Environment variables

Viewing values

Some of the variables are exposed in Region Dashboard in Django admin of the given environment or region. This list is intentionally short to avoid the risk of exposing any sensitive data. The whitelist of variables can be updated in EnvironmentVariableTable.

Listing all set values is only possible with shell access to the environment (e.g. docker container) by running env command.

Setting variables

Environment variables can be set by any of the following methods:

• create .env file in the project’s root directory.

• If using docker-compose you can simply add the variable to docker-compose.yaml

  Important

  If you’re changing the variable for testing, do not commit this change

• create global variable using export, for example:

  export LANGUAGE_CODE=es
  

• prepend variable name to runserver command:

  LANGUAGE_CODE=es python manage.py runserver
  

• in kubernetes deployment, shared variables are stored in kubernetes/setup/config.yaml and individual pods/deployment can have their own set of variables.

See also

For web server configuration, visit WSGI server configuration.

Global variables

USE_STATIC_JS_CATALOG

Whether to use pre-compiled JS translations stored in static files. This enables the optimization implemented in Task #32241. The files are generated with generate_static_js_translations command.

If set to disabled, or translation file is missing, the request will still be directored to the Django’s JavaScriptCatalog view. This is slower than serving it as a static file.

Defalut:

True

BULK_DELETE_CHUNK_SIZE

Number of objects to delete at a time when deleting large number of objects from database. This setting sets the default chunk_size value for bulk_delete().

Default:

1000

DEFAULT_ITERATOR_CHUNK_SIZE

Number of objects to iterate at a time when evaluating objects from a queryset using .iterator() method.

Default:

500

DEFAULT_PAGE_SIZE

Default number of items per page in paginated list views

Default:

50

CONFIG_ERROR_REPORT_EMAIL

E-mail address where ConfigurationError errors will be reported to if object was not edited by staff members.

CONFIG_ERROR_REPORT_RATE_LIMIT_HOURS

Rate-limits how often (in hours) the error will be reported to avoid spam for config errors that occur frequently. The error reports are triggered every time they occur, but if this value is set to non-zero, further e-mails will be suppressed for the same error message.

Default:

24

RERAISE_EXCEPTIONS

Whether exceptions should be re-raised instead of being caught and turned into user-friendly error messages. Enable this option for debugging if you need to get more detailed stack trace.

Default:

False

SHOW_JS_ERRORS

Whether to show an alert message whenever js errors are encountered. Use this in development / testing to bring attention to errors in console.

Default:

False

DISABLE_DEBUG_TOOLBAR

Whether to disable Django Debug Toolbar. The toolbar is only shown when running in debug mode. But if it’s not desired even then, this setting can disable it.

Default:

False

DEBUG_TOOLBAR_SHOW_COLLAPSED

Whether the toolbar will be collapsed by default.

Default:

True

DEBUG_TOOLBAR_UPDATE_ON_FETCH

This controls whether the toolbar should update to the latest AJAX request when it occurs. This is especially useful when using htmx boosting or similar JavaScript techniques.

Default:

False

DEBUG_TOOLBAR_STORE_CLASS

The path to the class to be used for storing the toolbar’s data per request.

Available store classes:

debug_toolbar.store.MemoryStore - Stores data in memory

debug_toolbar.store.DatabaseStore - Stores data in the database

The DatabaseStore provides persistence and automatically cleans up old entries based on the RESULTS_CACHE_SIZE setting.

Default:

debug_toolbar.store.MemoryStore

VALIDATE_PERMISSIONS

Whether calls to has_perm should validate that permission string is correct.

Note

This option can slow down the page load times so it is always disabled in production.

Default:

True (in development)

POSTGRES_HOST

Database (Postgres) server address

Default:

"localhost"

POSTGRES_PORT

Database (Postgres) port

Default:

5432

POSTGRES_DB

Database name

Default:

"megforms"

POSTGRES_USER

Database username

Default:

"megforms"

POSTGRES_PASSWORD

Database password

Default:

"password"

TEST_DB_NAME

Database name for testing. Analogue to POSTGRES_DB but used only when running tests.

Default:

"test_megforms"

TEST_DB_MIGRATE

Whether tests should use migrations. When enabled, database will be set-up using migrations (including any data migrations) which take longer but result in a more throrough test. When disabled, the test database is setup by creating tables directly from models which is much faster.

Default:

False

POSTGRES_SSL_MODE

Sets Postress connection SSL mode. Should be set to require or higher when in production.

Default:

"prefer"

POSTGRES_DISABLE_SERVER_SIDE_CURSORS

Disables server-side cursors

See also

See DISABLE_SERVER_SIDE_CURSORS <https://docs.djangoproject.com/en/4.2/ref/settings/#disable-server-side-cursors> in django docs

Default:

False

READ_FROM_PRIMARY

When using database replicas, defines whether primary should be used for reads alongside replicas.

Default:

True

REPLICA_DATABASE_HOST

Define one or many replica hostnames (analogous to POSTGRES_HOST) if using Postgres replication.

Can be a single hostname, or a comma-separated list of hostnames. It is assumed that each replica’s port is the same as POSTGRES_PORT.

CONN_MAX_AGE

Lifetime of a database connection in second. A Django setting. Set to 0 to establish a new connection for each web request or None to keep connections open indefinitely.

https://docs.djangoproject.com/en/3.2/ref/settings/#conn-max-age

Default:

60 * 5 (5 min)

POSTGRES_CONNECT_TIMEOUT

Maximum time to wait while connecting, in seconds (write as a decimal integer, e.g., 10). Zero, negative, or not specified means wait indefinitely. The minimum allowed timeout is 2 seconds, therefore a value of 1 is interpreted as 2.

