Application Settings 

These settings control the behaviour of the application in addition to the default Django settings. Depending on whether you’re running the dev or prod configuration, settings can be changed in the .dev.env or .prod.env file, respectively. This file is referred to as .env below.

Security 

SECRET_KEY 

Django’s secret key for cryptographic signing

Default

Type

Development key only

string

The SECRET_KEY is a critical security setting used by Django for cryptographic signing, including:

Session security and CSRF protection

Password reset tokens and user authentication

Secure cookies and form validation

Digital signatures for sensitive data

In development, a default key is provided for convenience, but you must set a strong, unique SECRET_KEY for production deployments. The application will fail to start in production without this setting.

.env Example:
# file: .prod.env
SECRET_KEY=your-very-long-random-secret-key-with-letters-numbers-and-symbols
Generating a Strong Secret Key:

You can generate a secure SECRET_KEY using Python:
python -c "import secrets; print(secrets.token_urlsafe(50))"

Application Features 

SIGN_UP_ENABLED 

Choose whether new users can sign up

Default

Type

True

bool

You may want to create users manually to tightly control who has access to the application. In this case, you will want to disable signing up so that no new users can be created without an admin creating them.

.env Example:
#file: .env
SIGN_UP_ENABLED=false

FILE_UPLOAD_ENABLED 

Choose whether to allow file uploads

Default

Type

True

bool

Sets whether file uploads are allowed. If they are not allowed (disabled), then only metadata is submitted to the application.

.env Example:
#file: .env
FILE_UPLOAD_ENABLED=false

USE_DATE_WIDGETS 

Use JavaScript date widgets

Default

Type

True

bool

If set to True, a date picker widget is used for date fields. If set to False, input text fields with an input mask are used instead.

.env Example:
#file: .env
USE_DATE_WIDGETS=false

Services 

These settings control connections to services external to the Django application. This include:

ClamAV for virus checking
MySQL Database
Redis task broker

CLAMAV_ENABLED 

Whether ClamAV malware checking is enabled

Default

Type

True

bool

Enables/disables whether ClamAV malware checking is enabled.

If the FILE_UPLOAD_ENABLED setting is disabled, this option has no effect.

.env Example:
#file: .env
CLAMAV_ENABLED=True

CLAMAV_HOST 

The name of the host ClamAV is running on

Default

Type

clamav

string

Chooses the host where ClamAV is running. If CLAMAV_ENABLED is FALSE, this setting does not have any effect.

.env Example:
#file: .env
CLAMAV_HOST=clamav

CLAMAV_PORT 

The port ClamAV is running on

Default

Type

3310

int

Chooses the port where ClamAV is accessible on the CLAMAV_HOST. If CLAMAV_ENABLED is FALSE, this setting does not have any effect.

.env Example:
#file: .env
CLAMAV_PORT=3310

REDIS_HOST 

The name of the host Redis is running on

Default

Type

redis

string

Chooses the host where Redis is running. Redis is used in tandem with RQ to store ephemeral info about asynchronous jobs.

.env Example:
#file: .env
REDIS_HOST=my-redis

REDIS_PORT 

The port Redis is running on

Default

Type

6379

int

Chooses the port where Redis is accessible on the REDIS_HOST.

.env Example:
#file: .env
REDIS_PORT=6379

REDIS_PASSWORD 

The password required to connect to Redis

Default

Type

“”

string

By default, Redis does not require a password. If you would prefer to set one up, you can, and then use this setting to control the password. The default empty value is fine if you are using the application’s default Redis configuration.

.env Example:
#file: .env
REDIS_PASSWORD=a-strong-password-here

File Upload Controls 

These settings have no effect if FILE_UPLOAD_ENABLED is False.

ACCEPTED_FILE_FORMATS 

Choose what files (by extension) can be uploaded

Default

Type

See below

string (special syntax)

Accepted files are grouped by type of file. The default accepted file extensions are:

Archive

zip

Audio

mp3

wav

flac

Document

docx

odt

pdf

txt

html

Image

jpg

jpeg

png

gif

Spreadsheet

xlsx

csv

Video

mkv

mp4

This setting has a special structured syntax, that looks like:
File Group Name:ext,ext,ext|Other Group Name:ext,ext
File extensions are grouped by name. File groups are split by the pipe | character, and file extensions are split by comma.

