This repository contains scripts and config files for deploying OpenFisca on a server.
No secret must be committed to this repository.
If you want to make use of the OpenFisca Web API without handling its installation, for example if you are building a client application, the easiest is to set up a virtual machine.
See the dedicated page.
See the dedicated page.
Access to shared services (OVH, PyPI, Mastodon…) must be done through individual accounts, to which management is delegated.
However, some systems do not support delegation, or it can sometimes be helpful to get administrator access to master accounts.
A database containing all passwords for OpenFisca services is maintained by the Association. It is accessible to members of the Board, who can delegate access to third parties for a specific mission. Every access delegation is listed in the minutes of the Board decisions.
The underlying intention is to reduce the risk of loss of control over password-protected components and to provide, in the long-term, a standard access to OpenFisca’s services and accounts. This is in order to improve delivery, fail safety and resilience.
If you believe you need administrator access to an OpenFisca service to fulfil a mission, open a pull request on this repository to add yourself in the access ledger below. Explain in the description which services you need access to, and why you need it. The admin team will review your request and get back to you.
If you have been granted permission to access the passwords database:
- Download the passwords database on
cloud.openfisca.org. - Install KeePassXC.
- Obtain the password and key from the Board.
Do not transmit key and password through the same channel. Password must be communicated orally, and key should be transmitted either by physical transfer (USB key, etc.) or electronically, in which case you’ll have to encrypt it before sending.
Historically a password database was provided in this repository, but this is now deprecated. This legacy system is still reachable thanks to Git history, but all systems it gives access to have been disabled or retired.