provisioning/docs/src/examples/security-examples.md

73 lines
1.5 KiB
Markdown
Raw Normal View History

2026-01-17 03:58:28 +00:00
# Security Configuration Examples
Security configuration examples for authentication, encryption, and secrets management.
## Complete Security Configuration
```nickel
{
security = {
authentication = {
enabled = true,
jwt_algorithm = "RS256",
mfa_required = true
},
secrets = {
backend = "secretumvault",
url = " [https://vault.example.com",](https://vault.example.com",)
auto_rotate = true,
rotation_days = 90
},
encryption = {
at_rest = true,
algorithm = "AES-256-GCM",
kms_backend = "secretumvault"
},
audit = {
enabled = true,
retention_days = 2555,
export_format = "json"
}
}
}
```
## SecretumVault Integration
```bash
# Configure SecretumVault
provisioning config set security.secrets.backend secretumvault
provisioning config set security.secrets.url [http://localhost:8200](http://localhost:8200)
# Store secrets
provisioning vault put database/password --value="secret123"
# Retrieve secrets
provisioning vault get database/password
```
## Encrypted Infrastructure Configuration
```nickel
{
providers.upcloud = {
username = "admin",
password = std.secret "UPCLOUD_PASSWORD" # Encrypted
},
databases = [{
name = "production-db",
password = std.secret "DB_PASSWORD" # Encrypted
}]
}
```
## References
- [Security System](../security/README.md)
- [Secrets Management](../security/secrets-management.md)
- [Authentication](../security/authentication.md)