v1.58.0

Branding

Configuration options for CiviForm branding.

CIVIC_ENTITY_SMALL_LOGO_URL

Admin readable

Small logo for the civic entity used on the login page. Required.

  • Type: string

WHITELABEL_CIVIC_ENTITY_SHORT_NAME

Admin writeable

The short display name of the civic entity, will use 'TestCity' if not set. Required.

  • Type: string

WHITELABEL_CIVIC_ENTITY_FULL_NAME

Admin writeable

The full display name of the civic entity, will use 'City of TestCity' if not set. Required.

  • Type: string

FAVICON_URL

Admin readable

The URL of a 32x32 or 16x16 pixel favicon image, in GIF, PNG, or ICO format.

  • Type: string

External Services

Configures connections to external services the CiviForm server relies on.

Applicant Identity Provider

Configuration options for the applicant identity provider.

CIVIFORM_APPLICANT_IDP

Admin readable

What identity provider to use for applicants. Required.

  • Type: string

  • Allowed values:

    • idcs

    • login-radius

    • generic-oidc

    • login-gov

    • auth0

    • disabled

APPLICANT_REGISTER_URI

Admin readable

URI to create a new account in the applicant identity provider.

  • Type: string

APPLICANT_PORTAL_NAME

Admin writeable

The name of the portal that applicants log into, used in sentences like 'Log into your APPLICANT_PORTAL_NAME account.' Required.

  • Type: string

Oracle Identity Cloud Service

Configuration options for the idcs provider.

IDCS_CLIENT_ID

Managed secret

An opaque public identifier for apps that use OIDC (OpenID Connect) to request data from authorization servers, specifically communicating with IDCS. A Civiform instance is always the client.

  • Type: string

IDCS_SECRET

Managed secret

A secret known only to the client (Civiform) and authorization server, specifically for IDCS OIDC systems. This secret essentially acts as the client’s “password” for accessing data from the auth server.

  • Type: string

IDCS_DISCOVERY_URI

Server setting

A URL that returns a JSON listing of OIDC (OpenID Connect) data associated with the IDCS auth provider.

  • Type: string

Login Radius

Configuration options for the login-radius provider

LOGIN_RADIUS_API_KEY

Server setting

The API key used to interact with LoginRadius.

  • Type: string

LOGIN_RADIUS_METADATA_URI

Server setting

The base URL to construct SAML endpoints, based on the SAML2 spec.

  • Type: string

LOGIN_RADIUS_SAML_APP_NAME

Server setting

The name for the app, based on the SAML2 spec.

  • Type: string

LOGIN_RADIUS_KEYSTORE_NAME

Server setting

Name of the SAML2 keystore, used to store digital certificates and private keys for SAML auth.

  • Type: string

LOGIN_RADIUS_KEYSTORE_PASS

Server setting

The password used the protect the integrity of the SAML keystore file.

  • Type: string

LOGIN_RADIUS_PRIVATE_KEY_PASS

Server setting

The password used to protect the private key of the SAML digital certificate.

  • Type: string

OpenID Connect

Configuration options for the generic-oidc provider.

APPLICANT_OIDC_PROVIDER_LOGOUT

Server setting

Enables central logout.

  • Type: bool

APPLICANT_OIDC_OVERRIDE_LOGOUT_URL

Server setting

By default the 'end_session_endpoint' from the auth provider discovery metadata file is used as the logout endpoint. However for some integrations that standard flow might not work and we need to override logout URL.

  • Type: string

APPLICANT_OIDC_POST_LOGOUT_REDIRECT_PARAM

Server setting

URL param used to pass the post logout redirect url in the logout request to the auth provider. It defaults to 'post_logout_redirect_uri' if this variable is unset. If this variable is set to the empty string, the post logout redirect url is not passed at all and instead it needs to be hardcoded on the the auth provider (otherwise the user won't be redirected back to civiform after logout).

  • Type: string

APPLICANT_OIDC_PROVIDER_NAME

Server setting

The name of the OIDC (OpenID Connect) auth provider (server), such as “Auth0” or “LoginRadius”.

  • Type: string

APPLICANT_OIDC_CLIENT_ID

Server setting

An opaque public identifier for apps that use OIDC (OpenID Connect) to request data from authorization servers. A Civiform instance is always the client.

