73 lines
1.5 KiB
Markdown
73 lines
1.5 KiB
Markdown
|
|
# Security Configuration Examples
|
||
|
|
|
||
|
|
Security configuration examples for authentication, encryption, and secrets management.
|
||
|
|
|
||
|
|
## Complete Security Configuration
|
||
|
|
|
||
|
|
```nickel
|
||
|
|
{
|
||
|
|
security = {
|
||
|
|
authentication = {
|
||
|
|
enabled = true,
|
||
|
|
jwt_algorithm = "RS256",
|
||
|
|
mfa_required = true
|
||
|
|
},
|
||
|
|
|
||
|
|
secrets = {
|
||
|
|
backend = "secretumvault",
|
||
|
|
url = " [https://vault.example.com",](https://vault.example.com",)
|
||
|
|
auto_rotate = true,
|
||
|
|
rotation_days = 90
|
||
|
|
},
|
||
|
|
|
||
|
|
encryption = {
|
||
|
|
at_rest = true,
|
||
|
|
algorithm = "AES-256-GCM",
|
||
|
|
kms_backend = "secretumvault"
|
||
|
|
},
|
||
|
|
|
||
|
|
audit = {
|
||
|
|
enabled = true,
|
||
|
|
retention_days = 2555,
|
||
|
|
export_format = "json"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
```
|
||
|
|
|
||
|
|
## SecretumVault Integration
|
||
|
|
|
||
|
|
```bash
|
||
|
|
# Configure SecretumVault
|
||
|
|
provisioning config set security.secrets.backend secretumvault
|
||
|
|
provisioning config set security.secrets.url [http://localhost:8200](http://localhost:8200)
|
||
|
|
|
||
|
|
# Store secrets
|
||
|
|
provisioning vault put database/password --value="secret123"
|
||
|
|
|
||
|
|
# Retrieve secrets
|
||
|
|
provisioning vault get database/password
|
||
|
|
```
|
||
|
|
|
||
|
|
## Encrypted Infrastructure Configuration
|
||
|
|
|
||
|
|
```nickel
|
||
|
|
{
|
||
|
|
providers.upcloud = {
|
||
|
|
username = "admin",
|
||
|
|
password = std.secret "UPCLOUD_PASSWORD" # Encrypted
|
||
|
|
},
|
||
|
|
|
||
|
|
databases = [{
|
||
|
|
name = "production-db",
|
||
|
|
password = std.secret "DB_PASSWORD" # Encrypted
|
||
|
|
}]
|
||
|
|
}
|
||
|
|
```
|
||
|
|
|
||
|
|
## References
|
||
|
|
|
||
|
|
- [Security System](../security/README.md)
|
||
|
|
- [Secrets Management](../security/secrets-management.md)
|
||
|
|
- [Authentication](../security/authentication.md)
|