## Requirements

To operate One-Shot Optimizer you need:

- **Billing credentials** for the selected environment (sandbox or production)
- **Credentials or a token** for an authorized operator (RAO) that will approve certificate requests
- **Certificate (`.cer`) and key (`.key`) files** for connection to Uanataca signature services in the selected environment
- The **Registration Authority (RA) id** that will issue the certificates (assigned by Uanataca for sandbox; configured for production)


These steps apply to both sandbox and production.

## Certificate and key files

You should have received a certificate (`.cer`) and a key (`.key`) file to identify your application when communicating with Uanataca signature services. Place both files in the Optimizer certificates folder:

**Path:** `/opt/optimizer_docker/optimizer_data/certs/<sandbox|prod>/`

Use the `sandbox` or `prod` subfolder according to your environment.

## settings.toml

The **settings.toml** file contains optimizer setting variables. Values here are used as defaults when not sent in the API call. Some settings are shared with the API; others apply only to background configuration.

Example structure:


```toml
[general]
environment = "sandbox"
usepdfclean = false
timezone = "UTC"

[tsa]
url = "https://tsa.uanataca.com/tsa/tss03"

[billing]
username = ""
password = ""
```

| Variable | Section | Description |
|  --- | --- | --- |
| `environment` | general | Work environment (e.g. `sandbox`). Default if not sent in the API. |
| `usepdfclean` | general | PDF clean/processing option. |
| `timezone` | general | Timezone for the Optimizer (e.g. `UTC`). |
| `url` | tsa | Timestamping service URL for signatures. |
| `username` | billing | Billing username. Often overridden by API. |
| `password` | billing | Billing password (e.g. base64). Often overridden by API. |


Except for the TSA `url`, the parameters above are often overridden by the values sent in the API. After editing `settings.toml`, restart the One-Shot Optimizer for changes to take effect:


```bash
cd /opt/optimizer_docker
docker-compose restart
```

## Redis connection

By default, the Optimizer connects to Redis using the hostname **`redis`** and the default Redis port, which is correct when both run in the same Docker Compose network. Redis is used only for non-sensitive operational cache; it does **not** store sensitive information, document data, or the document itself. If you need to use a different Redis host or port (e.g. an external Redis instance), you must set the corresponding options in the Optimizer configuration. These Redis-related settings will be documented in this section and in **settings.toml** when they are available in a future release.

Until then, the standard deployment (Optimizer + Redis in the same `docker-compose.yml`) does not require any Redis configuration.

## Related documentation

- [Configuration overview](/products/namirialpkiaas/one-shot/enterprise-documentation/administrator-guides/configuration/overview)
- [Docker installation](/products/namirialpkiaas/one-shot/enterprise-documentation/administrator-guides/installation/docker)
- [Get started](/products/namirialpkiaas/one-shot/enterprise-documentation/get-started/get-started) — Prerequisites and sandbox