Merge branch 'release-4.0.0' into release-4.1.0

ansible/inventory/env/group_vars/all.yml

@@ -481,11 +481,6 @@ sunbird_portal_offline_app_download_url: ""
 sunbird_portal_log_level: "debug"
 
 ### Release 2.2.0 ###
-sunbird_google_android_keycloak_client_id: ''
-sunbird_google_android_keycloak_secret: ''
-sunbird_trampoline_android_keycloak_client_id: ''
-sunbird_trampoline_android_keycloak_secret: ''
-sunbird_android_keycloak_client_id: ''
 sunbird_user_org_api_base_url: http://{{sunbird_swarm_manager_lb_ip}}:9000
 
 ### Release-2.3.0 ###
@@ -588,3 +583,11 @@ bootstrap_namespace: "{{ env }},flink-{{ env }},flink-kp-{{ env }}"
 graylog_open_to_public: false
 send_logs_to_graylog: false
 graylog_open_to_private: false
+
+# Keycloak related variables
+sunbird_google_android_keycloak_client_id: google-auth-android
+sunbird_android_keycloak_client_id: android
+sunbird_desktop_keycloak_client_id: desktop
+sunbird_google_desktop_keycloak_client_id: google-auth-desktop
+sunbird_trampoline_android_keycloak_client_id: trampoline-android
+sunbird_trampoline_desktop_keycloak_client_id: trampoline-desktop

ansible/roles/keycloak-deploy/templates/keycloak-realm.j2

@@ -661,7 +661,7 @@
       "surrogateAuthRequired": false,
       "enabled": true,
       "clientAuthenticatorType": "client-secret",
-      "secret": "{{ core_vault_android_secret }}",
+      "secret": "{{ core_vault_android_keycloak_secret }}",
       "redirectUris": [
         "{{proto}}://{{proxy_server_name}}/oauth2callback",
         "{{ env }}.sunbird.app://mobile"
@@ -796,7 +796,7 @@
       "surrogateAuthRequired": false,
       "enabled": true,
       "clientAuthenticatorType": "client-secret",
-      "secret": "{{ core_vault_google_desktop_secret }}",
+      "secret": "{{ sunbird_google_desktop_keycloak_secret }}",
       "redirectUris": [
         "{{proto}}://{{proxy_server_name}}/*"
       ],
@@ -1683,7 +1683,7 @@
       "surrogateAuthRequired": false,
       "enabled": true,
       "clientAuthenticatorType": "client-secret",
-      "secret": "{{ core_vault_google_android_secret }}",
+      "secret": "{{ sunbird_google_android_keycloak_secret }}",
       "redirectUris": [
         "{{proto}}://{{proxy_server_name}}/*"
       ],
@@ -2039,7 +2039,7 @@
       "surrogateAuthRequired": false,
       "enabled": true,
       "clientAuthenticatorType": "client-secret",
-      "secret": "{{ core_vault_google_auth_secret }}",
+      "secret": "{{ core_vault_sunbird_google_keycloak_secret }}",
       "redirectUris": [
         "{{proto}}://{{proxy_server_name}}/*"
       ],
@@ -2427,7 +2427,7 @@
       "surrogateAuthRequired": false,
       "enabled": true,
       "clientAuthenticatorType": "client-secret",
-      "secret": "{{ core_vault_trampoline_desktop_secret }}",
+      "secret": "{{ sunbird_trampoline_desktop_keycloak_secret }}",
       "redirectUris": [
         "{{proto}}://{{proxy_server_name}}/*"
       ],
@@ -2562,7 +2562,7 @@
       "surrogateAuthRequired": false,
       "enabled": true,
       "clientAuthenticatorType": "client-secret",
-      "secret": "{{ core_vault_trampoline_android_secret }}",
+      "secret": "{{ sunbird_trampoline_android_keycloak_secret }}",
       "redirectUris": [
         "{{proto}}://{{proxy_server_name}}/*"
       ],

ansible/roles/postgres-migration/files/sunbird_programs/V4.0.0.sql

 UPDATE "public"."configuration" SET value='VidyaDaan: Your Content $contentName for the project $projectName has been approved by the project owner. Please login to $url for details.' WHERE key='smsContentAccept';
-UPDATE "public"."configuration" SET value='VidyaDaan: Your Content $contentName for the project $projectName has been approved by the project owner with few changes. Please login to $url for details.' WHERE key='smsContentRequestedChanges';
+UPDATE "public"."configuration" SET value='VidyaDaan: Your Content $contentName for the project $projectName has been approved by the project owner with few changes. Please login to $url for details.' WHERE key='smsContentAcceptWithChanges';

