Configuration

For both local development and deployment, the configuration of the GCN web application is controlled by the environment variables. You can adjust the environment variables in any one of three ways:

.env file: Create a file called .env in the base directory of your project formatted like this:
```
FOO=value_of_foo_for_local_testing
BAR=value_of_bar_for_local_testing
```

preferences.arc file: Create a file called .preferences.arc in the base directory of your project formatted like this:

@env
testing
  FOO=value_of_foo_for_local_testing
  BAR=value_of_bar_for_local_testing

production
  FOO=value_of_foo_for_deployment
  BAR=value_of_bar_for_deployment

arc env command: Adjust settings for one of the deployments by running the following commands.
```
npx arc env -e production --add FOO value_of_foo_for_deployment
npx arc env -e production --add BAR value_of_bar_for_deployment
```
The updated settings will take effect the next time a deployment occurs.

Supported environment variables

All environment variables are optional in local development. All environment variables with the exception of GCN_FEATURES are required in production deployment.

Important note about distinct API keys

Every API token documented below should have a distinct value for each deployment stage, because:

it minimizes the security impact of a compromise of the token in one stage, and
it prevents rate limiting in one deployment stage from impacting other deployment stages.

For Astrophysics Data Service (ADS)

ADS only permits a single API token per registered email address. You can use subaddressing (also called plus addressing) to create separate ADS accounts.

For example, if your personal ADS account is registered to nancy.roman@nasa.gov, then you can create a separate ADS account for GCN production by registering the email address nancy.roman+gcn-prod@nasa.gov.

Key	Description	Default
`SESSION_SECRET`	Signing key for session cookies. Should be a long, random string	Hard-coded constant
`CDN_SECRET`	Secret key that must be present in the `X-CDN-Secret` request header of all requests to prove that the request came via the content delivery network rather than directly to the origin. Should be a long, random string	Requests are permitted regardless of the value of the `X-CDN-Secret` header
`COGNITO_USER_POOL_ID`, `OIDC_CLIENT_ID`, `OIDC_CLIENT_SECRET`	OpenID Connect identity provider configuration for AWS Cognito	Sandbox identity provider
`RECAPTCHA_SITE_KEY`, `RECAPTCHA_SECRET_KEY`	Google ReCAPTCHA configuration	ReCAPTCHAs replaced with placeholder
`GITHUB_API_TOKEN`	GitHub API token for the schema browser. In GitHub settings, generate a Classic token with the expiration as long as possible and no scopes selected	Anonymous GitHub API requests with lower rate limits
`ORIGIN`	URL origin for external redirects, email From addresses, etc.	http://localhost:3333
`ZENDESK_EMAIL`	Email address for Zendesk forwarding	Forwarding disabled
`ZENDESK_TOKEN`, `ZENDESK_TOKEN_EMAIL`	Zendesk API token and user email address	Zendesk API disabled
`ADS_TOKEN`	Astrophysics Data System (ADS) API token	ADS disabled
`ADS_TOKEN_TOOLTIP`	ADS API token used for Astro Flavored Markdown tooltips. The value must be different from `ADS_TOKEN`	ADS disabled
`GCN_FEATURES`	Feature flags (for example, `ANTIGRAVITY,TIME_TRAVEL,PYROKINESIS`)	No features
`TNS_BOT_NAME`, `TNS_BOT_KEY`, `TNS_BOT_ID`	Bot credentials for Transient Name Server (TNS)	TNS tooltips disabled
`KAFKA_CLIENT_ID`, `KAFKA_CLIENT_SECRET`	Client credentials for producing GCN Circulars over Kafka	Kafka producer is disabled