  • Type: string

APPLICANT_OIDC_CLIENT_SECRET

Managed secret

A secret known only to the client (Civiform) and authorization server. This secret essentially acts as the client’s “password” for accessing data from the auth server.

  • Type: string

APPLICANT_OIDC_DISCOVERY_URI

Server setting

A URL that returns a JSON listing of OIDC (OpenID Connect) data associated with a given auth provider.

  • Type: string

APPLICANT_OIDC_RESPONSE_MODE

Server setting

Informs the auth server of the desired auth processing flow, based on the OpenID Connect spec.

  • Type: string

APPLICANT_OIDC_RESPONSE_TYPE

Server setting

Informs the auth server of the mechanism to be used for returning response params from the auth endpoint, based on the OpenID Connect spec.

  • Type: string

APPLICANT_OIDC_ADDITIONAL_SCOPES

Server setting

Scopes the client (CiviForm) is requesting in addition to the standard scopes the OpenID Connect spec provides.

  • Type: string

APPLICANT_OIDC_LOCALE_ATTRIBUTE

Server setting

The locale of the user, such as “en-US”.

  • Type: string

APPLICANT_OIDC_EMAIL_ATTRIBUTE

Server setting

The OIDC attribute name for the user’s email address.

  • Type: string

APPLICANT_OIDC_FIRST_NAME_ATTRIBUTE

Server setting

The OIDC attribute name for the user’s first name.

  • Type: string

APPLICANT_OIDC_MIDDLE_NAME_ATTRIBUTE

Server setting

The OIDC attribute name for the user’s middle name.

  • Type: string

APPLICANT_OIDC_LAST_NAME_ATTRIBUTE

Server setting

The OIDC attribute name for the user’s last name.

  • Type: string

Login.gov

Configuration options for the login-gov provider

LOGIN_GOV_CLIENT_ID

Server setting

An opaque public identifier for apps that use OIDC (OpenID Connect) to request data from authorization servers, specifically communicating with Login.gov. A Civiform instance is always the client.

  • Type: string

LOGIN_GOV_DISCOVERY_URI

Server setting

A URL that returns a JSON listing of OIDC (OpenID Connect) data associated with a given auth provider, specifically for Login.gov.

  • Type: string

LOGIN_GOV_ADDITIONAL_SCOPES

Server setting

Scopes the client (CiviForm) is requesting in addition to the standard scopes the OpenID Connect spec provides. Scopes should be separated by a space.

  • Type: string

LOGIN_GOV_ACR_VALUE

Server setting

Authentication Context Class Reference requests. ial/1 is for open registration, email only. ial/2 is for requiring identity verification.

  • Type: string

  • Allowed values:

    • http://idmanagement.gov/ns/assurance/ial/1

    • http://idmanagement.gov/ns/assurance/ial/2

Administrator Identity Provider

Configuration options for the administrator identity provider.

CIVIFORM_ADMIN_IDP

Admin readable

What identity provider to use for admins.

  • Type: string

  • Allowed values:

    • adfs

    • generic-oidc-admin

Active Directory Federation Services

Configuration options for the ADFS provider.

ADFS_CLIENT_ID

Server setting

An opaque public identifier for apps that use OIDC (OpenID Connect) to request data from authorization servers, specifically communicating with ADFS. A Civiform instance is always the client.

  • Type: string

ADFS_SECRET

Managed secret

A secret known only to the client (Civiform) and authorization server. This secret essentially acts as the client’s “password” for accessing data from the auth server.

  • Type: string

ADFS_DISCOVERY_URI

Server setting

A URL that returns a JSON listing of OIDC (OpenID Connect) data associated with the IDCS auth provider.

  • Type: string

ADFS_ADMIN_GROUP

Server setting

The name of the admin group in Active Directory, typically used to tell if a user is a global admin.

  • Type: string

ADFS_ADDITIONAL_SCOPES

Server setting

Scopes the client (CiviForm) is requesting in addition to the standard scopes the OpenID Connect spec provides. Scopes should be separated by a space.

  • Type: string

AD_GROUPS_ATTRIBUTE_NAME

Server setting

The attribute name for looking up the groups associated with a particular user.

  • Type: string

OpenID Connect

Configuration options for the generic-oidc provider.