Default:

20

POSTGRES_KEEPALIVES

Controls whether client-side TCP keepalives are used. The default value is 1, meaning on.

Default:

POSTGRES_KEEPALIVES_IDLE

Controls the number of seconds of inactivity after which TCP should send a keepalive message to the server.

Default:

30

POSTGRES_KEEPALIVES_INTERVAL

Controls the number of seconds after which a TCP keepalive message that is not acknowledged by the server should be retransmitted.

Default:

5

POSTGRES_KEEPALIVES_COUNT

Controls the number of TCP keepalives that can be lost before the client’s connection to the server is considered dead.

Default:

5

TIME_ZONE

Name of the server’s timezone. This is used as the default timezone for all newly created institutions or users.

Default:

"Europe/Dublin"

LANGUAGE_CODE

Server’s default language This is used as the default language for all newly created institutions or users and as a fallback language for users who are not logged in.

Default:

"en-ie"

SITE_ID

Primary key of the main site object. Typically there’s only one site and has id 1.

Default:

1

SITE_DOMAIN

Domain name to populate the Site object with when resetting the database. The default value is suitable for development, but for staging and other hosting environments it needs to be updated with actual domain name (e.g. staging-alpha.azure.megsupporttools.com) for correct functioning of the site.

Default:

localhost:8000

REGION_NAME

Label or name of the region where the site is deployed to

REGION_LOGIN_FALLBACK

Whether to query downstream regions for username if user tries to login with an account not registered locally and not linked with any region. This is a legacy feature and is disabled by default.

Default:

False

MAINTENANCE_MODE

Enable maintenance mode to make it temporarily inaccessible to users.

Default:

False

DRAFT_SUBMIT_POLLING_FREQUENCY_SECONDS

When submitting document draft, determines how often front-end should refresh to check if document has been rendered (in seconds).

Default:

3

DRAFT_UPDATE_REVIEW

When document is in review, and changes are made to the draft, enabling this will trigger the review version to be updated with latest contents.

See also

DRAFT_REVISION_UPDATE_DELAY_SECONDS

Default:

True

DRAFT_REVISION_UPDATE_DELAY_SECONDS

Delay since saving draft version of a document, until the active document version in review is updated.

The delay serves to limit the rate at which pdf documents are created and version is updated. If a document is saved again within this delay window, the timer is re-started until such time that the user has not made any changes within given period.

Note

This has an effect only when DRAFT_UPDATE_REVIEW is set.

Default:

2 * 60 (2 minutes)

REDIS_DB_MUTEX

Selects which Redis database will be used for Mutex functionality.

Default:

2

DRAFT_EDIT_LOCK_TIMEOUT_MINUTES

When user locks document for editing, how long the lock should persist without being renewed before being automatically released.

This setting configures the feature implemented in Task #30777.

Setting this to 0 will disable the feature (documents will not lock for editing)

Default:

2

DRAFT_MAX_IMAGE_SIZE

Maximum image size (bytes) allows to attach to a document while editing

Default:

1_000_000

DRAFT_DISABLE_ATTACHMENTS

Whether to disable ability to attach images to documents

Default:

False

ENABLE_CKEDITOR_REVIEW

Whether to show document editor in review page to leave comments and make suggestions within the document itself while in review

A feature flag for Task #30690

Default:

True

TWILIO_ENABLED

Enable Twilio Text Messages and Calls

Default:

True

TWILIO_ACCOUNT_SID

Account id for Twilio (text messages)

TWILIO_AUTH_TOKEN

Authentication token for Twilio

TWILIO_CALLER_ID

Twilio caller id

CKEDITOR_PREMIUM_TOKEN

API key token for use with CKEditor 5 premium. Presence of this token enables CKEditor 5 editor. If the value is not set, a default open-source editor is used (e.g. Summernote)

A development token should be bundled with the project.

CKEDITOR_ENABLE_REVISION_HISTORY

Whether to enable RevisionHistory plugin in CKEditor added in Task #29912.

Default:

True

CKEDITOR_ENABLE_COMMENT_MENTIONS

Whether to enable “@mentions” within CKEditor comments.

Default:

True

CKEDITOR_ORGANISATION_ID

Organisation ID for CKEditor Rest API

CKEDITOR_ENVIRONMENT_ID

Environment ID for CKEditor Rest API

:default:97ar7FUZZretJHSGO-Ha

CKEDITOR_CLOUD_URL

Cloud URL for CKEditor Rest API

Default:

https://docx-converter.cke-cs.com/v2/convert/docx-html

CKEDITOR_API_BASE_URL

Base Url for CKEditor Rest API

Default:

https://120971.cke-cs.com/api/v5/97ar7FUZZretJHSGO-Ha

CKEDITOR_ACCESS_KEY

Access Key for CKEditor Rest API

CKEDITOR_AUTOSAVE_DELAY

How long to wait (in ms) before automatically saving changes entered into the CKEditor. If user keeps typing or making changes within that time, the editor will wait, and only auto-save if user hasn’t entered any changes.

Set this value to 0 to disable autosave.

See also

• Task #29983

• CKEditor AutosaveConfig documentation

Default:

3_000 (3 seconds)

SERVER_EMAIL

Address to send any crash reports to

Default:

'support@megit.com'

SUPPORT_EMAIL

Defines e-mail address for support team.

Default:

'support@megit.com'

DEFAULT_FROM_EMAIL

E-mail address used as “from” when sending any e-mails from the system

Default:

"MEG <support@megit.com>"

NO_REPLY_EMAIL

No reply e-mail address used as “from” when sending e-mails from the system

Default:

"MEG <noreply@megit.com>"

INBOUND_MAIL_DOMAIN

The domain name configured to receive inbound mail for this server.

The value should be a domain name without preceding “@” or “https”. For example: “eu.megit.com”

If set, this value is used to:

• validate ObservationEmailConfig configuration

• default value placeholder for “Sender e-mail address” field.

• Create a test ObservationEmailConfig configuration for test sites

MAIL_DOMAIN_VALIDATION

Whether to validate ObservationEmailConfig sender address domain’s SPF and MX records. When enabled, the model validation looks up DNS records to verify that the domain is pointed at Sendgrid, and it’s SPF record is set-up to allow SendGrid to send e-mails from that domain.

Note

This validation does not check DKIM record, so even if address passes validation, it is not guaranteed that e-mails will come through unless DKIM is also configured correctly.

Default:

True

ADMIN_EMAIL

If sending crash reports via e-mail, this address will receive them.

Default:

None

HPSC_EMAIL

E-mail address used for HPSC submissions

Default:

‘microb@hpsc.ie’

NOTIFY_SUPPORT_ABOUT_FAILED_SUBMISSIONS

Whether invalid form submissions should trigger an e-mail to support address defined in SUPPORT_EMAIL.

Default:

True

DATA_UPLOAD_MAX_MEMORY_SIZE

Maximum size of data (bytes) allowed to be POSTed to the server.

As per Task #21772, this value needs to be high enough to accommodate submission of large audits.

Default:

100 * 1024 * 1024

CACHE_TEMPLATES

Whether to enable template caching in development.

Django caches templates by default in production. This settings enables caching in development as well.

Default:

False

FULL_ACTION_AUDIT

Whether view actions should be logged alongside create/update/delete actions.

Default:

True

DEALER_TAG

Passes version number to the system so that it can be displayed at the bottom of the page and used for error reporting.

Default:

'-'

GENERATE_CHANGELOG

Whether to generate changelog when changelog page is accessed (requires GitPython module)

Default:

False

EMAIL_BACKEND

E-mail backend to use. SendGrid backend is used in production by default, while in development e-mails are printed out to console ('django.core.mail.backends.console.EmailBackend'). Use this setting to override the used backend.

Possible Backends:

1. 'sendgrid_backend.SendgridBackend'

2. 'django.core.mail.backends.smtp.EmailBackend'

3. 'django.core.mail.backends.console.EmailBackend'

Default:

'sendgrid_backend.SendgridBackend'

SENDGRID_API_KEY

API key for SendGrid. Used only when EMAIL_BACKEND is set to Sendgrid.

EMAIL_HOST

The host to use for sending email. This settings is used in conjunction with EMAIL_HOST_USER , EMAIL_PORT and other keys to send email via 'django.core.mail.backends.smtp.EmailBackend' backend.

Default:

'' (empty string)

EMAIL_PORT

Port to use for the SMTP server defined in EMAIL_HOST.

Default:

25

EMAIL_HOST_USER

Username to use for the SMTP server defined in EMAIL_HOST. If empty, Django won’t attempt authentication.

Default:

'' (empty string)

EMAIL_HOST_PASSWORD

Password to use for the SMTP server defined in EMAIL_HOST. This setting is used in conjunction with EMAIL_HOST_USER when authenticating to the SMTP server. If either of these settings is empty, Django won’t attempt authentication.

Default:

'' (empty string)

EMAIL_USE_TLS

Whether to use a TLS (secure) connection when talking to the SMTP server. This is used for explicit TLS connections, generally on port 587. If you are experiencing hanging connections, see the implicit TLS setting EMAIL_USE_SSL.

Default:

False

EMAIL_USE_SSL

Whether to use an implicit TLS (secure) connection when talking to the SMTP server. In most email documentation this type of TLS connection is referred to as SSL. It is generally used on port 465. If you are experiencing problems, see the explicit TLS setting EMAIL_USE_TLS.

Default:

False

EMAIL_TIMEOUT

Specifies a timeout in seconds for blocking operations like the connection attempt.

Default:

None

GOOGLE_ANALYTICS_ENABLED

Enable Google Analytics

Default:

True

GOOGLE_ANALYTICS_PROPERTY_ID

Property ID used for Google analytics

GOOGLE_ANALYTICS_SITE_SPEED

Whether Google Analytics should track site speed

Default:

True

GOOGLE_ANALYTICS_SITE_SPEED_SAMPLE_RATE

Sampling rate of site speed analytics

Default:

10

GOOGLE_ANALYTICS_ANONYMIZE_IP

Sampling rate of site speed analytics

Default:

True

GOOGLE_ANALYTICS_TRACKING_STYLE

Sampling rate of site speed analytics

API_LIMIT_PER_PAGE

Default page size for paginated API feeds. Can be overridden in most API views by the user by passing limit parameter up to the value defined in API_MAX_LIMIT_PER_PAGE.

Default:

100

API_MAX_LIMIT_PER_PAGE

Hard limit for API_LIMIT_PER_PAGE. Setting this to None removes the limit.

Default:

1000

TABLE_WIDGET_SIZE_LIMIT

Hard limit for number of items in table widgets when in full or collapsed view. If number of the items in the widget exceeds it, the table is truncated up to this many rows and a warning message is appended at the bottom. The count of items will still report the actual number of items even if it’s higher than the limit.

