUTH_LDAP_USER_ATTR_MAP
- Default:
first_name=givenName,last_name=sn,email=mail - Example:
first_name=givenName,last_name=sn,email=mail,username=uid - Description: Maps LDAP attributes to application user fields. Format:
application_field=ldap_attribute(left side = application field, right side = LDAP attribute). Available application fields:username,first_name,last_name,email,is_active,is_staff,is_superuser
- Default:
-
AUTH_LDAP_GROUP_TO_USER_TYPE_MAP
- Default:
{} - Example:
admin=administrator,managers=customer_representative_manager,customer-reps=customer_representative,read-only-users=read_only - Description: Maps LDAP groups to application user roles. Format:
ldap_group_name=application_role(left side = LDAP group name, right side = application role). Available application roles:api_user: API Userread_only: Read-Only (default role)administrator: Administratorcustomer_representative: Customer Representativecustomer_representative_manager: Customer Representative Manager
- Default:
-
AUTH_LDAP_BIND_DN
- Default:
cn=admin,dc=mycompany,dc=local - Example:
cn=admin,dc=mycompany,dc=local - Description: Distinguished name of the LDAP user account used to bind and search the directory.
- Default:
-
AUTH_LDAP_BIND_PASSWORD
- Default:
admin - Example:
MySecurePassword123 - Description: Password for the LDAP bind user account.
- Default:
How LDAP Authentication Works
- User Login: User provides credentials through the application login form
- Directory Search: Application searches for the user in LDAP using
AUTH_LDAP_USER_SEARCH_BASEandAUTH_LDAP_USER_SEARCH_FILTER - Authentication: If user exists, application attempts to bind (authenticate) with the provided password
- Attribute Mapping: Upon successful authentication, user attributes are retrieved and mapped using
AUTH_LDAP_USER_ATTR_MAP - Group Authorization: User's group memberships are retrieved from
AUTH_LDAP_GROUP_SEARCH_BASEand mapped to application roles usingAUTH_LDAP_GROUP_TO_USER_TYPE_MAP - Session Creation: Local user session is created with appropriate permissions based on mapped roles
This integration enables centralized user management while maintaining role-based access control within the application.
External Services
Licenser
-
LICENSE_KEY
- Default:
None - Example:
0DEFDC29-90D4-4059-A402-511427F14FAB - Description: Product license key.
- Default:
-
LICENSE_TOKEN
- Default:
None - Example:
5PvGecy... - Description: Authentication token for license validation.
- Default:
-
LICENSE_PUBLIC_KEY
- Default:
None - Example:
/public-key/itself/or/directory/to/license.pub - Description: Path to the public key used for validating the license.
- Default:
Havelsan KYC
-
HAVELSAN_KYC_CLIENT_CONF
- Default:
base_url= - Example:
base_url=https://1.0.0.0:8443 - Description: Flat dictionary string for configuring the Havelsan KYC client.
- Default:
Assistbox
-
ASSISTBOX_CLIENT_CONF
-
Default:
base_url=https://example.com;admin_user_id=admin.id;api_username=my-user;api_password=MySecurePass123!;api_key=MyApiKey123456789;company_id=1234 -
Example:
base_url=https://example.com;admin_user_id=admin.id;api_username=my-user;api_password=MySecurePass123!;api_key=MyApiKey123456789;company_id=1234 -
Description: Configuration for Assistbox integration. Flat key-value pairs separated by semicolons.
-
Web URLs
-
WEB_APPLICATION_BASE_URL
- Default:
https://online-kyc-web-dev.k8s.innovance.com.tr - Example:
https://online-kyc-web-dev.k8s.innovance.com.tr - Description: Base URL of the frontend web application.
- Default:
Miscellaneous
-
EXPOSE_PROJECT_API
- Default:
False - Example:
false - Description: Enables DRF’s browsable API interface. Should be
falsein production environments.
- Default: