# Security Configuration Examples Security configuration examples for authentication, encryption, and secrets management. ## Complete Security Configuration ```nickel { security = { authentication = { enabled = true, jwt_algorithm = "RS256", mfa_required = true }, secrets = { backend = "secretumvault", url = " [https://vault.example.com",](https://vault.example.com",) auto_rotate = true, rotation_days = 90 }, encryption = { at_rest = true, algorithm = "AES-256-GCM", kms_backend = "secretumvault" }, audit = { enabled = true, retention_days = 2555, export_format = "json" } } } ``` ## SecretumVault Integration ```bash # Configure SecretumVault provisioning config set security.secrets.backend secretumvault provisioning config set security.secrets.url [http://localhost:8200](http://localhost:8200) # Store secrets provisioning vault put database/password --value="secret123" # Retrieve secrets provisioning vault get database/password ``` ## Encrypted Infrastructure Configuration ```nickel { providers.upcloud = { username = "admin", password = std.secret "UPCLOUD_PASSWORD" # Encrypted }, databases = [{ name = "production-db", password = std.secret "DB_PASSWORD" # Encrypted }] } ``` ## References - [Security System](../security/README.md) - [Secrets Management](../security/secrets-management.md) - [Authentication](../security/authentication.md)