[package]
authors.workspace = true
description = "Vault Service for Provisioning Platform with secrets and key management (Age dev, Cosmian KMS prod, RustyVault self-hosted)"
edition.workspace = true
license.workspace = true
name = "vault-service"
repository.workspace = true
version.workspace = true

[[bin]]
name = "provisioning-vault-service"
path = "src/main.rs"

[dependencies]
# Async runtime
tokio = { workspace = true, features = ["full"] }

# NATS JetStream bridge (lease request/issued flow)
platform-nats = { workspace = true, optional = true }

# UUID for lease IDs
uuid = { workspace = true, features = ["v4", "serde"] }

# Stream iteration
futures = { workspace = true }

# Async traits
async-trait = { workspace = true }

# Zero sensitive memory on drop
zeroize = { workspace = true }

# Web framework
axum = { workspace = true, features = ["json"] }
tower = { workspace = true }
tower-http = { workspace = true, features = ["cors", "trace"] }

# Serialization
serde = { workspace = true, features = ["derive"] }
serde_json = { workspace = true }
toml = { workspace = true }

# Configuration
platform-config = { path = "../platform-config" }

# Centralized observability (logging, metrics, health, tracing)
observability = { workspace = true, features = ["logging", "metrics-prometheus", "health"] }

# HTTP client
reqwest = { workspace = true }

# Age encryption (development)
age = { workspace = true }

# RustyVault (self-hosted Vault alternative)
rusty_vault = { workspace = true }

# Cryptography
base64 = { workspace = true }
rand = { workspace = true }

# Error handling
anyhow = { workspace = true }
thiserror = { workspace = true }

# Logging
tracing = { workspace = true }
tracing-subscriber = { workspace = true }

# Time
chrono = { workspace = true, features = ["serde"] }

# Configuration
config = { workspace = true }

# SecretumVault (Enterprise secrets management - optional)
secretumvault = { workspace = true }

[features]
nats = ["dep:platform-nats"]
default = []

[dev-dependencies]
http-body-util = { workspace = true }
mockito = { workspace = true }
tempfile = { workspace = true }
tokio-test = { workspace = true }

[lib]
name = "vault_service"
path = "src/lib.rs"