Set this value to 0 to disable the limit.

Default:

500

INFINITE_SCROLL_PAGE_SIZE

Number of rows to load per page when using infinite scrolling in answer table widget.

Default:

100

TRIAL_ERROR_ON_DAY

For trial institution users, defines at which day before the end of trial, the user will receive “error” message that trial is about to expire.

Default:

1

TRIAL_WARNING_ON_DAY

For trial institution users, defines at which day before the end of trial, the user will receive “warning” message that trial is about to expire.

Default:

7

CACHE_DURATION

Default cache timeout

Default:

60 * 5

CHANGELOG_VERSION_CACHE

How long to cache changelist for each version on changelog page. Changelist uses the default cache backend, and when expired, fetches task information from redmine api.

Default:

60 * 60 * 8

MAX_CACHE_ENTRIES

Maximum items to store in default cache

Default:

1_000_000

MAX_MEMCACHE_ENTRIES

Maximum items to store in local memory cache

Default:

100_000

FILTER_CACHE_TIMEOUT

How long to store filter form cache in back-end. The cache allows the user to to access dasboard with pre-set filters from url. Expiring cache means that the filter form does not load stored filters and resets to default.

Set to None to disable expiration, or a number of seconds to expire after given time.

Default:

60 * 60 * 24 * 7 (7 days)

REDIS_HOST

Server address for Redis .

When set, the system will use redis as default cache backend.

REDIS_PORT_NUMBER

Port number for redis server defined in REDIS_HOST.

Default:

6379

REDIS_CONNECTION_POOL_MAX_CONNECTIONS

Size of redis connection pool

Default:

50

REDIS_CONNECTION_POOL_TIMEOUT

How long to keep connections in the redis connection pool open

Default:

20

REDIS_IGNORE_EXCEPTIONS

Whether redis errors should raise to the top or be ignored.

Default:

True

REDIS_SOCKET_CONNECT_TIMEOUT

How long to wait for redis to accept connection and respond.

https://django-redis-cache.readthedocs.io/en/latest/advanced_configuration.html#socket-timeout-and-socket-create-timeout

Default:

5

REDIS_PASSWORD

Password for the redis server defined in REDIS_HOST.

CELERY_TASK_ALWAYS_EAGER

Whether celery tasks should run synchronously. Disable this when you have a messaging queue and celery worker setup.

Default:

True

CELERY_RESULT_EXPIRES

COMPLETED_TASK_RETENTION_DAYS

Number of days to retain completed once-off periodic tasks in the system before they are automatically removed. Tasks that have been completed and disabled for longer than this period will be deleted during maintenance operations, along with any orphaned clocked schedules.

Setting this value to 0 will disable the cleanup process entirely.

This setting is used by the cleanup_completed_periodic_tasks Celery task.

Default:

90 (90 days)

CELERY_LOG_LEVEL

Sets the default log level for celery. If changing it you will also need to change the handler log level to ensure that the messages aren’t filtered by the handler. You can change the log file level by updating LOGFILE_LOG_LEVEL or the console by updating CONSOLE_LOG_LEVEL

Default:

INFO

ONBOARDING_FOLLOWUP_DELAY

Delay since onboarding e-mail until the follow-up onboarding e-mail. Typically 14 days after registration; The e-mail is only sent if the user has not logged in to the system.

ASYNC_EMAILS

whether e-mails should send via celery, or synchronously.

Default:

True

CONVERT_AUDIO_TO_MP3

Whether to convert any audio notes to mp3 as soon as they’re uploaded

SAML_ENTITY_ID

Global entity ID for SAML authentication. This is typically the web domain.

Warning

Changing this value in production will break SAML authentication for all users.

Default:

'https://audits.megsupporttools.com/'

ONELOGIN_STRICT

Default:

True

ONELOGIN_DEBUG

Default:

False

SPEECH_TO_TEXT_KEY

API key for speech recognition Azure API

SPEECH_TO_TEXT_REGION

Azure region for speech to text functionality

Default:

'westeurope'

PASSWORD_HISTORY_COUNT

The number of historic passwords to check against when validating password uniqueness. 0 for unlimited. 1 for current only.

Default:

5

PASSWORD_RESET_TIMEOUT

Life of a token used for password reset requests

Default:

3 * 24 * 60 * 60

RECAPTCHA_SITE_KEY_PUBLIC_WEB

Public key used for reCAPTCHA

RECAPTCHA_SITE_KEY_PRIVATE_WEB

Private key used for reCAPTCHA

RECAPTCHA_COOKIE_MAX_AGE

Max age for cookie used for reCAPTCHA

Default:

3600

COUNTRIES_ONLY

Limit the country selection dropdown in institution to a subset of countries. This can be a single country code, or a comma-separated list of country codes. All countries are defined in Lib/site-packages/django_countries/data.py:COUNTRIES.

COUNTRIES_EXCLUDE

Exclude countries from Country dropdown in institution.

MESSAGING_PROTECTED

Determines if user messages will be hidden from django admin.

Default:

True

URBANAIRSHIP_APP_KEY

Urbanairship API token.

URBANAIRSHIP_MASTER_SECRET

Secret key used to send push messages

URBANAIRSHIP_LOCATION

Default:

'us'

MAX_SUBMISSION_LOG_DAYS

How long to keep audit submission logs after successful submission (in days). Old submission log entries will be removed

Default:

30 * 6 (~6 months)

ENABLE_ANALYTICS

Whether internal analytics should be enabled.

