jesus/TypeDialog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
TypeDialog/examples/08-encryption/sops-example.ncl
Jesús Pérez aca491ba42
feat(encryption): integrate external encryption services with Nickel contracts 
ADDED:
- encryption_bridge.rs: Service integration layer
- encryption_contract_parser.rs: Nickel contract parsing
- encryption_integration.rs: Integration tests (+442 lines)
- docs/ENCRYPTION-*.md: Quick start, setup, architecture
- examples/08-encryption: Usage examples
- scripts/encryption-test-setup.sh: Provisioning

MODIFIED:
- helpers.rs: +570 lines utility functions
- nickel/: Enhanced contract parsing & serialization
- form_parser.rs: Constraint interpolation improvements
- config/mod.rs: New configuration (+24 lines)
- typedialog/src/main.rs: CLI updates (+83 lines)
- Cargo.toml: encryption_bridge dependency
- Cargo.lock, SBOMs: Updated

AFFECTED BACKENDS: cli, tui, web (core-level changes)
2025-12-22 10:40:01 +00:00

78 lines
2.5 KiB
Plaintext
Raw Blame History

# Nickel Schema with SOPS Backend Focus
#
# This demonstrates encryption in Nickel using SOPS (Mozilla SOPS)
# which supports multiple KMS providers via .sops.yaml configuration.
#
# SOPS Benefits:
# - Team collaboration with key management
# - Git-friendly (diffs show plaintext)
# - Multi-KMS support (AWS, GCP, Azure)
# - File-based encryption (YAML, JSON, TOML)
#
# Usage:
# 1. Create .sops.yaml configuration:
# cat > .sops.yaml << 'EOF'
# creation_rules:
# - path_regex: .*
# kms: arn:aws:kms:us-east-1:ACCOUNT:key/KEY_ID
# EOF
#
# 2. Convert to form and encrypt:
# nickel query sops-example.ncl inputs > sops-form.toml
# export AWS_REGION=us-east-1
# typedialog form sops-form.toml --encrypt --backend sops --format json
#
{
# ===================================================================
# Application Metadata (plaintext)
# ===================================================================
app_name | String = "",
app_version | String = "",
# ===================================================================
# SOPS Encrypted Fields
# All these fields use SOPS backend (AWS KMS via .sops.yaml)
# ===================================================================
# Database credentials
db_password | Sensitive Backend="sops" = "",
db_connection_string | Sensitive Backend="sops" = "",
# API credentials (multiple services)
stripe_api_key | Sensitive Backend="sops" = "",
slack_bot_token | Sensitive Backend="sops" = "",
github_token | Sensitive Backend="sops" = "",
# Infrastructure secrets
registry_password | Sensitive Backend="sops" = "",
container_registry_url | Sensitive Backend="sops" = "",
# Vault and secrets management
vault_addr | String = "https://vault.internal:8200",
vault_token | Sensitive Backend="sops" = "",
vault_namespace | String = "",
# TLS/SSL
tls_cert_path | String = "",
tls_key | Sensitive Backend="sops" = "",
# SSH and authentication
ssh_private_key | Sensitive Backend="sops" = "",
ssh_known_hosts | Sensitive Backend="sops" = "",
# Cloud provider credentials
aws_access_key | Sensitive Backend="sops" = "",
aws_secret_key | Sensitive Backend="sops" = "",
gcp_service_account | Sensitive Backend="sops" = "",
# Application secrets
jwt_secret | Sensitive Backend="sops" = "",
session_secret | Sensitive Backend="sops" = "",
encryption_key | Sensitive Backend="sops" = "",
# Optional fields
feature_flags | String? = null,
custom_config | String? = null,
}
Reference in New Issue View Git Blame Copy Permalink