ADMIN_OIDC_PROVIDER_NAME

Server setting

The name of the OIDC (OpenID Connect) auth provider (server), such as 'Auth0' or 'Okta'.

  • Type: string

ADMIN_OIDC_CLIENT_ID

Server setting

An opaque public identifier for apps that use OIDC (OpenID Connect) to request data from authorization servers. A Civiform instance is always the client.

  • Type: string

ADMIN_OIDC_CLIENT_SECRET

Server setting

A secret known only to the client (Civiform) and authorization server. This secret essentially acts as the client’s “password” for accessing data from the auth server.

  • Type: string

ADMIN_OIDC_DISCOVERY_URI

Server setting

A URL that returns a JSON listing of OIDC (OpenID Connect) data associated with a given auth provider.

  • Type: string

ADMIN_OIDC_RESPONSE_MODE

Server setting

Informs the auth server of the desired auth processing flow, based on the OpenID Connect spec.

  • Type: string

ADMIN_OIDC_RESPONSE_TYPE

Server setting

Informs the auth server of the mechanism to be used for returning response params from the auth endpoint, based on the OpenID Connect spec.

  • Type: string

ADMIN_OIDC_USE_CSRF

Server setting

OIDC client should provide CSRF protection.

  • Type: bool

ADMIN_OIDC_ID_GROUPS_ATTRIBUTE_NAME

Server setting

Name of attribute that provides the groups associated with an account.

  • Type: string

ADMIN_OIDC_ADMIN_GROUP_NAME

Server setting

Name of group that indicates an account is a global admin.

  • Type: string

ADMIN_OIDC_ADDITIONAL_SCOPES

Server setting

Scopes the client (CiviForm) is requesting in addition to the standard scopes the OpenID Connect spec provides.

  • Type: string

Database

Configures the connection to the PostgreSQL database.

DATABASE_APPLY_DESTRUCTIVE_CHANGES

Server setting

If enabled, playframework down evolutions are automatically applied on server start if needed.

  • Type: bool

DATABASE_CONNECTION_POOL_SIZE

Server setting

Sets how many connections to the database are maintained.

  • Type: int

DB_JDBC_STRING

Server setting

The database URL.

  • Type: string

DB_USERNAME

Managed secret

The username used to connect to the database.

  • Type: string

DB_PASSWORD

Managed secret

The password used to connect to the database.

  • Type: string

Thread pools

Configures the Play framework thread pools.

AKKA_DEFAULT_EXECUTOR

Server setting

Determines which kind of ExecutorService to use for the default dispatcher. The default is 'fork-join-executor'

  • Type: string

FORK_JOIN_PARALLELISM_MIN

Server setting

Min number of threads to cap factor-based parallelism number to for the 'fork-join-executor'

  • Type: int

FORK_JOIN_PARALLELISM_MAX

Server setting

Max number of threads to cap factor-based parallelism number to for the 'fork-join-executor'

  • Type: int

FORK_JOIN_PARALLELISM_FACTOR

Server setting

The parallelism factor is used to determine thread pool size for the 'fork-join-executor' using the following formula: ceil(available processors * factor). Resulting size is then bounded by the parallelism-min and parallelism-max values.

  • Type: int

THREAD_POOL_EXECUTOR_FIXED_POOL_SIZE

Server setting

The size of the thread pool for the 'thread-pool-executor' type. If not defined, this will use the default core and max pool sizes.

  • Type: int

AKKA_THROUGHPUT

Server setting

The number of messages that are processed in a batch before the thread is returned to the pool. Set to 1 for as fair as possible.

  • Type: int

AWS_REGION

Server setting

Region where the AWS SES service exists. If STORAGE_SERVICE_NAME is set to 'aws', it is also the region where the AWS s3 service exists.

  • Type: string

SENDER_EMAIL_ADDRESS

Server setting

The email address used for the 'from' email header for emails sent by CiviForm. Required.

  • Type: string

Application File Upload Storage

Configuration options for the application file upload storage provider

STORAGE_SERVICE_NAME

Server setting

What static file storage provider to use.

  • Type: string

  • Allowed values:

    • s3

    • azure-blob

AWS_S3_BUCKET_NAME

Server setting

s3 bucket to store files in.

  • Type: string

AWS_S3_FILE_LIMIT_MB

Server setting

The max size (in Mb) of files uploaded to s3.

