Skip to content
roche-data platform

Project Settings & Links

Central reference for all project URLs, system endpoints, and configuration settings. Nothing secret is listed here — credentials and tokens are managed through Vault.

Project

Section titled “Project”
SettingValue
Repositoryroche-private/model-dp-rdt
Project boardKanban view
Documentation sitemodel-docs.ghpages.roche.com
Docs deploymentroche-innersource/model-docs → Cloudflare Pages
GitHub teammodel-tech-a
AD group (CIDM)GLOAZUGH_MODEL
Pilot domainGlobal Sites Network
SRA IDRI0037153

Vault

Section titled “Vault”

All runtime configuration (URLs, credentials, account IDs) is loaded from HashiCorp Vault before running any CLI command.

SettingValueEnv var
Vault addresshttps://vault.service.roche.comVAULT_ADDR
Vault namespacerdt-model-prdVAULT_NAMESPACE
Secret path (dev)secret/dev/ci
Secret path (test)secret/test/ci
Secret path (prod)secret/prod/ci
Auth methodOIDC + AppRole
Service usersRXPMODE1, RXPMODE2

Load Vault secrets into your shell before running CLI commands:

Terminal window
source scripts/vault-env.sh dev   # or test, prod

External system endpoints

Section titled “External system endpoints”

All URLs below are loaded from Vault at runtime. The env var column shows what to set for local overrides.

Source systems

Section titled “Source systems”
SystemPurposeEnv varConfig key
RTiSCanonical data model, ontologies, terminologiesRTIS_BASE_URLrtis.base_url
GUPRIPersistent identifier registrationGUPRI_BASE_URLgupri.base_url
CollibraData governance, stewardship, classificationCOLLIBRA_BASE_URLcollibra.base_url
MRHubMaster data for G2 validity checksMRHUB_BASE_URLmrhub.base_url
Aurora PostgreSQLUpstream table profilingAURORA_HOSTaurora.host

Target systems

Section titled “Target systems”
SystemPurposeEnv varConfig key
SnowflakeData warehouse (Bronze/Silver/Gold/Semantic)SNOWFLAKE_URLsnowflake.url
SolaceEnterprise event busSOLACE_BROKER_URLsolace.broker_url
Solace topicSOLACE_TOPICsolace.topic
Client certificate (PEM)SOLACE_CLIENT_CERTsolace.client_cert
Client private key (PEM)SOLACE_CLIENT_KEYsolace.client_key
SinequaEnterprise searchSINEQUA_BASE_URLsinequa.base_url
MulesoftAPI management (Anypoint)MULESOFT_BASE_URLmulesoft.base_url
ServiceNowChange management (CIDM)SERVICENOW_BASE_URLservicenow.base_url
LeanIXEnterprise architecture catalog (stretch)LEANIX_BASE_URLleanix.base_url
Data MarketplaceData product registry (stretch)DATA_MARKETPLACE_BASE_URLdata_marketplace.base_url

Infrastructure

Section titled “Infrastructure”
SystemPurposeEnv varConfig key
CaaS (Rancher)Kubernetes hosting for OPA instancesCAAS_NAMESPACEcaas.namespace
ArtifactoryCargo crate registry

Snowflake

Section titled “Snowflake”
SettingEnv varConfig key
AccountSNOWFLAKE_ACCOUNTsnowflake.account
WarehouseSNOWFLAKE_WAREHOUSEsnowflake.warehouse
DatabaseSNOWFLAKE_DATABASEsnowflake.database
Schema prefixSNOWFLAKE_SCHEMA_PREFIXsnowflake.schema_prefix
RoleSNOWFLAKE_ROLEsnowflake.role
UserSNOWFLAKE_USERsnowflake.user
Auth methodSNOWFLAKE_AUTH_METHODsnowflake.auth_method
OAuth token URLSNOWFLAKE_OAUTH_TOKEN_URLsnowflake.oauth_token_url
OAuth scopeSNOWFLAKE_OAUTH_SCOPEsnowflake.oauth_scope

Schema naming per environment

Section titled “Schema naming per environment”
EnvironmentBronzeSilverGoldSemantic
DevDEV_BRONZEDEV_SILVERDEV_GOLDDEV_SEMANTIC
TestTEST_BRONZETEST_SILVERTEST_GOLDTEST_SEMANTIC
ProdPROD_BRONZEPROD_SILVERPROD_GOLDPROD_SEMANTIC

Authentication

Section titled “Authentication”
ContextMethodUser
CI/CD pipelinesRSA key-pairS1DEINGI
Local developmentExternal Browser SSOSTREITS (personal)

PAT (Personal Access Token) is not approved at Roche for Snowflake.

RTiS entity identifiers

Section titled “RTiS entity identifiers”

Static ontology IDs configured in roche-data.toml. These change only when the RTiS model changes.

EntityClass IDTerminology ID
organization-siteROX38275200443992329ROX38218176443982250
waste-trackingTBD (pending RTiS class request)TBD

Config resolution order

Section titled “Config resolution order”
roche-data.toml (base) → [environments.{target}] overrides → env var overrides

Every rdt-model-* command requires --target dev|test|prod (or RDT_TARGET env var). There is no default.

Collibra

Section titled “Collibra”
SettingEnv varConfig key
Base URLCOLLIBRA_BASE_URLcollibra.base_url
Client IDMULESOFT_MODEL_CLIENT_IDcollibra.client_id
Client secretMULESOFT_MODEL_CLIENT_SECRETcollibra.client_secret
Bridge keyX-META-BRIDGE-KEYcollibra.bridge_key

Project-level env vars

Section titled “Project-level env vars”
Env varPurpose
RDT_TARGETTarget environment (dev, test, prod) — set in shell profile
RDT_PROJECT_NAMEProject name override
RDT_DOMAINBusiness domain override
RDT_REPORepository identifier override
RDT_BOARDProject board URL override
RDT_SRA_IDSecurity Risk Assessment ID
RDT_SRA_STATUSSRA approval status
GITHUB_ORGGitHub organization
GITHUB_REPOGitHub repository name
GITHUB_BOARD_URLProject board URL
RUST_LOGOverride tracing verbosity (e.g. debug, rdt_model_pull=trace)

Platform access tracker

Section titled “Platform access tracker”

Access request status for each external system. See the platforms/ directory for details.

PlatformAccess taskIssueStatus
RTiSA01#15Blocked — awaiting service account
GUPRIA02#16Blocked — awaiting service account
SnowflakeA05, A06#23Not started
MRHubA03, A04#24Not started
CollibraA07, A08#25Not started
MulesoftA09#26Not started
ServiceNowA12#27Not started
CaaSA13#28Not started
VaultA16#70Not started
LeanIXA14#29Not started (stretch)
Data MarketplaceA15#30Not started (stretch)
Aurora PostgreSQLA18Not started
Snowflake WAM OAuthA19Not started