ansible/roles/stack-sunbird/templates/content-service_application.conf

@@ -568,11 +568,11 @@ objectcategorydefinition.keyspace="{{ lp_cassandra_keyspace_prefix }}_category_s
 channel {
   content{
     primarycategories=["Course Assessment", "eTextbook", "Explanation Content", "Learning Resource", "Practice Question Set", "Teacher Resource", "Exam Question"]
-    additionalcategories=["Classroom Teaching Video", "Concept Map", "Curiosity Question Set", "Experiential Resource", "Explanation Video", "Focus Spot", "Learning Outcome Definition", "Lesson Plan", "Marking Scheme Rubric", "Pedagogy Flow", "Previous Board Exam Papers", "TV Lesson", "Textbook"]
+    additionalcategories= {{ content_additional_categories | default('["Classroom Teaching Video", "Concept Map", "Curiosity Question Set", "Experiential Resource", "Explanation Video", "Focus Spot", "Learning Outcome Definition", "Lesson Plan", "Marking Scheme Rubric", "Pedagogy Flow", "Previous Board Exam Papers", "TV Lesson", "Textbook"]')}}
   }
   collection {
     primarycategories=["Content Playlist", "Course", "Digital Textbook", "Question paper"]
-    additionalcategories=["Textbook", "Lesson Plan"]
+    additionalcategories={{ collection_additional_categories | default('["Textbook", "Lesson Plan"]')}}
   }
   asset {
     primarycategories=["Asset", "CertAsset", "Certificate Template"]

ansible/roles/stack-sunbird/templates/taxonomy-service_application.conf

@@ -390,3 +390,6 @@ languageCode {
   telugu : "te"
 }
 objectcategorydefinition.keyspace="{{ lp_cassandra_keyspace_prefix }}_category_store"
+
+# Framework master category validation Supported values are Yes/No
+master.category.validation.enabled="{{ master_category_validation_enabled | default('Yes') }}"
\ No newline at end of file

deploy/jenkins/jobs/Build/jobs/KnowledgePlatform/jobs/Neo4j/config.xml

-<?xml version="1.1" encoding="UTF-8" standalone="no"?><flow-definition plugin="workflow-job@2.38">
+<?xml version="1.1" encoding="UTF-8" standalone="no"?><flow-definition plugin="workflow-job@2.40">
   <actions>
-    <org.jenkinsci.plugins.workflow.multibranch.JobPropertyTrackerAction plugin="workflow-multibranch@2.21">
+    <org.jenkinsci.plugins.workflow.multibranch.JobPropertyTrackerAction plugin="workflow-multibranch@2.23">
       <jobPropertyDescriptors>
         <string>hudson.model.ParametersDefinitionProperty</string>
         <string>com.sonyericsson.rebuild.RebuildSettings</string>
@@ -19,7 +19,7 @@
       </strategy>
     </jenkins.model.BuildDiscarderProperty>
     <org.jenkinsci.plugins.workflow.job.properties.DisableConcurrentBuildsJobProperty/>
-    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@1.31">
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@1.32">
       <autoRebuild>false</autoRebuild>
       <rebuildDisabled>false</rebuildDisabled>
     </com.sonyericsson.rebuild.RebuildSettings>
@@ -38,7 +38,7 @@
         </hudson.model.StringParameterDefinition>
       </parameterDefinitions>
     </hudson.model.ParametersDefinitionProperty>
-    <hudson.plugins.throttleconcurrents.ThrottleJobProperty plugin="throttle-concurrents@2.0.2">
+    <hudson.plugins.throttleconcurrents.ThrottleJobProperty plugin="throttle-concurrents@2.2">
       <maxConcurrentPerNode>0</maxConcurrentPerNode>
       <maxConcurrentTotal>0</maxConcurrentTotal>
       <categories class="java.util.concurrent.CopyOnWriteArrayList"/>
@@ -57,12 +57,12 @@
       </triggers>
     </org.jenkinsci.plugins.workflow.job.properties.PipelineTriggersJobProperty>
   </properties>
-  <definition class="org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition" plugin="workflow-cps@2.80">
-    <scm class="hudson.plugins.git.GitSCM" plugin="git@4.2.2">
+  <definition class="org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition" plugin="workflow-cps@2.90">
+    <scm class="hudson.plugins.git.GitSCM" plugin="git@4.7.1">
       <configVersion>2</configVersion>
       <userRemoteConfigs>
         <hudson.plugins.git.UserRemoteConfig>
-          <url>https://github.com/project-sunbird/sunbird-learning-platform.git</url>
+          <url>https://github.com/project-sunbird/knowledge-platform-db-extensions.git</url>
         </hudson.plugins.git.UserRemoteConfig>
       </userRemoteConfigs>
       <branches>
@@ -70,10 +70,13 @@
           <name>${github_release_tag}</name>
         </hudson.plugins.git.BranchSpec>
       </branches>
+      <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
+      <submoduleCfg class="empty-list"/>
+      <extensions/>
     </scm>
-    <scriptPath>pipelines/build/neo4j/Jenkinsfile</scriptPath>
+    <scriptPath>build/neo4j-extensions/Jenkinsfile</scriptPath>
     <lightweight>false</lightweight>
   </definition>
   <triggers/>
   <disabled>false</disabled>
-</flow-definition>
\ No newline at end of file
+</flow-definition>

