# Authentication Feature Configuration
#
# This configuration controls API key authentication and authorization.
# Each request must include a valid API key in the Authorization header.
# This file is loaded ONLY if [server.features.auth].enabled = true in the main config.
# (The enabled flag is set in the main lifecycle-api-config.toml file)

[auth]

# Path to API keys configuration file
# Each line should contain: key_name = "key_value"
# Example: admin_key = "sk_abc123def456..."
api_keys_path = "./config/api_keys.toml"

# Header name for API key (typically "Authorization" or "X-API-Key")
auth_header = "Authorization"

# Expected prefix for API key value (e.g., "Bearer ", "ApiKey ")
# Leave empty for no prefix requirement
auth_prefix = "Bearer "

# Log authentication failures (useful for debugging)
log_failures = true

# Timeout for key validation (milliseconds)
key_validation_timeout_ms = 100