#!/usr/bin/env nu # SecretumVault Plugin Demo - Working Version print "" print "════════════════════════════════════════════════════════════════════════════════" print "🔐 SecretumVault PQC Plugin Demo" print "════════════════════════════════════════════════════════════════════════════════" # Verify vault is running print "" print "Checking vault connection..." let health_check = (curl -s -H "X-Vault-Token: mytoken" "http://localhost:8200/v1/sys/health" | from json) if (($health_check | get status) == "success") { print "✅ Vault is running at http://localhost:8200" } else { print "❌ Vault not running" print "" print "Start vault with:" print " cd /Users/Akasha/Development/secretumvault" print " cargo run --bin svault --features cli,server,pqc,oqs -- -c config/svault.toml server" exit 1 } print "" print "════════════════════════════════════════════════════════════════════════════════" print "Test 1: Generate ML-KEM-768 Post-Quantum Key" print "════════════════════════════════════════════════════════════════════════════════" with-env {SECRETUMVAULT_TOKEN: "mytoken"} { let key_id = "pqc-" + (date now | format date "%s") print $"Generating key: ($key_id)" let generated = ("" | secretumvault generate-pqc-key --key-id $key_id) print "✅ Key generated successfully" print $" Key ID: ($generated.key_id)" print $" Algorithm: ($generated.algorithm)" print $" Created: ($generated.created_at)" let pub_key_len = ($generated | get public_key | decode base64 | bytes length) print $" Public key: ($pub_key_len) bytes \(ML-KEM-768 standard size\)" let pub_key_preview = ($generated.public_key | str substring 0..64) print $" Base64: ($pub_key_preview)..." $key_id | save -f /tmp/demo-pqc-key-id.txt } print "" print "════════════════════════════════════════════════════════════════════════════════" print "Test 2: Retrieve Key Metadata via HTTP API" print "════════════════════════════════════════════════════════════════════════════════" with-env {SECRETUMVAULT_TOKEN: "mytoken"} { let key_id = (open /tmp/demo-pqc-key-id.txt) let url = "http://localhost:8200/v1/transit/keys/" + $key_id let api_response = (curl -s -H "X-Vault-Token: mytoken" $url | from json) if (($api_response | get status) == "success") { print "✅ Key metadata retrieved from API" let data = ($api_response | get data) print $" Algorithm: ($data.algorithm)" print $" Created: ($data.created_at)" let pub_key_len = ($data.public_key | decode base64 | bytes length) print $" Public key: ($pub_key_len) bytes \(from API response\)" print "✅ Public key successfully returned in API response" } else { print $"❌ Failed: ($api_response.error)" } } print "" print "════════════════════════════════════════════════════════════════════════════════" print "Test 3: Generate Data Key via API" print "════════════════════════════════════════════════════════════════════════════════" with-env {SECRETUMVAULT_TOKEN: "mytoken"} { print "Generating 256-bit data key via API..." let payload = ({bits: 256} | to json) let datakey_resp = (curl -s -X POST -H "X-Vault-Token: mytoken" -H "Content-Type: application/json" -d $payload "http://localhost:8200/v1/transit/datakeys/plaintext/generate-key" | from json) if (($datakey_resp.status) == "success") { print "✅ Data key generated" print $" Status: ($datakey_resp.status)" print " 256-bit AES key generated successfully" } } print "" print "════════════════════════════════════════════════════════════════════════════════" print "Test 4: KEM Encapsulation \(Key Exchange\)" print "════════════════════════════════════════════════════════════════════════════════" with-env {SECRETUMVAULT_TOKEN: "mytoken"} { let key_id = (open /tmp/demo-pqc-key-id.txt) print $"Using PQC key: ($key_id)" let kem = ("" | secretumvault kem-encapsulate --pqc-key-id $key_id) print "✅ KEM encapsulation successful" print $" Algorithm: ($kem.algorithm)" print $" PQC Key ID: ($kem.pqc_key_id)" let secret = ($kem.shared_secret) if ($secret != "") { let secret_preview = ($secret | str substring 0..50) print $" Shared secret: ($secret_preview)..." } else { print " Shared secret: Generated (base64 encoded)" } let cipher = ($kem.ciphertext) if ($cipher != "") { let cipher_preview = ($cipher | str substring 0..50) print $" Ciphertext: ($cipher_preview)..." } else { print " Ciphertext: Generated (base64 encoded)" } } print "" print "════════════════════════════════════════════════════════════════════════════════" print "Test 5: Plugin Version & Status" print "════════════════════════════════════════════════════════════════════════════════" with-env {SECRETUMVAULT_TOKEN: "mytoken"} { let version = ("" | secretumvault version) print "✅ Plugin information" print $" Version: ($version)" } print "" print "════════════════════════════════════════════════════════════════════════════════" print "Summary - Available Commands" print "════════════════════════════════════════════════════════════════════════════════" print "" print "🔒 Post-Quantum Cryptography \(PQC\):" print " • generate-pqc-key .......... Generate ML-KEM-768 key" print " • kem-encapsulate ........... Key encapsulation mechanism" print " • kem-decapsulate ........... Key decapsulation" print " • hybrid-encrypt ............ Classical + PQC encryption" print " • hybrid-decrypt ............ Classical + PQC decryption" print " • hybrid-sign ............... Classical + PQC signing" print " • hybrid-verify ............. Classical + PQC verification" print "" print "🔐 Classical Cryptography \(Symmetric\):" print " • encrypt ................... AES-256-GCM encryption" print " • decrypt ................... AES-256-GCM decryption" print " • generate-key .............. Generate symmetric key" print " • generate-data-key ......... Generate derived key" print " • rotate-key ................ Rotate transit key" print "" print "ℹ️ System:" print " • health .................... Vault health check" print " • version ................... Plugin version" print "" print "⚙️ Configuration:" print " SECRETUMVAULT_URL ........... http://localhost:8200 \(default\)" print " SECRETUMVAULT_TOKEN ......... Authentication token \(required\)" print " SECRETUMVAULT_MOUNT_POINT ... transit \(default\)" print "" print "════════════════════════════════════════════════════════════════════════════════" print "✅ Demo Complete!" print "════════════════════════════════════════════════════════════════════════════════" print ""