deploy/jenkins/jobs/Deploy/jobs/dev/jobs/KnowledgePlatform/jobs/FlinkJobs/config.xml

@@ -97,18 +97,15 @@ return """&lt;b&gt;This parameter is not used&lt;/b&gt;"""</script>
           <visibleItemCount>1</visibleItemCount>
           <script class="org.biouno.unochoice.model.GroovyScript">
             <secureScript plugin="script-security@1.76">
-              <script>return['activity-aggregate-updater',
-'relation-cache-updater',
-'post-publish-processor',
+              <script>return[
 'video-stream-generator',
 'questionset-publish',
-'collection-certificate-generator',
-'enrolment-reconciliation',
 'search-indexer',
+'asset-enrichment',
+'audit-event-generator',
 'audit-history-indexer',
-'auto-creator-v2',
 'collection-cert-pre-processor',
-'asset-enrichment']</script>
+'collection-certificate-generator']</script>
               <sandbox>true</sandbox>
             </secureScript>
             <secureFallbackScript plugin="script-security@1.76">
@@ -150,7 +147,7 @@ return """&lt;b&gt;This parameter is not used&lt;/b&gt;"""</script>
       </userRemoteConfigs>
       <branches>
         <hudson.plugins.git.BranchSpec>
-          <name>${branch_or_tag}></name>
+          <name>${branch_or_tag}</name>
         </hudson.plugins.git.BranchSpec>
       </branches>
       <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>

deploy/jenkins/jobs/OpsAdministration/jobs/dev/jobs/Core/jobs/PostInstallScript/config.xml

