provisioning/schemas/platform/schemas/vault-service.ncl

# Vault Service Schema
# Secrets management and encryption configuration

{
  VaultServiceConfig = {
    # Server configuration
    server | {
      host | String,
      port | Number,
      workers | Number | optional,
      keep_alive | Number | optional,
      max_connections | Number | optional,
    },

    # Storage backend configuration
    storage | {
      backend | String,
      path | String | optional,
      encryption_key_path | String | optional,
    },

    # Vault-specific settings
    vault | {
      server_url | String,
      storage_backend | String,
      deployment_mode | String,
      auth_token | String | optional,
      mount_point | String | default = "transit",
      key_name | String | default = "provisioning-master",
      tls_verify | Bool | default = false,
      tls_ca_cert | String | optional,
    },

    # High Availability configuration
    ha | {
      enabled | Bool | default = false,
      mode | String | optional,
    } | optional,

    # Security configuration
    security | {
      encryption_algorithm | String | optional,
      key_rotation_days | Number | optional,
    } | optional,

    # Monitoring and logging
    monitoring | {
      enabled | Bool | default = false,
      metrics_interval | Number | optional,
    } | optional,

    logging | {
      level | String | default = "info",
      format | String | optional,
    } | optional,
  },
}