  • Type: string

AWS_S3_PUBLIC_BUCKET_NAME

Server setting

s3 bucket to store publicly accessible files in.

  • Type: string

AWS_S3_PUBLIC_FILE_LIMIT_MB

Server setting

The max size (in Mb) of publicly accessible files uploaded to s3.

  • Type: string

AZURE_STORAGE_ACCOUNT_NAME

Server setting

The azure account name where the blob storage service exists.

  • Type: string

AZURE_STORAGE_ACCOUNT_CONTAINER

Server setting

Azure blob storage container name to store files in.

  • Type: string

AZURE_LOCAL_CONNECTION_STRING

Server setting

Allows local Azurite emulator to be used for developer deployments.

  • Type: string

ESRI Address Validation

Configuration options for the ESRI GIS client and address validation/correction feature.

ESRI_FIND_ADDRESS_CANDIDATES_URL

Admin readable

The URL CiviForm will use to call Esri’s findAddressCandidates service.

  • Type: string

ESRI_ADDRESS_SERVICE_AREA_VALIDATION_LABELS

Admin readable

Human readable labels used to present the service area validation options in CiviForm’s admin UI.

  • Type: index-list

ESRI_ADDRESS_SERVICE_AREA_VALIDATION_IDS

Admin readable

The value CiviForm uses to validate if an address is in a service area.

  • Type: index-list

ESRI_ADDRESS_SERVICE_AREA_VALIDATION_URLS

Admin readable

The URL CiviForm will use to call Esri’s map query service for service area validation.

  • Type: index-list

ESRI_ADDRESS_SERVICE_AREA_VALIDATION_ATTRIBUTES

Admin readable

The attribute CiviForm checks from the service area validation response to get the service area validation ID.

  • Type: index-list

ESRI_EXTERNAL_CALL_TRIES

Admin readable

The number of tries CiviForm will attempt requests to external Esri services.

  • Type: int

ESRI_WELLKNOWN_ID_OVERRIDE

Admin readable

Forces calls to Esri services to use the specified spatial reference wellKnownId value for the coordinate system. If not set the default configuration from the Esri server is used. Setting this may be needed if using the results of the findAddressCandidates service return spatial references in a format different from one or more of the map query service endpoints.

  • Type: int

Email Addresses

Configuration options for CiviForm email usage.

SUPPORT_EMAIL_ADDRESS

Admin writeable

This email address is listed in the footer for applicants to contact support. Required.

  • Type: string

IT_EMAIL_ADDRESS

Admin writeable

This email address receives error notifications from CiviForm when things break.

  • Type: string

STAGING_PROGRAM_ADMIN_NOTIFICATION_MAILING_LIST

Server setting

If this is a staging deployment, the application notification email is sent to this email address instead of the program administrator's email address. Required.

  • Type: string

STAGING_TI_NOTIFICATION_MAILING_LIST

Server setting

If this is a staging deployment, the application notification email is sent to this email address instead of the trusted intermediary's email address. Required.

  • Type: string

STAGING_APPLICANT_NOTIFICATION_MAILING_LIST

Server setting

If this is a staging deployment, the application notification email is sent to this email address instead of the applicant's email address. Required.

  • Type: string

Custom Text

Text specific to a civic entity.

Admin writeable

The text for a link on the Common Intake confirmation page that links to more resources. Shown when the applicant is not eligible for any programs in CiviForm.

  • Type: string

Admin writeable

The HREF for a link on the Common Intake confirmation page that links to more resources. Shown when the applicant is not eligible for any programs in CiviForm.

  • Type: string

  • Validation regular expression: ^(http://|https://).+

  • Regular expression examples:

    • http://my-civiform.org should match.

    • https://my-civiform.org should match.

    • my-civiform.org should not match.

SECRET_KEY

Managed secret

The secret key is used to sign Play's session cookie. This must be changed for production.

  • Type: string

BASE_URL

Admin readable

The URL of the CiviForm deployment. Must start with 'https://' or 'http://'. Required.

  • Type: string

  • Validation regular expression: ^(http://|https://).+

  • Regular expression examples:

    • http://my-civiform.org should match.

    • https://my-civiform.org should match.

    • my-civiform.org should not match.