+<?xml version="1.1" encoding="UTF-8" standalone="no"?><flow-definition plugin="workflow-job@2.40">
+  <actions/>
+  <description/>
+  <keepDependencies>false</keepDependencies>
+  <properties>
+    <com.sonyericsson.rebuild.RebuildSettings plugin="rebuild@1.32">
+      <autoRebuild>false</autoRebuild>
+      <rebuildDisabled>false</rebuildDisabled>
+    </com.sonyericsson.rebuild.RebuildSettings>
+    <hudson.model.ParametersDefinitionProperty>
+      <parameterDefinitions>
+        <hudson.model.StringParameterDefinition>
+          <name>proto</name>
+          <description>&lt;font style="color:dimgray;font-size:14px;"&gt;&lt;b&gt;Value of &lt;font style="color:DarkGreen;font-size:14px;"&gt;&lt;i&gt;proto&lt;/i&gt;&lt;/font&gt; from private repo Core/common.yml&lt;/b&gt;&lt;/font&gt;</description>
+          <defaultValue/>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>domain_name</name>
+          <description>&lt;font style="color:dimgray;font-size:14px;"&gt;&lt;b&gt;Value of &lt;font style="color:DarkGreen;font-size:14px;"&gt;&lt;i&gt;domain_name&lt;/i&gt;&lt;/font&gt; from private repo Core/common.yml&lt;/b&gt;&lt;/font&gt;</description>
+          <defaultValue/>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>core_vault_sunbird_api_auth_token</name>
+          <description>&lt;font style="color:dimgray;font-size:14px;"&gt;&lt;b&gt;Value of &lt;font style="color:DarkGreen;font-size:14px;"&gt;&lt;i&gt;core_vault_sunbird_api_auth_token&lt;/i&gt;&lt;/font&gt; from private repo Core/secrets.yml&lt;/b&gt;&lt;/font&gt;</description>
+          <defaultValue/>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>private_ingressgateway_ip</name>
+          <description>&lt;font style="color:dimgray;font-size:14px;"&gt;&lt;b&gt;Value of &lt;font style="color:DarkGreen;font-size:14px;"&gt;&lt;i&gt;private_ingressgateway_ip&lt;/i&gt;&lt;/font&gt; from private repo Core/common.yml&lt;/b&gt;&lt;/font&gt;</description>
+          <defaultValue/>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>learningservice_ip</name>
+          <description>&lt;font style="color:dimgray;font-size:14px;"&gt;&lt;b&gt;Value of &lt;font style="color:DarkGreen;font-size:14px;"&gt;&lt;i&gt;learningservice_ip&lt;/i&gt;&lt;/font&gt; from private repo Core/common.yml&lt;/b&gt;&lt;/font&gt;</description>
+          <defaultValue/>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>core_vault_sunbird_sso_client_secret</name>
+          <description>&lt;font style="color:dimgray;font-size:14px;"&gt;&lt;b&gt;Value of &lt;font style="color:DarkGreen;font-size:14px;"&gt;&lt;i&gt;core_vault_sunbird_sso_client_secret&lt;/i&gt;&lt;/font&gt; from private repo Core/secrets.yml&lt;/b&gt;&lt;/font&gt;</description>
+          <defaultValue/>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>core_vault_sunbird_google_captcha_site_key_portal</name>
+          <description>&lt;font style="color:dimgray;font-size:14px;"&gt;&lt;b&gt;Value of &lt;font style="color:DarkGreen;font-size:14px;"&gt;&lt;i&gt;core_vault_sunbird_google_captcha_site_key_portal&lt;/i&gt;&lt;/font&gt; from private repo Core/secrets.yml&lt;/b&gt;&lt;/font&gt;</description>
+          <defaultValue/>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>sunbird_azure_public_storage_account_name</name>
+          <description>&lt;font style="color:dimgray;font-size:14px;"&gt;&lt;b&gt;Value of &lt;font style="color:DarkGreen;font-size:14px;"&gt;&lt;i&gt;sunbird_azure_public_storage_account_name&lt;/i&gt;&lt;/font&gt; from private repo Core/common.yml&lt;/b&gt;&lt;/font&gt;</description>
+          <defaultValue/>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>cassandra</name>
+          <description>&lt;font style="color:dimgray;font-size:14px;"&gt;&lt;b&gt;Value of &lt;font style="color:DarkGreen;font-size:14px;"&gt;&lt;i&gt;cassandra-1&lt;/i&gt;&lt;/font&gt; IP private repo Core/hosts&lt;/b&gt;&lt;/font&gt;</description>
+          <defaultValue/>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+        <hudson.model.StringParameterDefinition>
+          <name>knowledge_platform_tag</name>
+          <description>&lt;font style="color:dimgray;font-size:14px;"&gt;&lt;b&gt;Provide the value of &lt;font style="color:DarkGreen;font-size:14px;"&gt;&lt;a href=https://github.com/project-sunbird/knowledge-platform.git&gt;https://github.com/project-sunbird/knowledge-platform.git&lt;/a&gt;&lt;/font&gt; repo tag used&lt;/b&gt;&lt;/font&gt;</description>
+          <defaultValue/>
+          <trim>false</trim>
+        </hudson.model.StringParameterDefinition>
+      </parameterDefinitions>
+    </hudson.model.ParametersDefinitionProperty>
+    <hudson.plugins.throttleconcurrents.ThrottleJobProperty plugin="throttle-concurrents@2.2">
+      <maxConcurrentPerNode>0</maxConcurrentPerNode>
+      <maxConcurrentTotal>0</maxConcurrentTotal>
+      <categories class="java.util.concurrent.CopyOnWriteArrayList"/>
+      <throttleEnabled>false</throttleEnabled>
+      <throttleOption>project</throttleOption>
+      <limitOneJobWithMatchingParams>false</limitOneJobWithMatchingParams>
+      <paramsToUseForLimit/>
+    </hudson.plugins.throttleconcurrents.ThrottleJobProperty>
+    
+  </properties>
+  <definition class="org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition" plugin="workflow-cps@2.90">
+    <scm class="hudson.plugins.git.GitSCM" plugin="git@4.7.1">
+      <configVersion>2</configVersion>
+      <userRemoteConfigs>
+        <hudson.plugins.git.UserRemoteConfig>
+          <url>https://github.com/keshavprasadms/sunbird-devops.git</url>
+        </hudson.plugins.git.UserRemoteConfig>
+      </userRemoteConfigs>
+      <branches>
+        <hudson.plugins.git.BranchSpec>
+          <name>release-3.8.0</name>
+        </hudson.plugins.git.BranchSpec>
+      </branches>
+      <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
+      <submoduleCfg class="empty-list"/>
+      <extensions/>
+    </scm>
+    <scriptPath>pipelines/ops/post-install-script/Jenkinsfile</scriptPath>
+    <lightweight>false</lightweight>
+  </definition>
+  <triggers/>
+  <disabled>false</disabled>
+</flow-definition>

