# Provisioning API Server Configuration

[server]
host = "0.0.0.0"
port = 8083

# TLS configuration (optional)
# tls_cert = "/path/to/cert.pem"
# tls_key = "/path/to/key.pem"

# CORS configuration
cors_enabled = true
# cors_origins = ["https://app.example.com", "https://admin.example.com"]

[auth]
# IMPORTANT: Change this secret in production!
jwt_secret = "change-me-in-production-use-a-long-random-string"

# Token expiry in hours
token_expiry_hours = 24
refresh_token_expiry_hours = 168  # 7 days

# Mutual TLS (optional)
mtls_enabled = false
# mtls_ca_cert = "/path/to/ca.pem"

[provisioning]
# Path to provisioning CLI
cli_path = "/usr/local/bin/provisioning"

# Default workspace (optional)
# default_workspace = "production"

# Operation timeout in seconds
timeout_seconds = 300

# Maximum concurrent operations
max_concurrent_operations = 10

[logging]
# Log level: trace, debug, info, warn, error
level = "info"

# Use JSON format for logs
json_format = false

# Audit log path (optional)
# audit_log_path = "/var/log/provisioning-server/audit.log"