Default:

True

ANALYTICS_AGGREGATE

Whether Analytics entries should be aggregated/merged after time to save space

Default:

True

AUDIT_APP_URL

Client app url. This setting decides where “Launch App” button leads to.

Default:

'https://audit.app.megsupporttools.com/'

NUM_TEST_GROUPS

Default:

1

Divides unit tests into equal groups. When running tests, only one of the groups is ran, the one designated by TEST_GROUP.

Use this setting to run tests in parallel, by starting each process with the same NUM_TEST_GROUPS, and assign TEST_GROUP from 1 up to including the selected number of groups/processes.

Example setup for parallel test run

Process	NUM_TEST_GROUPS	TEST_GROUP
Process 1	3	1
Process 2	3	2
Process 3	3	3

Warning

It is important that for all tests to be accounted for and run, the number of groups is the same for each process, and each test group is assigned a process. Other than that, it does not matter if the proceses run in different machines or at different times.

Running tests with inconsistent number of groups can lead to some tests running more than once and some not running at all.

TEST_GROUP

Default:

1

Designates which group of tests to run. By default there is only one group, but when NUM_TEST_GROUPS is set to a higher number, this variable controls which group is executed by the current process. The value should be in range of 1 up to NUM_TEST_GROUPS (inclusive).

GITLAB_TEST_FORMATTING

Whether to format test results in a way that can be parsed by GitLab. This adds special formatting to collapse sections of the output when rendered in GitLab.

Default:

False

REDMINE_KEY

API key for redmine; used to fetch task descriptions for changelog by deploy_changelog management command. It may also be used other places, like the changelog page /changelog/.

REDMINE_URL

Base url for redmine, must end with a /. This base url is used within the project and its documentation to generate links the job tracker,

Default:

https://redmine.megit.com/

DEPLOYMENT_SLACK_WEBHOOK

webhook address for Slack to trigger slack message with changelog in deploy_changelog command.

DEPLOYMENT_SLACK_CHANNEL

Slack channel to send changelogs to. Used by deploy_changelog command.

LOADDATA_NUM_SESSIONS

Number of sessions to create when generating dummy data

Default:

10

LOADDATA_NUM_OBSERVATIONS

Number of observations to create when generating dummy data

Default:

15

TEST_ADMIN_EMAIL

E-mail address for the superuser when setting up database.

Default:

'support@megit.com'

TEST_ADMIN_USERNAME

Username for the superuser when setting up database.

Default:

'admin'

TEST_PASSWORD

Password for the superuser account when setting up database.

Default:

'password'

IS_DOWNSTREAM

Default:

False

When setting up the database, sets up current environment as an upstream or downstream region.

INSIGHTS_ENABLE_LIVE_METRICS

Whether to send Live Metrics to Azure Insights

Default:

False

INSIGHTS_CONNECTION_STRING

Connection string for Azure Insights. For example: InstrumentationKey={instrumentation-key};IngestionEndpoint=https://westeurope-3.in.applicationinsights.azure.com/;LiveEndpoint=https://westeurope.livediagnostics.monitor.azure.com/

TRACE_SQLITE_EXPORTER

Whether to write traces to an SQLite database file

Default:

False

TRACE_SQLITE_FILENAME

File name or path for SQLite trace exporter database if enabled with TRACE_SQLITE_EXPORTER. Leave it blank to generate a unique filename for each process. Populate with a filename to use the same database file - will work only when running server as a single process.

TRACE_LOGGING_EXPORTER

Enable trace exporter that writes to log. If other exporters are not enabled, writes traces to log stream.

Default:

False

INSIGHTS_SAMPLE_RATE

Default:

0.0

Sampling rate for Azure insights telemetry. Must be a value in range 0 <= rate <= 1. Setting this to a high value will incur additional traffic and data usage.

See also

The sample rate will be accounted for in in Azure Insights, by adding itemCount to each entry. See Sampling for more information.

INSIGHTS_PSQL_INTEGRATION

Whether to enable postgresql integration with Open Telemetry to report Postgres queries. Enabling this increases the amount of data being traced

Default:

True

INSIGHTS_REDIS_INTEGRATION

Whether to enable redis integration with Open Telemetry to report Redis queries. Enabling this increases the amount of data being traced

Default:

True

INSIGHTS_CELERY_INTEGRATION

Whether to enable Celery integration with Open Telemetry to report Celery tasks.

Default:

True

LOG_ERRORS

Whether to log crashes to a text file.

This is optional as errors are normally logged to Sentry, but may be required in some set-ups such as on-prem where it is not possible or desired.

By default “ERROR”-level entries are saved to the error file, but this can be changed using ERRORFILE_LOG_LEVEL.

Default:

False

ENABLE_MEMORY_TRACE

Whether to trace per-request memory use using MemoryUsageMiddleware.

Default:

False

LOG_INCOMING_REQUESTS

Whether to log username and url for all incoming requests. By default webserver logs request after it’s finished. This also logs the request before it’s server. Logging is implemented in TraceExtrasMiddleware.

Enable this option to troubleshoot incoming requests that cause OOM errors and outages before the request can be logged.

Default:

False

EMAIL_ERRORS

Whether to e-mail errors to addresses listed in settings.ADMINS.

Default:

False

LOGFILE_NAME

name of the logfile, without extension. If not provided, current hostname is used (e.g. “localhost”). Final filename will be prefixed with date (DATE-LOGFILE_NAME.log)

Default:

hostname

LOGFILE_LOG_LEVEL

log level used to filter log entries before writing to logfile.