pipelines/ops/post-install-script/Jenkinsfile

@@ -7,18 +7,13 @@ node() {
         String ANSI_YELLOW = "\u001B[33m"
 
         stage('checkout public repo') {
-            folder = new File("$WORKSPACE/.git")
-            if (folder.exists())
-            {
-               println "Found .git folder. Clearing it.."
-               sh'git clean -fxd'
-            }
+            cleanWs()
             checkout scm
         }
 
         ansiColor('xterm') {
             stage('deploy'){
-                "sh deploy/post-install-script.sh"
+                sh "deploy/post-install-script.sh ${params.proto} ${params.domain_name} ${params.core_vault_sunbird_api_auth_token} ${params.private_ingressgateway_ip} ${params.learningservice_ip} ${params.core_vault_sunbird_sso_client_secret} ${params.core_vault_sunbird_google_captcha_site_key_portal} ${params.sunbird_azure_public_storage_account_name} ${params.cassandra} ${params.knowledge_platform_tag}"
                 currentBuild.result = 'SUCCESS'
                 currentBuild.description = "Private: ${params.private_branch}, Public: ${params.branch_or_tag}"
             }
@@ -28,4 +23,4 @@ node() {
         currentBuild.result = 'FAILURE'
         throw err
     }
-}
\ No newline at end of file
+}

private_repo/ansible/inventory/dev/Core/common.yml

@@ -82,13 +82,6 @@ azure_plugin_storage_account_key: "{{sunbird_public_storage_account_key}}"
 plugin_container_name: "{{sunbird_content_azure_storage_container}}"
 kp_schema_base_path: "{{proto}}://{{sunbird_public_storage_account_name}}.blob.core.windows.net/{{plugin_container_name}}/schemas/local"
 
-# Keycloak related variables
-sunbird_google_android_keycloak_client_id: google-auth-android
-sunbird_android_keycloak_client_id: android
-sunbird_desktop_keycloak_client_id: desktop
-sunbird_google_desktop_keycloak_client_id: google-auth-desktop
-sunbird_trampoline_android_keycloak_client_id: trampoline-android
-sunbird_trampoline_desktop_keycloak_client_id: trampoline-desktop
 keycloak_api_management_user_email: "admin@sunbird.org"
 sunbird_installation_email: "admin@sunbird.org"
 

private_repo/ansible/inventory/dev/Core/secrets.yml

@@ -25,9 +25,13 @@ core_vault_sunbird_api_auth_token: # Take the jwt token of api-admin consumer fr
 core_vault_sunbird_sso_publickey: # Public key of keycloak sunbird realm, update this post keycloak deployment.  See below for steps
 # SSH tunnel to the keycloak VM by running ssh -L 8080:localhost:8080 deployer@Keycloak-VM-IP
 # If you cannot tunnel directly to Keycloak VM, then tunnel to Jenkins first and then tunnel to Keycloak VM from jenkins
+# 
 # Go to http://localhost:8080/auth/admin/master/console/#/realms/sunbird/clients -> lms -> service account roles -> Click on client roles drop down -> Select realm-management -> Select manage-users in Available Roles -> Click on Add selected
+# 
 # Go to http://localhost:8080/auth/admin/master/console/#/realms/sunbird/keys
 # Click on Public Key and update the variable
+#
+# Go to http://localhost:8080/auth/admin/master/console/#/realms/master/login-settings and set the Require SSL to external requests
 
 adminutil_refresh_token_public_key_kid: ""   # get after keycloak deployment, go to http://localhost:8080/auth/admin/master/console/#/realms/sunbird/keys and use the Kid of the RS256 token
 
