Configuration

enchilada is configured via a YAML file. The path defaults to config.yaml in the working directory and can be overridden with the ENCHILADA_CONFIG environment variable.

Full example

server:
  host: 0.0.0.0
  port: 8081
  ssl_certfile: /certs/enchilada.crt   # optional; enables HTTPS
  ssl_keyfile:  /certs/enchilada.key

data:
  concept_csv:                   /data/CONCEPT.csv
  concept_relationship_csv:      null   # optional Athena CONCEPT_RELATIONSHIP.csv
  concept_extra_csv:             /data/concept_extra.tsv
  concept_relationship_extra_csv: /data/concept_relationship_extra.tsv
  vocabulary_extra_csv:          /data/vocabulary_extra.tsv
  sqlite_db:                     /db/enchilada.db

Fields

`server`

Key	Default	Description
`host`	`0.0.0.0`	Bind address
`port`	`8081`	Listen port
`ssl_certfile`	(none)	Path to TLS certificate (PEM). Required for HTTPS.
`ssl_keyfile`	(none)	Path to TLS private key (PEM). Required for HTTPS.

`data`

Key	Required	Description
`concept_csv`	Yes	Athena CONCEPT.csv (tab-delimited). Loaded once on first start; cached in SQLite.
`concept_relationship_csv`	No	Athena CONCEPT_RELATIONSHIP.csv. Set to `null` to skip.
`concept_extra_csv`	No	Supplemental concepts TSV (FHIR administrative codes). Reloaded on every start.
`concept_relationship_extra_csv`	No	Supplemental `Maps to` relationships TSV. Reloaded on every start.
`vocabulary_extra_csv`	No	Supplemental vocabulary definitions TSV. Reloaded on every start.
`sqlite_db`	Yes	Path to the SQLite database file. Created on first run.

Supplemental files

The three *_extra files are generated by mine_concept_maps.py in the matchbox_scripts repository. They map FHIR administrative codes (gender, allergy category, encounter class, CVX vaccine codes, …) to OMOP concept IDs.

All local (supplemental) concepts are assigned IDs > 2,000,000,000 per the OMOP rule for custom concepts, and are linked to standard Athena concepts via Maps to relationships in concept_relationship_extra.tsv.

TLS / HTTPS

matchbox's HAPI OkHttp client enforces TLS even for http:// URLs. To run enchilada as the matchbox txServer, you must enable HTTPS:

# generate a self-signed cert (valid 10 years, SAN for Docker networking)
openssl req -x509 -newkey rsa:4096 -days 3650 -nodes \
  -keyout enchilada.key -out enchilada.crt \
  -subj "/CN=enchilada" \
  -addext "subjectAltName=DNS:enchilada,DNS:localhost,IP:127.0.0.1"

# import into a Java truststore for matchbox
keytool -importcert -noprompt -alias enchilada \
  -file enchilada.crt \
  -keystore enchilada.jks \
  -storepass changeit

Mount enchilada.jks into the matchbox container and add to the JVM:

JAVA_TOOL_OPTIONS=-Djavax.net.ssl.trustStore=/certs/enchilada.jks
                  -Djavax.net.ssl.trustStorePassword=changeit