Default:

‘DEBUG’

ERRORFILE_LOG_LEVEL

log level used to filter errors for error log file. This will work only if LOG_ERRORS is enabled.

You may want to set it to “WARNING” to catch celery task errors.

Default:

‘ERROR’

ESCALATE_ERRORS

Whether to escalate ERROR and CRITICAL log entries to an exception. This will rause LoggedErrorException any time an error entry is logged.

Default:

False

CONSOLE_LOG_LEVEL

log level used to filter log entries before outputting to console.

Default:

‘INFO’

CONSOLE_LOG_FORMAT

Format of log messages printed to console. Can be any of the values defined in settings.LOGGING.formatters, e.g simple or verbose.

Default:

‘simple’

ROOT_LOG_LEVEL

Default level of log entries to filter by for any loggers not defined in ‘loggers’ setting

Default:

‘INFO’

LOGFILE_MAX_BYTES

Number of bytes to write to a logfile before it’s rotated.

Leave default value to disable log rotation, enter value in bytes to rotate logs after file reaches the given size.

Default:

0

LOGFILE_BACKUP_COUNT

number of logfile rotations before old data is erased

Default:

9

BI_AGGREGATE

Default:

False

Whether business intelligence data should be aggregated or not. When enabled data is synced with the business intelligence mongodb database. See Business Intelligence for more information.

BI_DATABASE_URI

Default:

mongodb://admin:password@mongo:27017/

A connection URI for the BI database. This is used by pymongo to create a connection.

THUMBNAILS_JIT

Whether to create image thumbnails just-in-time. This enables the legacy behaviour that creates missing thumbnails while loading the page. This can slow down the page on pages with lots of images, as each image is verified and if it does not exist, it is generated while delaying the page load.

When disabled, the thumbnails are generated as soon as file is uploaded, but if generation fails for some reason, the thumbnail will have to be generated manually using ./manage.py generateimages

Enabling this option, uses CacheFileBackend and ImagekitCacheStrategy for managing thumbnail files. Disabling is uses Celery backend and Optimistic strategy.

Default:

True

IMAGEKIT_CACHE_TIMEOUT

Cache duration for thumbnail status cache. By default, uses the same value as CACHE_DURATION.

See also

ImageKit documentation: https://django-imagekit.readthedocs.io/en/latest/configuration.html

Default:

CACHE_DURATION

IMAGEKIT_CACHE_PREFIX

Cache prefix for thumbnail status cache

See also

ImageKit documentation: https://django-imagekit.readthedocs.io/en/latest/configuration.html

Default:

'imagekit:'

IMAGEKIT_SPEC_CACHEFILE_NAMER

Function responsible for naming cache files. The default value files.imagekit.source_name_as_obfuscated_path() is a legacy namer that has a known bug where file name is different for every python interpreter.

See also

ImageKit documentation: https://django-imagekit.readthedocs.io/en/latest/configuration.html

Possible values include:

imagekit.cachefiles.namers.hash
imagekit.cachefiles.namers.source_name_dot_hash
imagekit.cachefiles.namers.source_name_as_path
files.imagekit.source_name_as_obfuscated_path

Default:

'imagekit.cachefiles.namers.hash'

IMAGEKIT_CACHEFILE_DIR

Directory to keep thumbnail cache

See also

ImageKit documentation: https://django-imagekit.readthedocs.io/en/latest/configuration.html

Default:

'CACHE/images'

IMAGEKIT_GENERATE_THUMBNAILS_DAILY

Whether missing thumbnails should be generated nightly. Use this when THUMBNAILS_JIT is disabled to ensure there are no missing thumbnails.

Default:

False

USE_LAZY_WIDGETS

Whether dashboard widgets should be loaded lazily; i.e. dashboard/report page will load with widget placeholders, and each widget will load asynchronously by making a separate HTTP request.

This is enabled by default, but can be disabled for testing and troubleshooting.

Default:

True

STORE_SMS

Whether SMS messages should be stored in the database or not.

Default:

False

See SMS for more information.

SYNC_PERMS_ON_LOGIN

Whether to synchronize user’s permissions on login. This updates AuditorPermissionCache and FolderPermissionCache models that store compiled permissions, in case they have not been updated automatically.

Default:

True

SYNC_PERMS_ON_CHANGE

Whether to automatically sync permission cache whenever user permissions/access changes

Default:

True

PERM_UPDATE_BATCH_SIZE

Number of forms to update permissions for user within a single celery task. If user has access to more than this many forms, the permissions fill be processed in separate parallel jobs.

Default:

50

SYNC_PERMS_DELAY_SECS

Number of seconds to delay user permission cache update after triggered by model change. If there are subsequent changes during this delay, the job is delayed again, until after the last change. This helps reduce duplicate celery jobs when making changes that affect permissions.

Note

This works only when updating user’s global perms. Updating form permission is still triggered immediately.

Default:

0

LIVE_VIEWER_CACHE_TIMEOUT_SECONDS

Used in logic that determines the number of viewers currently viewing a page. Determines the timeout in seconds of the cache key for a page view. Once the cache key expires, it’s implied that the user is no longer viewing a page.

Note

This value should be higher than LIVE_VIEWER_REFRESH_INTERVAL_SECONDS.

Default:

0

LIVE_VIEWER_REFRESH_INTERVAL_SECONDS

Used in logic that determines the number of viewers currently viewing a page. Determines the interval in seconds the frontend should wait before querying the backend to get the current number of live viewers.

If this value is 0 the feature is disabled - live viewers will not be displayed or reported at all.

