provisioning/docs/src/examples/security-examples.md
2026-01-17 03:58:28 +00:00

1.5 KiB

Security Configuration Examples

Security configuration examples for authentication, encryption, and secrets management.

Complete Security Configuration

{
  security = {
    authentication = {
      enabled = true,
      jwt_algorithm = "RS256",
      mfa_required = true
    },

    secrets = {
      backend = "secretumvault",
      url = " [https://vault.example.com",](https://vault.example.com",)
      auto_rotate = true,
      rotation_days = 90
    },

    encryption = {
      at_rest = true,
      algorithm = "AES-256-GCM",
      kms_backend = "secretumvault"
    },

    audit = {
      enabled = true,
      retention_days = 2555,
      export_format = "json"
    }
  }
}

SecretumVault Integration

# Configure SecretumVault
provisioning config set security.secrets.backend secretumvault
provisioning config set security.secrets.url  [http://localhost:8200](http://localhost:8200)

# Store secrets
provisioning vault put database/password --value="secret123"

# Retrieve secrets
provisioning vault get database/password

Encrypted Infrastructure Configuration

{
  providers.upcloud = {
    username = "admin",
    password = std.secret "UPCLOUD_PASSWORD"  # Encrypted
  },

  databases = [{
    name = "production-db",
    password = std.secret "DB_PASSWORD"  # Encrypted
  }]
}

References