STAGING_HOSTNAME

Server setting

DNS name of the staging deployment. Must not start with 'https://' or 'http://'.

  • Type: string

  • Validation regular expression: ^(?!http://|https://).+

  • Regular expression examples:

    • my-civiform.org should match.

    • http://my-civiform.org should not match.

    • https://my-civiform.org should not match.

CIVIFORM_SUPPORTED_LANGUAGES

Server setting

The full list of languages available to CiviForm. These are the language that admins can choose from when adding translations for programs and applications, as well as the default list that applicants can choose from when specifying their language preference. See CIVIFORM_APPLICANT_ENABLED_LANGUAGES for further control over languages available to applicants.

  • Type: index-list

CIVIFORM_APPLICANT_ENABLED_LANGUAGES

Server setting

If populated, this filters the languages that are visible to the applicant to just those in the list. This allows program admins to develop languages support for programs and questions, but not let the applicant use a language that is not yet ready.

  • Type: index-list

CIVIFORM_TIME_ZONE_ID

Admin readable

A Java time zone ID indicating the time zone for this CiviForm deployment. All times in the system will be calculated in this zone. Default value is 'America/Los_Angeles' Required.

  • Type: string

CIVIFORM_IMAGE_TAG

Admin readable

The tag of the docker image this server is running inside. Is added as a HTML meta tag with name 'civiform-build-tag'. If SHOW_CIVIFORM_IMAGE_TAG_ON_LANDING_PAGE is set to true, is also shown on the login page if CIVIFORM_VERSION is the empty string or set to 'latest'.

  • Type: string

CIVIFORM_VERSION

Admin readable

The release version of CiviForm. For example: v1.18.0. If SHOW_CIVIFORM_IMAGE_TAG_ON_LANDING_PAGE is set to true, is also shown on the login page if it a value other than the empty string or 'latest'.

  • Type: string

CLIENT_IP_TYPE

Admin readable

Where to find the IP address for incoming requests. Default is "DIRECT" where the IP address of the request is the originating IP address. If "FORWARDED" then request has been reverse proxied and the originating IP address is stored in the X-Forwarded-For header.

  • Type: string

  • Allowed values:

    • DIRECT

    • FORWARDED

NUM_TRUSTED_PROXIES

Admin readable

The count of reverse proxies between the internet and the server. In typical deployments, this value is 1.

  • Type: int

Observability

Configuration options for CiviForm observability features.

CIVIFORM_SERVER_METRICS_ENABLED

Admin readable

If enabled, allows server Prometheus metrics to be retrieved via the '/metrics' URL path. If disabled, '/metrics' returns a 404.

  • Type: bool

MEASUREMENT_ID

Admin readable

The Google Analytics tracking ID. If set, Google Analytics JavaScript scripts are added to the CiviForm pages.

  • Type: string

Data Export API

Configuration options for the CiviForm API.

CIVIFORM_API_SECRET_SALT

Managed secret

A cryptographic secret salt used for salting API keys before storing their hash values in the database. This value should be kept strictly secret. If one suspects the secret has been leaked or otherwise comprised it should be changed and all active API keys should be retired and reissued. Default value is 'changeme'.

  • Type: string

CIVIFORM_API_KEYS_BAN_GLOBAL_SUBNET

Server setting

When true prevents the CiviForm admin from issuing API keys that allow callers from all IP addresses (i.e. a CIDR mask of /0).

  • Type: bool

CIVIFORM_API_APPLICATIONS_LIST_MAX_PAGE_SIZE

Admin readable

An integer specifying the maximum number of entries returned in a page of results for the applications export API.

  • Type: int

Durable Jobs

Configuration options for the CiviForm Job Runner.

DURABLE_JOBS_POLL_INTERVAL_SECONDS

Server setting

An integer specifying the polling interval in seconds for the durable job system. A smaller number here increases the polling frequency, which results in jobs running sooner when they are scheduled to be run immediately, at the cost of more pressure on the database. Default value is 5.

  • Type: int

DURABLE_JOBS_JOB_TIMEOUT_MINUTES

Server setting

An integer specifying the timeout in minutes for durable jobs i.e. how long a single job is allowed to run before the system attempts to interrupt it. Default value is 30.

