1.5 KiB
1.5 KiB
Security Configuration Examples
Security configuration examples for authentication, encryption, and secrets management.
Complete Security Configuration
{
security = {
authentication = {
enabled = true,
jwt_algorithm = "RS256",
mfa_required = true
},
secrets = {
backend = "secretumvault",
url = " [https://vault.example.com",](https://vault.example.com",)
auto_rotate = true,
rotation_days = 90
},
encryption = {
at_rest = true,
algorithm = "AES-256-GCM",
kms_backend = "secretumvault"
},
audit = {
enabled = true,
retention_days = 2555,
export_format = "json"
}
}
}
SecretumVault Integration
# Configure SecretumVault
provisioning config set security.secrets.backend secretumvault
provisioning config set security.secrets.url [http://localhost:8200](http://localhost:8200)
# Store secrets
provisioning vault put database/password --value="secret123"
# Retrieve secrets
provisioning vault get database/password
Encrypted Infrastructure Configuration
{
providers.upcloud = {
username = "admin",
password = std.secret "UPCLOUD_PASSWORD" # Encrypted
},
databases = [{
name = "production-db",
password = std.secret "DB_PASSWORD" # Encrypted
}]
}