Note

This value should be lower than LIVE_VIEWER_CACHE_TIMEOUT_SECONDS.

Default:

Half of LIVE_VIEWER_CACHE_TIMEOUT_SECONDS value

SENTRY_DSN

DSN for error reporting

SENTRY_SAMPLE_RATE

Send a representative sample of your errors to Sentry

Default:

1.0

SENTRY_TRACES_SAMPLE_RATE

Sampling rate for performance reporting in Sentry

Default:

0.0

SKIP_DB_CREATION

Whether the setupdatabase.sh script should attempt to create the user (POSTGRES_USER), and then drop/re-create the database (POSTGRES_DB).

Creating database by script is useful when running the project locally against system-installed Postgres, but when running the project in docker containers, this is already handled by the postgres docker image, or managed postgres service.

This setting is set to 1 by default in the docker image. Otherwise, the variable is not set, and the script will attempt to create user and database.

EXPORT_EXPIRY_HOURS

Amount of time after which the exported file is deleted from server. Time is expressed in hours and starts when user initiates export.

Default:

24

EXPORT_RATE_LIMIT

How many pending exports the user can have at any given time. This prevents single user requesting too many export jobs and filling up the job queue

Default:

10

MEGDOCS_API_FILE_UPLOAD_MAX_SIZE

Max file size in bytes for file uploads to the Megdocs API.

Default:

1,048,576 (1mb)

MEGDOCS_WORD_IMPORT_ENABLE

Whether to enable importing MS Word documents as a MEG Docs draft.

See also

Drafting documents

Default:

True

SHOW_FORGOT_PASSWORD_LINK

Whether to show the forgot password link in the login page or not.

Default:

True

NOTIFICATIONS_LIST_ENABLED

Whether to show the notifications list in navbar or not.

Default:

True

PDF_PREVIEW_EXPIRY_MINS

How long to store PDF previews for document draft. After this time, the preview file is deleted.

Default:

30

MAX_DIFF_CONTENT_SIZE

Maximum number of characters (excluding formatting and html tags) document or draft content can have to compare differences. If either version (draft or published version) exceeds this limit, the diff option will not be able to show the differences.

The limit is imposed while diff is rendered on front-end can be increased after its optimized in Task #28334.

Default:

1_000_000

LLM_DOCUMENT_CHAT_CONTENT_CHAR_LIMIT

Maximum number of characters a document can have to use document AI chat.

If a document is over this limit then a user will see a warning message instead of the chat box.

Default:

100_000

API_KEY_STATUS_PROBE

API key to access the server stats endpoint. It can be appended to the url using api_key parameter: /api/server-status?api_key=API_KEY_STATUS_PROBE

Default:

A default key is set, but is not exposed in documentation

DEPLOYMENT_NOTE

A note that can be set during deployment to the site. It can be set by adding NOTE (simplified name) variable to the deployment job. Note is used for Staging Sites.

EXTENSIONS_MAX_UNIQUE_QUERY_ATTEMPTS

The max number of unique query attempts that can be made before raising an exception.

Default:

100

SLOW_QUERY_THRESHOLD_MS

Time duration after which an SQL query is considered “slow” (in milliseconds) in the database dashboard: /meg-admin/dashboard/database/.

See also

Listing slow queries in Admin Dashboard

Default:

1000

Compliance calculation settings

These variables control the compliance calculation celery jobs:

COMPLIANCE_BATCH_SIZE

Number of observations to calculate compliance for in a single batch in a celery job.

Decrease this value to limit how many observations a celery job can process a time. This will result in more jobs being created, but each job will complete faster and take up less memory.

Increasing value will reduce number of jobs, but the jobs will run for longer and may consume more memory.

Default:

200

SCHEMA_CHANGE_DELAY_MINS

Delay between form schema change and compliance re-calculation.

Larger delay addresses the issue of observation compliances being re-calculated multiple times when multiple changes are being made to schema. Adding a delay allows the user to continue editing the form, and compliance will be re-calculated only after the last change if the delay period has passed.

Each change to form schema resets the time.

Set this value to 0 to remove the delay and trigger compliance calculation as soon as each form change is saved.

Default:

30

NIGHTLY_COMPLIANCE_CHECK

Whether nightly jobs should trigger compliance calculation for observations without compliance data

Default:

True

SHOW_METADATA_FOOTER

Whether to show deployment details in the page footer beside version number. The details will include branch name, username, and date/time when the deployment was made. This can be enabled for staging sites, but should be disabled for production environments.

Default:

False

Deployment variables

The following variables are set by CI when deploying

CI_COMMIT_REF_NAME

Branch or tag name currently deployed

GITLAB_USER_LOGIN

User who triggered the deployment in CI

DEPLOY_DATETIME

Date and time of when last deployment took place

DATABASE_SETUP_AT

Date and time when database was last reset (staging site)

WSGI server configuration

The following environment variables are read by sh/wsgi.sh) to configure the webserver:

WSGI_PROCESSES

The number of worker processes (workers of the gunicorn application) to be started up and which will handle requests concurrently. Defaults to a single process.

Default:

1

WSGI_THREADS

The number of threads in the request thread pool of each process for handling requests.

Default:

10

WSGI_REQUEST_TIMEOUT

Maximum number of seconds allowed to pass before the worker process is forcibly shutdown and restarted when a request does not complete in the expected time. In a multi threaded worker, the request time is calculated as an average across all request threads.