The file extensions are used to determine what a user is allowed to upload. The group name is used to create a human-readable extent statement about the quantity and type of files the user uploaded.

If the FILE_UPLOAD_ENABLED setting is disabled, this option has no effect.

Here are some examples based on what you might want to accept (note that you can only specify the ACCEPTED_FILE_FORMATS variable once):
#file: .env

# Only PDFs
ACCEPTED_FILE_FORMATS="PDF:pdf"

# Audio or Video
ACCEPTED_FILE_FORMATS="Audio:mp3,wav|Video:mkv,mp4"

# Excel spreadsheets
ACCEPTED_FILE_FORMATS="Excel Workbook:xlsx|Excel Macro Workbook:xlsm|Excel 1997-2003 Workbook:xls"

# Images and documents
ACCEPTED_FILE_FORMATS="PDF:pdf,docx,txt|Image:jpeg,jpg,png,gif,tif,tiff"

MAX_SINGLE_UPLOAD_SIZE_MB 

Choose the maximum size (in MB) an uploaded file is allowed to be

Default

Type

64

int

Sets the maximum allowed size a single file can be when uploaded with the transfer form. The size is expressed in MB, not MiB.

If the FILE_UPLOAD_ENABLED setting is disabled, this option has no effect.

.env Example:
#file: .env
MAX_SINGLE_UPLOAD_SIZE_MB=512

MAX_TOTAL_UPLOAD_SIZE_MB 

Choose the maximum total size (in MB) of a file transfer

Default

Type

256

int

Sets the maximum allowed total size of all files being transferred at one time. The size is expressed in MB, not MiB.

If the FILE_UPLOAD_ENABLED setting is disabled, this option has no effect.

.env Example:
#file: .env
MAX_TOTAL_UPLOAD_SIZE_MB=1024

MAX_TOTAL_UPLOAD_COUNT 

Choose the maximum number of files can be transferred

Default

Type

40

int

Sets the maximum number of files that can be transferred at one time with the transfer form.

If the FILE_UPLOAD_ENABLED setting is disabled, this option has no effect.

.env Example:
#file: .env
MAX_TOTAL_UPLOAD_COUNT=10

Upload Session Controls 

These settings have no effect if FILE_UPLOAD_ENABLED is False.

UPLOAD_SESSION_EXPIRE_AFTER_INACTIVE_MINUTES 

Number of minutes of inactivity after which an upload session expires

Default

Type

1440

int

Sets the number of minutes of inactivity after which an upload session expires. Defaults to 1440 minutes (24 hours). This feature can be deactivated by setting the value to -1.

.env Example:
#file: .env
UPLOAD_SESSION_EXPIRE_AFTER_INACTIVE_MINUTES=1440

UPLOAD_SESSION_EXPIRING_REMINDER_MINUTES 

Number of minutes before upload session expiration when a reminder should be sent

Default

Type

480

int

Sets the number of minutes before upload session expiration when a reminder should be sent. Defaults to 480 minutes (8 hours). This feature can be deactivated by setting the value to -1. If UPLOAD_SESSION_EXPIRE_AFTER_INACTIVE_MINUTES is set to -1, this feature will be deactivated.

.env Example:
#file: .env
UPLOAD_SESSION_EXPIRING_REMINDER_MINUTES=480

UPLOAD_SESSION_EXPIRED_CLEANUP_SCHEDULE 

Cron schedule expression for cleaning up expired upload sessions

Default

Type

“0 2 * * *”

string

Sets the cron schedule expression for cleaning up expired upload sessions. Defaults to “0 2 * * *” (runs at 2 AM daily).

See the crontab manual page for a guide on the syntax.

This feature can be deactivated by setting the value to an empty string (“”). If UPLOAD_SESSION_EXPIRE_AFTER_INACTIVE_MINUTES is set to -1, this feature will be deactivated.

