# Vault Service Default Configuration

let vault_schema = import "../schemas/vault-service.ncl" in

{
  vault | vault_schema.VaultServiceConfig = {
    server = {
      host = "127.0.0.1",
      port = 8200,
      workers = 4,
      keep_alive = 75,
      max_connections = 100,
    },

    storage = {
      backend = "filesystem",
      path = "/var/lib/provisioning/vault/data",
      encryption_key_path = "/var/lib/provisioning/vault/master.key",
    },

    vault = {
      server_url = "http://localhost:8200",
      storage_backend = "filesystem",
      deployment_mode = "Embedded",
      mount_point = "transit",
      key_name = "provisioning-master",
      tls_verify = false,
    },

    ha = {
      enabled = false,
      mode = "raft",
    },

    security = {
      encryption_algorithm = "aes-256-gcm",
      key_rotation_days = 90,
    },

    monitoring = {
      enabled = false,
      metrics_interval = 60,
    },

    logging = {
      level = "info",
      format = "json",
    },
  },
}