veylant/services/pii/config.py

"""Configuration for the PII detection service.

All settings are read from environment variables with safe defaults for local dev.
"""

import base64
import os

# Redis connection
REDIS_URL: str = os.getenv("PII_REDIS_URL", "redis://localhost:6379")

# AES-256-GCM key — must be 32 bytes, base64-encoded.
# Default is a fixed dev key; MUST be overridden in production.
_DEFAULT_DEV_KEY = base64.b64encode(b"veylant-dev-key-32bytes-padding-").decode()
ENCRYPTION_KEY_B64: str = os.getenv("PII_ENCRYPTION_KEY", _DEFAULT_DEV_KEY)

# TTL for pseudonymization mappings in Redis (seconds)
DEFAULT_TTL: int = int(os.getenv("PII_TTL_SECONDS", "3600"))

# Layer 2 NER control
NER_ENABLED: bool = os.getenv("PII_NER_ENABLED", "true").lower() == "true"
NER_CONFIDENCE: float = float(os.getenv("PII_NER_CONFIDENCE", "0.85"))

# spaCy model names
SPACY_FR_MODEL: str = os.getenv("PII_SPACY_FR_MODEL", "fr_core_news_lg")
SPACY_EN_MODEL: str = os.getenv("PII_SPACY_EN_MODEL", "en_core_web_sm")

# gRPC server port
GRPC_PORT: int = int(os.getenv("PII_GRPC_PORT", "50051"))

# FastAPI / health port
HTTP_PORT: int = int(os.getenv("PII_HTTP_PORT", "8000"))