@@ -91,17 +95,12 @@ core_vault_kibana_google_client_id:                      # You can use the same
 core_vault_kibana_google_client_secret:                  # You can use the same outh client secret that we used for portal
 
 vault_core_url_shortner_access_token: ""                 # Url shortner access token if you want to shorten urls like forgot password link etc using an external service like bit.ly
+
+### IMPORTANT! IMPORTANT! IMPORTANT! ###
+### NOTE: FOR A REAL ENVIRONMENT YOU MUST CHANGE THE BELOW VALUES TO SOMETHING VERY SECRET WHICH ONLY YOU WILL KNOW! DO NOT USE THE DEFAULTS FOR REAL ENVIRONMENTS! ###
 # ------------------------------------------------------------------------------------------------------------ #
-# Sensible defaults which you need not change - But if you would like to change, you are free to do so
-core_vault_enc_entry_password: password                              # encryption password for the enc service
-core_vault_enc_master_pass: password                                 # encryption password for the keys
-core_vault_kibana_cookie_secret: long-secret-to-calm-entropy-gods    # Cookie secret for kibana Oauth
-dp_play_http_secret_key: "long-secret-to-calm-entropy-gods"          # Random 32+ character string
-core_vault_graph_passport_key: "long-secret-to-calm-entropy-gods"    # Should be same as lp_vault_graph_passport_key from KP secrets.yml
-crypto_encryption_key: "long-secret-to-calm-entropy-gods" # any crypto key of 32 bit length, used by portal to encrypt and decrypt the userDetails for forgot password flow
-sunbird_api_auth_token_bot: "{{ core_vault_sunbird_api_auth_token }}"
+# Sensible defaults which you need not change if you are just trying Sunbird- You should change these to something unique for real environments and not use the defaults
 
-# Keycloak related vars
 core_vault_keycloak_api_management_user_password: admin
 core_vault_keystore_password: password                                                           # Password for encrypting data in cassandra
 core_vault_sunbird_sso_username: admin                                                           # Keycloak SSO username
@@ -123,9 +122,21 @@ core_vault_sunbird_keycloak_user_federation_provider_id: "8460f8f8-b6bc-11eb-852
 core_vault_proxy_prometheus_admin_creds: admin                                                   # Prometheus admin password
 core_vault_postgres_username: postgres                                                           # Postgres user name
 core_vault_grafana_editor_password: sunbird                                                      # Grafana editor user password
+
+
+# ------------------------------------------------------------------------------------------------------------ #
+# Sensible defaults which you need not change - But if you would like to change, you are free to do so
+
 core_vault_grafana_dashboards_git_repo_url_with_credentails: "https://github.com/project-sunbird/grafana-dashboards.git"
 # Changing the sessions secret value will invalidate all existing sessions.
 # In order to rotate the secret without invalidating sessions, provide an array of secrets,
 # with the new secret as first element of the array, and followed by previous secrets.
-sunbird_portal_session_secret: "long-secret-to-calm-entropy-gods"                                # Portal session secret
-nodebb_admin_password: MySecretPassword                                                          # Nodebb admin password
+sunbird_portal_session_secret: "long-secret-to-calm-entropy-gods"    # Portal session secret
+nodebb_admin_password: MySecretPassword                              # Nodebb admin password
+core_vault_enc_entry_password: password                              # encryption password for the enc service
+core_vault_enc_master_pass: password                                 # encryption password for the keys
+core_vault_kibana_cookie_secret: long-secret-to-calm-entropy-gods    # Cookie secret for kibana Oauth
+dp_play_http_secret_key: "long-secret-to-calm-entropy-gods"          # Random 32+ character string
+core_vault_graph_passport_key: "long-secret-to-calm-entropy-gods"    # Should be same as lp_vault_graph_passport_key from KP secrets.yml
+crypto_encryption_key: "long-secret-to-calm-entropy-gods" # any crypto key of 32 bit length, used by portal to encrypt and decrypt the userDetails for forgot password flow
+sunbird_api_auth_token_bot: "{{ core_vault_sunbird_api_auth_token }}"