.env Example:
#file: .env
UPLOAD_SESSION_EXPIRED_CLEANUP_SCHEDULE="0 2 * * *"

In-Progress Submission Controls 

IN_PROGRESS_SUBMISSION_EXPIRING_EMAIL_SCHEDULE 

Cron schedule expression for sending reminder emails for in-progress submissions with expiring upload sessions

Default

Type

“0 * * * *”

string

Sets the cron schedule expression for sending reminder emails for in-progress submissions with expiring upload sessions. Defaults to “0 * * * *” (runs every hour at minute zero).

See the crontab manual page for a guide on the syntax.

This feature can be deactivated by setting the value to an empty string (“”). If UPLOAD_SESSION_EXPIRE_AFTER_INACTIVE_MINUTES is set to -1, this feature will be deactivated.

.env Example:
#file: .env
IN_PROGRESS_SUBMISSION_EXPIRING_EMAIL_SCHEDULE="0 * * * *"

Storage Locations 

UPLOAD_STORAGE_FOLDER 

Choose storage location for uploaded files

Default in Dev

Default in Prod

Type

/opt/secure-record-transfer/app/media/uploaded_files/

/opt/secure-record-transfer/app/media/uploaded_files/

string

The files users upload will be copied here after being uploaded with either of the Django file upload handlers. Uploaded files will first be uploaded in memory or to a temporary file before being moved to the UPLOAD_STORAGE_FOLDER.

.env Example:
#file: .env
UPLOAD_STORAGE_FOLDER=/path/to/upload/folder

Checksums 

BAG_CHECKSUMS 

Choose the checksum algorithms used to create BagIt manifests

Default

Type

sha512

string (comma-separated)

When BagIt is run, the selected algorithm(s) are used to generate manifests for the files as well as the tag files in the Bag. Multiple algorithms can be used, separated by commas. Avoid setting these algorithms directly in settings.py, as there is some pre-processing of the selected algorithms needed to make sure they’re formatted correctly.

.env Example:
#file: .env
BAG_CHECKSUMS=sha1,blake2b,md5

Data Formatting and Defaults 

The following variables control how metadata is formatted, as well as defines default values to use when generating CAAIS metadata a value is not specified in the form. By leaving default values empty, they are not used.

APPROXIMATE_DATE_FORMAT 

Choose estimated date format

Default

Type

'[ca. {date}]'

string

A format string for the date to indicate an approximate date. The string variable {date} must be present for the date format to be used.

.env Example:
#file: .env
APPROXIMATE_DATE_FORMAT='Circa. {date}'

CAAIS_UNKNOWN_DATE_TEXT 

Change the “Unknown date” text

Default

Type

Unknown date

string

A string to use in the CAAIS metadata when a user indicates that a date is not known.

.env Example:
#file: .env
CAAIS_UNKNOWN_DATE_TEXT='Not known'

CAAIS_UNKNOWN_START_DATE 

Change the unknown start date

Default

Type

1800-01-01

string

A yyyy-mm-dd formatted date that is used for the start of a date range when an unknown date is encountered when parsing a date for CAAIS.

.env Example:
#file: .env
CAAIS_UNKNOWN_START_DATE='1900-01-01'

CAAIS_UNKNOWN_END_DATE 

Change the unknown end date

Default

Type

2010-01-01

string

A yyyy-mm-dd formatted date that is used for the end of a date range when an unknown date is encountered when parsing a date for CAAIS.

.env Example:
#file: .env
CAAIS_UNKNOWN_END_DATE='1999-12-31'

CAAIS_DEFAULT_UPDATE_TYPE 

Default creation or revision type for metadata updates

Default

Type

Update

string

When metadata records are updated through the Django admin interface, a DateOfCreationOrRevision entry is automatically created to track changes. This setting controls the name of the creation/revision type used for these updates.

.env Example:
#file: .env
CAAIS_DEFAULT_UPDATE_TYPE='Record Updated'

Testing 

SELENIUM_TESTS_HEADLESS_MODE 

Controls whether Selenium tests run in headless mode

Default

Type

False

boolean

When set to True, Selenium tests will run in headless mode (without a visible browser window). This is useful for CI/CD environments or when running tests in the background. When False, browser windows will be visible during test execution.
# file .env
SELENIUM_TESTS_HEADLESS_MODE=True