provisioning/schemas/platform/schemas/vault-service.ncl

# Vault Service Schema
# Secrets management and encryption configuration

{
  VaultServiceConfig = {
    # Server configuration
    server | {
      host | String,
      port | Number,
      workers | Number | optional,
      keep_alive | Number | optional,
      max_connections | Number | optional,
    },

    # Storage backend configuration
    storage | {
      backend | String,
      path | String | optional,
      encryption_key_path | String | optional,
    },

    # Vault-specific settings
    vault | {
      server_url | String,
      storage_backend | String,
      deployment_mode | String,
      auth_token | String | optional,
      mount_point | String | default = "transit",
      key_name | String | default = "provisioning-master",
      tls_verify | Bool | default = false,
      tls_ca_cert | String | optional,
    },

    # High Availability configuration
    ha | {
      enabled | Bool | default = false,
      mode | String | optional,
    } | optional,

    # Security configuration
    security | {
      encryption_algorithm | String | optional,
      key_rotation_days | Number | optional,
    } | optional,

    # Monitoring and logging
    monitoring | {
      enabled | Bool | default = false,
      metrics_interval | Number | optional,
    } | optional,

    logging | {
      level | String | default = "info",
      format | String | optional,
    } | optional,
  },
}
chore: complete nickel migration and consolidate legacy configs - Remove KCL ecosystem (~220 files deleted) - Migrate all infrastructure to Nickel schema system - Consolidate documentation: legacy docs → provisioning/docs/src/ - Add CI/CD workflows (.github/) and Rust build config (.cargo/) - Update core system for Nickel schema parsing - Update README.md and CHANGES.md for v5.0.0 release - Fix pre-commit hooks: end-of-file, trailing-whitespace - Breaking changes: KCL workspaces require migration - Migration bridge available in docs/src/development/ 2026-01-08 09:55:37 +00:00			`# Vault Service Schema`
			`# Secrets management and encryption configuration`

			`{`
			`VaultServiceConfig = {`
			`# Server configuration`
			`server \| {`
			`host \| String,`
			`port \| Number,`
			`workers \| Number \| optional,`
			`keep_alive \| Number \| optional,`
			`max_connections \| Number \| optional,`
			`},`

			`# Storage backend configuration`
			`storage \| {`
			`backend \| String,`
			`path \| String \| optional,`
			`encryption_key_path \| String \| optional,`
			`},`

			`# Vault-specific settings`
			`vault \| {`
			`server_url \| String,`
			`storage_backend \| String,`
			`deployment_mode \| String,`
			`auth_token \| String \| optional,`
			`mount_point \| String \| default = "transit",`
			`key_name \| String \| default = "provisioning-master",`
			`tls_verify \| Bool \| default = false,`
			`tls_ca_cert \| String \| optional,`
			`},`

			`# High Availability configuration`
			`ha \| {`
			`enabled \| Bool \| default = false,`
			`mode \| String \| optional,`
			`} \| optional,`

			`# Security configuration`
			`security \| {`
			`encryption_algorithm \| String \| optional,`
			`key_rotation_days \| Number \| optional,`
			`} \| optional,`

			`# Monitoring and logging`
			`monitoring \| {`
			`enabled \| Bool \| default = false,`
			`metrics_interval \| Number \| optional,`
			`} \| optional,`

			`logging \| {`
			`level \| String \| default = "info",`
			`format \| String \| optional,`
			`} \| optional,`
			`},`
			`}`