nushell-plugins/nu_plugin_secretumvault/examples/demo.nu

#!/usr/bin/env nu

# SecretumVault Plugin Demo - Working Version

print ""
print "════════════════════════════════════════════════════════════════════════════════"
print "🔐 SecretumVault PQC Plugin Demo"
print "════════════════════════════════════════════════════════════════════════════════"

# Verify vault is running
print ""
print "Checking vault connection..."

let health_check = (curl -s -H "X-Vault-Token: mytoken" "http://localhost:8200/v1/sys/health" | from json)

if (($health_check | get status) == "success") {
    print "✅ Vault is running at http://localhost:8200"
} else {
    print "❌ Vault not running"
    print ""
    print "Start vault with:"
    print "  cd /Users/Akasha/Development/secretumvault"
    print "  cargo run --bin svault --features cli,server,pqc,oqs -- -c config/svault.toml server"
    exit 1
}

print ""
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 1: Generate ML-KEM-768 Post-Quantum Key"
print "════════════════════════════════════════════════════════════════════════════════"

with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
    let key_id = "pqc-" + (date now | format date "%s")
    print $"Generating key: ($key_id)"

    let generated = ("" | secretumvault generate-pqc-key --key-id $key_id)

    print "✅ Key generated successfully"
    print $"  Key ID:       ($generated.key_id)"
    print $"  Algorithm:    ($generated.algorithm)"
    print $"  Created:      ($generated.created_at)"

    let pub_key_len = ($generated | get public_key | decode base64 | bytes length)
    print $"  Public key:   ($pub_key_len) bytes \(ML-KEM-768 standard size\)"
    let pub_key_preview = ($generated.public_key | str substring 0..64)
    print $"  Base64:       ($pub_key_preview)..."

    $key_id | save -f /tmp/demo-pqc-key-id.txt
}

print ""
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 2: Retrieve Key Metadata via HTTP API"
print "════════════════════════════════════════════════════════════════════════════════"

with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
    let key_id = (open /tmp/demo-pqc-key-id.txt)
    let url = "http://localhost:8200/v1/transit/keys/" + $key_id

    let api_response = (curl -s -H "X-Vault-Token: mytoken" $url | from json)

    if (($api_response | get status) == "success") {
        print "✅ Key metadata retrieved from API"
        let data = ($api_response | get data)
        print $"  Algorithm:  ($data.algorithm)"
        print $"  Created:    ($data.created_at)"

        let pub_key_len = ($data.public_key | decode base64 | bytes length)
        print $"  Public key: ($pub_key_len) bytes \(from API response\)"
        print "✅ Public key successfully returned in API response"
    } else {
        print $"❌ Failed: ($api_response.error)"
    }
}

print ""
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 3: Generate Data Key via API"
print "════════════════════════════════════════════════════════════════════════════════"

with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
    print "Generating 256-bit data key via API..."
    let payload = ({bits: 256} | to json)
    let datakey_resp = (curl -s -X POST -H "X-Vault-Token: mytoken" -H "Content-Type: application/json" -d $payload "http://localhost:8200/v1/transit/datakeys/plaintext/generate-key" | from json)

    if (($datakey_resp.status) == "success") {
        print "✅ Data key generated"
        print $"  Status: ($datakey_resp.status)"
        print "  256-bit AES key generated successfully"
    }
}

print ""
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 4: KEM Encapsulation \(Key Exchange\)"
print "════════════════════════════════════════════════════════════════════════════════"

with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
    let key_id = (open /tmp/demo-pqc-key-id.txt)
    print $"Using PQC key: ($key_id)"

    let kem = ("" | secretumvault kem-encapsulate --pqc-key-id $key_id)

    print "✅ KEM encapsulation successful"
    print $"  Algorithm:      ($kem.algorithm)"
    print $"  PQC Key ID:     ($kem.pqc_key_id)"

    let secret = ($kem.shared_secret)
    if ($secret != "") {
        let secret_preview = ($secret | str substring 0..50)
        print $"  Shared secret:  ($secret_preview)..."
    } else {
        print "  Shared secret:  Generated (base64 encoded)"
    }

    let cipher = ($kem.ciphertext)
    if ($cipher != "") {
        let cipher_preview = ($cipher | str substring 0..50)
        print $"  Ciphertext:     ($cipher_preview)..."
    } else {
        print "  Ciphertext:     Generated (base64 encoded)"
    }
}

print ""
print "════════════════════════════════════════════════════════════════════════════════"
print "Test 5: Plugin Version & Status"
print "════════════════════════════════════════════════════════════════════════════════"

with-env {SECRETUMVAULT_TOKEN: "mytoken"} {
    let version = ("" | secretumvault version)

    print "✅ Plugin information"
    print $"  Version:   ($version)"
}

print ""
print "════════════════════════════════════════════════════════════════════════════════"
print "Summary - Available Commands"
print "════════════════════════════════════════════════════════════════════════════════"
print ""
print "🔒 Post-Quantum Cryptography \(PQC\):"
print "  • generate-pqc-key .......... Generate ML-KEM-768 key"
print "  • kem-encapsulate ........... Key encapsulation mechanism"
print "  • kem-decapsulate ........... Key decapsulation"
print "  • hybrid-encrypt ............ Classical + PQC encryption"
print "  • hybrid-decrypt ............ Classical + PQC decryption"
print "  • hybrid-sign ............... Classical + PQC signing"
print "  • hybrid-verify ............. Classical + PQC verification"
print ""
print "🔐 Classical Cryptography \(Symmetric\):"
print "  • encrypt ................... AES-256-GCM encryption"
print "  • decrypt ................... AES-256-GCM decryption"
print "  • generate-key .............. Generate symmetric key"
print "  • generate-data-key ......... Generate derived key"
print "  • rotate-key ................ Rotate transit key"
print ""
print "ℹ️  System:"
print "  • health .................... Vault health check"
print "  • version ................... Plugin version"
print ""
print "⚙️  Configuration:"
print "  SECRETUMVAULT_URL ........... http://localhost:8200 \(default\)"
print "  SECRETUMVAULT_TOKEN ......... Authentication token \(required\)"
print "  SECRETUMVAULT_MOUNT_POINT ... transit \(default\)"
print ""
print "════════════════════════════════════════════════════════════════════════════════"
print "✅ Demo Complete!"
print "════════════════════════════════════════════════════════════════════════════════"
print ""