# SecretumVault Configuration for Docker Compose Development

[vault]
# Use etcd as storage backend
crypto_backend = "openssl"

[server]
address = "0.0.0.0"
port = 8200

[storage]
# Use etcd for persistent storage
backend = "etcd"

[storage.etcd]
# etcd service is available via docker-compose networking
endpoints = ["http://etcd:2379"]

[storage.filesystem]
path = "/var/lib/secretumvault"

[storage.surrealdb]
# SurrealDB is available via docker-compose networking
url = "ws://surrealdb:8000"

[storage.postgresql]
# PostgreSQL is available via docker-compose networking
connection_string = "postgres://vault:vault-dev-only@postgres:5432/secretumvault"

[crypto]
# Using OpenSSL backend (stable)

[seal]
seal_type = "shamir"

[seal.shamir]
threshold = 2
shares = 3

[engines.kv]
path = "secret/"
versioned = true

[engines.transit]
path = "transit/"
versioned = true

[engines.pki]
path = "pki/"
versioned = false

[engines.database]
path = "database/"
versioned = false

[logging]
# Log level: debug, info, warn, error
level = "info"
# Output format: text or json
format = "json"
# Optional file output
output = null
# Enable ANSI colors in stdout
ansi = true

[telemetry]
# Prometheus metrics port
prometheus_port = 9090
# Enable distributed tracing
enable_trace = false

[auth]
# Token configuration
default_ttl = 24

# Cedar policy configuration is optional
# [auth.cedar]
# policies_dir = "/etc/secretumvault/policies"
# entities_file = "/etc/secretumvault/entities.json"