provisioning/schemas/platform/configs/vault-service.cicd.ncl

# Vault Service - CI/CD Mode Configuration
# Pipeline integration, ephemeral in-memory storage

let vault_schema = import "../schemas/vault-service.ncl" in

{
  vault | vault_schema.VaultServiceConfig = {
    server = {
      host = "0.0.0.0",
      port = 8200,
      workers = 8,
      keep_alive = 75,
      max_connections = 200,
    },

    storage = {
      backend = "memory",
      path = "/tmp/provisioning-vault-cicd",
      encryption_key_path = "/tmp/provisioning-vault-cicd/master.key",
    },

    vault = {
      server_url = "http://vault-cicd:8200",
      storage_backend = "memory",
      deployment_mode = "Service",
      mount_point = "transit-cicd",
      key_name = "provisioning-cicd",
      tls_verify = false,
    },

    ha = {
      enabled = false,
      mode = "raft",
    },

    security = {
      encryption_algorithm = "aes-256-gcm",
      key_rotation_days = 90,
    },

    monitoring = {
      enabled = false,
      metrics_interval = 60,
    },

    logging = {
      level = "warn",
      format = "json",
    },
  },
}