Project configuration

Now you're set up and have an understanding of where you'll be working, let's take a look at configuring your project.

Most of our configuration for projects takes place in backend. There's a project.yml under config/ inside each of your project folders. These are used to set configurations on a per-project basis. This project.yml is the base configuration, which can be overwritten on a per-environment basis. For example, you could overwrite the access credentials for your different connected APIs on development and on staging environment.

In order to do so, add a project.yml.dev and/or project.yml.staging to the directory config/ with the needed overwrites.

Securing production configs

As the production access tokens and configuration of the connected APIs shouldn't be publicly available to everybody on the project, it's recommended to encrypt these configurations if necessary.

The API tokens will of course not be publicly accessible in general, but as they normally lie inside our project.yml in the config/ folder and therefore inside the repository, they would be available to everyone who has access to that private repository!

To configure your Content Security Policy (CSP) (see this article to find out more about a CSP and best practices), you'll need to add it to your project.yml. If you want to use additional services, you can extend your CSP. An example of what that could look like is below:

apiKey: 
configuration:
    # ...  
    policy:
        connect-src:
            - self
            - 'ws:'
            - 'wss:'
            - https://api.usercentrics.eu
            # ...
        script-src:
            - unsafe-inline
            - unsafe-eval
            - https://cdn.example.com
            # - ...
        img-src:
            # - ...
        # ...

Did this page help you?