  • Type: int

DURABLE_JOBS_THREAD_POOL_SIZE

Server setting

The number of server threads available for the durable job runner. More than a single thread will the server execute multiple jobs in parallel. Default value is 1.

  • Type: int

Feature Flags

Configuration options to enable or disable optional or in-development features.

APPLICATION_EXPORTABLE

Admin writeable

Enables the feature that allows completed applications to be downloadable by PDF.

  • Type: bool

DISABLED_VISIBILITY_CONDITION_ENABLED

Admin writeable

Enables the feature that allows programs to be disabled from CiviForm

  • Type: bool

ESRI_ADDRESS_SERVICE_AREA_VALIDATION_ENABLED

Admin writeable

Enables the feature that allows for service area validation of a corrected address. ESRI_ADDRESS_CORRECTION_ENABLED needs to be enabled.

  • Type: bool

ESRI_ADDRESS_CORRECTION_ENABLED

Admin writeable

Enables the feature that allows address correction for address questions.

  • Type: bool

CF_OPTIONAL_QUESTIONS

Admin writeable

If enabled, allows questions to be optional in programs. Is enabled by default.

  • Type: bool

ALLOW_CIVIFORM_ADMIN_ACCESS_PROGRAMS

Admin writeable

If enabled, CiviForm Admins are able to see all applications for all programs. Is disabled by default.

  • Type: bool

SHOW_CIVIFORM_IMAGE_TAG_ON_LANDING_PAGE

Admin writeable

If enabled, the value of CIVIFORM_IMAGE_TAG will be shown on the login screen. Is disabled by default.

  • Type: bool

INTAKE_FORM_ENABLED

Admin writeable

Enables the Common Intake Form feature.

  • Type: bool

STAGING_ADD_NOINDEX_META_TAG

Server setting

If this is a staging deployment and this variable is set to true, a robots noindex metadata tag is added to the CiviForm pages. This causes the staging site to not be listed on search engines.

  • Type: bool

STAGING_DISABLE_DEMO_MODE_LOGINS

Server setting

If this is a staging deployment and this variable is set to true, the 'DEMO MODE. LOGIN AS:' buttons are not shown on the login page.

  • Type: bool

API_GENERATED_DOCS_ENABLED

Admin writeable

Enables the API docs tab on CiviForm.

  • Type: bool

VERSION_CACHE_ENABLED

Server setting

Enables caching for versions and their associated data.

  • Type: bool

PROGRAM_CACHE_ENABLED

Server setting

Enables caching for programs and their associated data.

  • Type: bool

QUESTION_CACHE_ENABLED

Server setting

Enables caching for questions and their associated data.

  • Type: bool

ADMIN_OIDC_ENHANCED_LOGOUT_ENABLED

Admin readable

Enables populating more fields in OIDC logout requests to admin identity provider.

  • Type: bool

APPLICANT_OIDC_ENHANCED_LOGOUT_ENABLED

Admin readable

Enables populating more fields in OIDC logout requests to applicant identity provider.

  • Type: bool

PRIMARY_APPLICANT_INFO_QUESTIONS_ENABLED

Admin writeable

Enables setting a universal question as a question representing information about the applicant. The system can then take certain actions based on the answer to this question.

  • Type: bool

UNIVERSAL_QUESTIONS

Admin readable

Enables setting and displaying the universal question state on questions. These questions are intended to be used by all programs and will appear at the top of the question bank with a badge denoting them as universal.

  • Type: bool

PROGRAM_CARD_IMAGES

Admin readable

Enables images on program cards, both for admins to upload them and for applicants to view them.

  • Type: bool

SUGGEST_PROGRAMS_ON_APPLICATION_CONFIRMATION_PAGE

Admin writeable

Add programs cards to the confirmation screen that an applicant sees after finishing an application.

  • Type: bool

SAVE_ON_ALL_ACTIONS

Admin readable

Save an applicant's answers when they take any action ('Review'/'Previous'/'Save and next') instead of only saving on 'Save and next'.

  • Type: bool

NORTH_STAR_APPLICANT_UI

Admin writeable

Enables showing new UI with an updated user experience in Applicant flows

  • Type: bool

PROGRAM_MIGRATION_ENABLED

Admin writeable

(NOT FOR PRODUCTION USE) Enables migrating programs between deployed environments

  • Type: bool

Last updated