Default:

600 (10 mins)

WSGI_MAX_REQUESTS

Number of served requests before restarting WSGI server

Default:

500

WSGI_PRELOAD

Whether to preload application logic when the server starts. Set the variable to any value to preload - this delays startup. The app cannot receive connections until it’s loaded. Preloading app has the benefit of using shared memory between any worker processes (pre-fork).

When left unset, the app can start receiving connections, and will be loaded lazily.

Mirth Connect

The following environment variables are used to configure mirth connect deployments:

MIRTH_DATABASE_NAME

Mirth connect database name

Default:

"mirth"

MIRTH_DATABASE_USERNAME

Mirth connect database username

Default:

"mirth"

MIRTH_DATABASE_PASSWORD

Mirth connect database password

Default:

"password"

Azure OpenAI & Google Gemini AI Configuration

The following environment variables configure the large language models used for AI features. Only one model provider should be configured at a time—either Azure OpenAI or Google Gemini. If both sets of variables are configured simultaneously, behavior may be unpredictable. Ensure only the relevant environment variables are set for the model provider in use.

Warning

Do not mix configurations: Set either the Azure OpenAI variables or the Google Gemini variables, but not both. Unset or leave the unused model’s variables empty.

Azure OpenAI and Google Gemini Shared Environment Variables

Some environment variables are shared between both Azure OpenAI and Google Gemini models, depending on the provider in use.

LLM_DEPLOYMENT_NAME

Specifies the name of the deployed model. If using Azure OpenAI, set this to the deployment name of the Azure model (e.g., my-chatbot-deployment). If using Google Gemini, set this to the deployment name of the Gemini model (e.g., gemini-1.5-pro).

Default:

None

Azure OpenAI-Specific Environment Variables

These variables are required only when using an Azure OpenAI model. If using Azure OpenAI, ensure all Google Gemini-specific variables remain unset or are set to None.

LLM_API_VERSION

Specifies the API version for Azure OpenAI. Azure releases a new version monthly, so this value may need periodic updating.

Default:

None

LLM_AZURE_API_KEY

The API key used to authenticate the server with Azure OpenAI.

Default:

None

LLM_AZURE_ENDPOINT

The endpoint URL where the Azure OpenAI model is deployed.

Default:

None

Google Gemini-Specific Environment Variables

Use these variables only if the Google Gemini model is deployed. If using Google Gemini, ensure all Azure OpenAI-specific variables remain unset or are set to None.

LLM_GOOGLE_API_KEY

The API key used to authenticate the server with Google Cloud for the Gemini model.

Default:

None

Security Variables

These variables are used to configure the site’s security

GLOBAL_INSTITUTION_SLUG

The slug of the institution that’s allowed to have global accounts. The slug of the institution who’s slug matches this will not be editable via django admin. The environment variable needs to be changed before the slug can be updated.

Default:

meg-staff

GLOBAL_EMAIL_SUFFIX

The email suffix required for a user account to be made global.

Default:

@megit.com

SUPER_GLOBAL_2FA_REQUIRED

Whether superusers are required to enroll in two factor authentication.

Default:

True

CSP_REPORT_ONLY

Whether to report CSP violations to console or raise an error

Default:

True

CSP_REPORT_URI

Used to report errors to sentry regarding CSP violations

Default:

None

SUPPRESS_BROWSER_CHECK

Whether to disable browser check functionality. Setting this to True will skip the check and not notify user that they use unsupported browser/version.

The functionality is implemented in meg_context_processor()

Default:

False

SECRET_KEY

Sets SECRET_KEY django setting. This is used to provide cryptographic signing, and should be set to a unique, unpredictable value.

Note

secret key should be set to a random secret value when running in production

TWO_FACTOR_SMS_GATEWAY

SMS gateway for two factor authentication.

Default:

'two_factor.gateways.fake.Fake' (development)

TWO_FACTOR_CALL_GATEWAY

Phone call gateway for two factor authentication.

Default:

'two_factor.gateways.fake.Fake' (development)

LOGIN_VALIDATE_ACCOUNT_EXISTS

Whether username should be validated on login screen. Set to False to behave as if the account exists and redirect to password page (secure). Set to True to show that the account does not exist as soon as username is entered (user-friendly)

Default:

False

ENABLE_TWO_FACTOR

Whether two-factor requirement for patient data audits should be enforced Currently disabled as per Task #22890.

Default:

False

LFPSE_SSL_VERIFY

Whether to verify SSL certificates for LFPSE HTTPS requests.

Default:

True

ENABLE_LOG_EDITING

Whether logs can be edited in django admin. Should be disabled in production servers.

Default:

False

ENABLE_PERMISSION_EDITING

Whether django permission objects can be edited in django admin. This should be disabled as permission objects are handled by Django.

Default:

False

SECURE_SSL_REDIRECT

Whether to force redirection to a secure https address.

CSRF_COOKIE_HTTPONLY

Default:

False

Whether to use HttpOnly flag on the CSRF cookie. If this is set to True, client-side JavaScript will not be able to access the CSRF cookie.

CORS_ALLOW_ALL_ORIGINS

Default:

False

Allow all origins for cross-site requests, overriding the CORS_ALLOWED_ORIGIN_REGEXES and CORS_ALLOWED_ORIGINS setting.

CORS_ALLOWED_ORIGINS

A comma-separated list of urls for CORS to allow cross-site requests from.

For example: http://localhost:4200,http://localhost:8000

CI/CD

TIMED_TEST_THRESHOLD_SECS

Threshold for test run time to report it as a “slow test”. Set to 0 to disable reporting slow tests

Default:

0.0