test:
  service: Disk
  root: <%= Rails.root.join("tmp/storage") %>

local:
  service: Disk
  root: <%= Rails.root.join("storage") %>

encrypted_local_disk:
  service: EncryptedDisk
  private_url_policy: stream
  root: <%= ENV["ENCRYPTED_LOCAL_DISK_ROOT"] || Rails.root.join("storage", "encrypted") %>

#prod_id_documents:
#  service: EncryptedS3
#  endpoint: "https://hel1.your-objectstorage.com"
#  access_key_id: <%#= Rails.application.credentials.dig(:hetzner, :access_key_id) %>
#  secret_access_key: <%#= Rails.application.credentials.dig(:hetzner, :secret_access_key) %>
#  region: hel1
#  bucket: hackclub-identity-docs-prod
#  private_url_policy: stream

prod_id_documents:
  service: EncryptedS3
  endpoint: <%= ENV["CLOUDFLARE_R2_ENDPOINT"] %>
  access_key_id: <%= ENV["CLOUDFLARE_R2_ACCESS_KEY_ID"] %>
  secret_access_key: <%= ENV["CLOUDFLARE_R2_SECRET_ACCESS_KEY"] %>
  bucket: hackclub-identity-docs-prod
  region: auto
  private_url_policy: stream
  request_checksum_calculation: "when_required"
  response_checksum_validation: "when_required"