jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/config/plugin-config.toml
Jesús Pérez 6a59d34bb1
chore: update provisioning configuration and documentation 
Update configuration files, templates, and internal documentation
for the provisioning repository system.

Configuration Updates:
- KMS configuration modernization
- Plugin system settings
- Service port mappings
- Test cluster topologies
- Installation configuration examples
- VM configuration defaults
- Cedar authorization policies

Documentation Updates:
- Library module documentation
- Extension API guides
- AI system documentation
- Service management guides
- Test environment setup
- Plugin usage guides
- Validator configuration documentation

All changes are backward compatible.
2025-12-11 21:50:42 +00:00

271 lines
6.5 KiB
TOML
Raw Permalink Blame History

# Plugin Configuration
# Controls plugin behavior, backends, and fallback strategies
[plugins]
# Global plugin toggle
enabled = true
# Warn when falling back to HTTP/SOPS
warn_on_fallback = true
# Log performance metrics
log_performance = true
# Use HTTP fallback if plugin not available
use_http_if_missing = true
# Plugin discovery timeout (seconds)
discovery_timeout = 5
# ============================================================================
# Authentication Plugin Configuration
# ============================================================================
[plugins.auth]
# Enable authentication plugin
enabled = true
# Control Center API URL
control_center_url = "http://localhost:3000"
# Token refresh threshold (seconds before expiry)
# If token expires in less than this, auto-refresh
token_refresh_threshold = 300
# MFA configuration
mfa_required_for_production = true
mfa_remember_device_days = 30
# Session timeout (seconds)
session_timeout = 3600
# Token storage
token_file = "~/.provisioning/tokens.json"
# ============================================================================
# KMS Plugin Configuration
# ============================================================================
[plugins.kms]
# Enable KMS plugin
enabled = true
# Preferred backend (first to try)
preferred_backend = "rustyvault"
# Fallback backend if preferred fails
fallback_backend = "age"
# Auto-rotate encryption keys
auto_rotate_keys = false
rotation_interval_days = 90
# Cache decrypted values in memory
cache_decrypted = true
cache_ttl_seconds = 300
# ============================================================================
# KMS Backend: RustyVault
# ============================================================================
[plugins.kms.backends.rustyvault]
enabled = true
# RustyVault KMS service URL
url = "http://localhost:8200"
# Mount point for transit engine
mount_point = "transit"
# Key name for encryption
key_name = "provisioning-master"
# Timeout (seconds)
timeout = 30
# Use envelope encryption for large data
use_envelope_encryption = true
envelope_threshold_bytes = 4096
# ============================================================================
# KMS Backend: Age
# ============================================================================
[plugins.kms.backends.age]
enabled = true
# Age key file path
key_file = "~/.provisioning/age-key.txt"
# Public key for encryption
public_key = ""
# Armor output (base64 encoded)
armor = true
# ============================================================================
# KMS Backend: HashiCorp Vault
# ============================================================================
[plugins.kms.backends.vault]
enabled = false
# Vault server address
address = "http://localhost:8200"
# Token for authentication
token_file = "~/.vault-token"
# Mount point for transit engine
mount_point = "transit"
# Key name
key_name = "provisioning"
# Timeout (seconds)
timeout = 30
# ============================================================================
# KMS Backend: AWS KMS
# ============================================================================
[plugins.kms.backends.aws_kms]
enabled = false
# AWS region
region = "us-east-1"
# KMS key ID or ARN
key_id = ""
# Use envelope encryption
use_envelope_encryption = true
# Encryption context (additional authenticated data)
encryption_context = { "Application" = "Provisioning" }
# ============================================================================
# Orchestrator Plugin Configuration
# ============================================================================
[plugins.orchestrator]
# Enable orchestrator plugin
enabled = true
# Orchestrator URL
url = "http://localhost:8080"
# Data directory for file-based operations
data_dir = "./data"
# Prefer local plugin for localhost URLs
# If true, uses plugin for http://localhost:* and http://127.0.0.1:*
# If false, always uses HTTP
prefer_local = true
# Workflow configuration
[plugins.orchestrator.workflows]
# Default timeout for workflow operations (seconds)
default_timeout = 3600
# Maximum concurrent workflows
max_concurrent = 10
# Retry failed operations
retry_on_failure = true
max_retries = 3
retry_delay_seconds = 5
# Checkpoint interval (seconds)
checkpoint_interval = 300
# Batch configuration
[plugins.orchestrator.batch]
# Default parallel limit
parallel_limit = 5
# Enable rollback on failure
rollback_enabled = true
# Storage backend (filesystem, surrealdb)
storage_backend = "filesystem"
# ============================================================================
# Performance Tuning
# ============================================================================
[plugins.performance]
# Connection pooling
connection_pool_size = 10
connection_timeout_seconds = 30
# HTTP client configuration
http_user_agent = "Provisioning-Plugin/1.0"
http_timeout_seconds = 30
http_max_redirects = 5
# Cache configuration
enable_response_cache = true
cache_ttl_seconds = 300
cache_max_entries = 1000
# ============================================================================
# Security Configuration
# ============================================================================
[plugins.security]
# Verify TLS certificates
verify_tls = true
# TLS certificate file (if custom CA)
tls_ca_file = ""
# Client certificate for mutual TLS
client_cert_file = ""
client_key_file = ""
# Allowed cipher suites (empty = use defaults)
cipher_suites = []
# Minimum TLS version (1.2 or 1.3)
min_tls_version = "1.3"
# ============================================================================
# Logging and Monitoring
# ============================================================================
[plugins.logging]
# Log level (trace, debug, info, warn, error)
level = "info"
# Log file path
file = "~/.provisioning/plugins.log"
# Log format (json, text)
format = "json"
# Include timestamps
include_timestamps = true
# Include caller information
include_caller = false
# Metrics configuration
[plugins.metrics]
# Enable metrics collection
enabled = true
# Metrics export format (prometheus, json)
export_format = "json"
# Metrics file
metrics_file = "~/.provisioning/plugin-metrics.json"
# Update interval (seconds)
update_interval = 60
# ============================================================================
# Feature Flags
# ============================================================================
[plugins.features]
# Enable experimental features
experimental = false
# Enable beta features
beta = false
# Feature-specific flags
auth_webauthn = true
kms_hardware_security = false
orchestrator_distributed = false
Reference in New Issue View Git Blame Copy Permalink