{
  name = "multi_backend_config",
  description = "Configuration with multiple encryption backends for different environments",
  display_mode = "complete",
  elements = [
    # Application Configuration (Non-sensitive)
    { type = "text", name = "app_name", prompt = "Application name", required = true, sensitive = false },
    { type = "select", name = "environment", prompt = "Environment", required = true, sensitive = false, options = [
        { value = "development", label = "development" },
        { value = "staging", label = "staging" },
        { value = "production", label = "production" },
      ]
    },
    { type = "select", name = "log_level", prompt = "Log level", required = false, sensitive = false, options = [
        { value = "debug", label = "debug" },
        { value = "info", label = "info" },
        { value = "warn", label = "warn" },
        { value = "error", label = "error" },
      ]
    },

    # Database Configuration
    { type = "text", name = "db_host", prompt = "Database hostname", required = true, sensitive = false },
    { type = "text", name = "db_port", prompt = "Database port", required = false, default = "5432", sensitive = false },
    { type = "text", name = "db_username", prompt = "Database username", required = true, sensitive = false },
    { type = "password", name = "db_password", prompt = "Database password (encrypted with SOPS)", required = true, sensitive = true, encryption_backend = "sops" },

    # API Keys and Tokens
    { type = "text", name = "api_key", prompt = "API Key (encrypted with Age)", required = false, sensitive = true, encryption_backend = "age" },
    { type = "password", name = "api_secret", prompt = "API Secret (encrypted with Age)", required = false, sensitive = true, encryption_backend = "age" },

    # Enterprise/Production Secrets
    { type = "password", name = "master_key", prompt = "Master encryption key (AWS KMS protected)", required = false, sensitive = true, encryption_backend = "awskms", encryption_config = { key_id = "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012", region = "us-east-1" } },
    { type = "password", name = "root_token", prompt = "Root access token (AWS KMS protected)", required = false, sensitive = true, encryption_backend = "awskms", encryption_config = { key_id = "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012", region = "us-east-1" } },

    # Certificate and Key Material
    { type = "editor", name = "tls_cert", prompt = "TLS Certificate (SecretumVault with PQC)", required = false, sensitive = true, encryption_backend = "secretumvault" },
    { type = "editor", name = "tls_key", prompt = "TLS Private Key (SecretumVault with PQC)", required = false, sensitive = true, encryption_backend = "secretumvault" },
  ],
}