jesus/TypeDialog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
TypeDialog/examples/08-encryption/nickel-secrets.ncl
Jesús Pérez aca491ba42
feat(encryption): integrate external encryption services with Nickel contracts 
ADDED:
- encryption_bridge.rs: Service integration layer
- encryption_contract_parser.rs: Nickel contract parsing
- encryption_integration.rs: Integration tests (+442 lines)
- docs/ENCRYPTION-*.md: Quick start, setup, architecture
- examples/08-encryption: Usage examples
- scripts/encryption-test-setup.sh: Provisioning

MODIFIED:
- helpers.rs: +570 lines utility functions
- nickel/: Enhanced contract parsing & serialization
- form_parser.rs: Constraint interpolation improvements
- config/mod.rs: New configuration (+24 lines)
- typedialog/src/main.rs: CLI updates (+83 lines)
- Cargo.toml: encryption_bridge dependency
- Cargo.lock, SBOMs: Updated

AFFECTED BACKENDS: cli, tui, web (core-level changes)
2025-12-22 10:40:01 +00:00

62 lines
2.3 KiB
Plaintext
Raw Blame History

# Nickel Schema with Encryption Annotations
#
# This demonstrates how to define encryption in Nickel schemas
# The `Sensitive` contract annotation specifies encryption backend and key path
#
# Usage:
# 1. Convert Nickel schema to TOML form:
# nickel query nickel-secrets.ncl inputs | typedialog parse-nickel
#
# 2. The resulting TOML form will have encryption_backend and encryption_config
#
# 3. Execute the form:
# typedialog form output.toml --encrypt --backend age --key-file ~/.age/key.txt
#
# Non-sensitive user information
{
username | String = "",
email | String = "",
# =====================================================================
# Age Backend (Local X25519 encryption)
# =====================================================================
password | Sensitive Backend="age" Key="~/.age/key.txt" = "",
ssh_private_key | Sensitive Backend="age" = "",
# =====================================================================
# SOPS Backend (Multi-KMS support via .sops.yaml)
# Uses .sops.yaml for KMS configuration (AWS/GCP/Azure)
# =====================================================================
database_password | Sensitive Backend="sops" = "",
vault_token | Sensitive Backend="sops" = "",
# =====================================================================
# SecretumVault (Post-quantum cryptography ready)
# =====================================================================
api_key | Sensitive Backend="secretumvault" Vault="https://vault:8200" Key="app-key" = "",
encryption_key | Sensitive Backend="secretumvault" = "",
# =====================================================================
# AWS KMS (Direct integration)
# =====================================================================
aws_secret | Sensitive Backend="awskms" Region="us-east-1" KeyId="arn:aws:kms:..." = "",
# Sensitive fields without explicit backend
# Will use CLI --backend flag or global default (Age)
backup_key | Sensitive = "",
# Nested structure with mixed backends
server | {
host | String = "localhost",
port | Number = 8080,
# Age backend
admin_token | Sensitive Backend="age" = "",
# SOPS backend
db_password | Sensitive Backend="sops" = "",
} = {},
# Optional sensitive field (Age)
ssh_public_key | String? = null,
}
Reference in New Issue View Git Blame Copy Permalink