mirror of
https://github.com/valitydev/kds.git
synced 2024-11-06 00:05:18 +00:00
30ff7527ae
* Get rid of proprietary CI bits * Update sys.config * Add appsec team as CODEOWNERS * Add CI through GH Actions workflows * Switch to valitydev upstreams
112 lines
4.1 KiB
Plaintext
112 lines
4.1 KiB
Plaintext
[
|
|
{kds, [
|
|
{ip, "::"},
|
|
{management_port, 8022},
|
|
{storage_port, 8023},
|
|
{management_transport_opts, #{}},
|
|
{storage_transport_opts, #{
|
|
transport => ranch_ssl,
|
|
socket_opts => [
|
|
{cacertfile, "/var/lib/kds/ca.crt"},
|
|
{certfile, "/var/lib/kds/server.pem"},
|
|
{verify, verify_peer},
|
|
{fail_if_no_peer_cert, true}
|
|
]
|
|
}},
|
|
{protocol_opts, #{
|
|
request_timeout => 60000
|
|
}},
|
|
{new_key_security_parameters, #{
|
|
deduplication_hash_opts => #{
|
|
n => 16384,
|
|
r => 8,
|
|
p => 1
|
|
}
|
|
}},
|
|
{shutdown_timeout, 0},
|
|
{keyring_storage, kds_keyring_storage_file},
|
|
{keyring_storage_opts, #{
|
|
keyring_path => "/var/lib/kds/keyring"
|
|
}},
|
|
{health_check, #{
|
|
disk => {erl_health, disk, ["/", 99]},
|
|
memory => {erl_health, cg_memory, [99]},
|
|
service => {erl_health, service, [<<"kds">>]}
|
|
}},
|
|
{keyring_rotation_lifetime, 60000},
|
|
{keyring_initialize_lifetime, 180000},
|
|
{keyring_rekeying_lifetime, 180000},
|
|
{keyring_unlock_lifetime, 60000},
|
|
{shareholders, #{
|
|
<<"1">> => #{
|
|
owner => <<"ndiezel">>,
|
|
public_keys => #{
|
|
enc =>
|
|
<<
|
|
"{"
|
|
" \"use\": \"enc\","
|
|
" \"kty\": \"RSA\","
|
|
" \"kid\": \"KUb1fNMc5j9Ei_IV3DguhJh5UOH30uvO7qXq13uevnk\","
|
|
" \"alg\": \"RSA-OAEP-256\","
|
|
" \"n\": \"2bxkamUQjD4CN8rcq5BfNLJmRmosb-zY7ajPBJqtiLUTcqym23OkUIA1brBg34clmU2ZQmtd3LWi5kVJk_wr4WsMG_78jHK3wQA-HRhY4WZDZrULTsi4XWpNSwL4dCml4fs536RKy_TyrnpiXg0ug4JVVaEeo7VIZ593mVhCxC8Ev6FK8tZ2HGGOerUXLpgQdhcp9UwaI_l7jgoWNp1f7SuBqv1mfiw4ziC1yvwyXHTKy-37LjLmVB9EVyjqpkwZgzapaOvHc1ABqJpdOrUh-PyOgq-SduqSkMrvqZEdUeR_KbFVxqbxqWJMrqkl2HOJxOla9cHRowg5ObUBjeMoaTJfqie3t6uRUsFEFMzhIyvo6QMYHooxIdOdwpZ4tpzML6jv9o5DPtN375bKzy-UsjeshYbvad1mbrcxc8tYeiQkDZEIM0KeOdHm5C6neEyY6oF4s1vSYBNCnhE5O-R9dmp8Sk5KEseEkOH5u4G2RsIXBA9z1OTDoy6qF21EvRCGzsGfExfkmPAtzbnS-EHHxbMUiio0ZJoZshYo8dwJY6vSN7UsXBgW1v7GvIF9VsfzRmgkl_3rdemYy28DJKC0U2yufePcA3nUJEhtR3UO_tIlHxZvlDSX5eTx4vs5VkFfujNSiPsgH0PEeXABGBFbal7QxU1u0XHXIFwhW5cM8Fs\","
|
|
" \"e\": \"AQAB\""
|
|
"}"
|
|
>>,
|
|
sig =>
|
|
<<
|
|
"{"
|
|
" \"crv\":\"Ed25519\","
|
|
" \"kid\":\"0S3dDL16upIQpkt5sooMFXeZR4j1O7fZngAWgn_Bmbo\","
|
|
" \"kty\":\"OKP\","
|
|
" \"x\":\"tIUiRZkBczC152j1ItfvtITl222ZHLcz6wRqUDa0-Ls\""
|
|
"}"
|
|
>>
|
|
}
|
|
}
|
|
}}
|
|
]},
|
|
|
|
{scoper, [
|
|
{storage, scoper_storage_logger}
|
|
]},
|
|
|
|
{kernel, [
|
|
{logger_sasl_compatible, false},
|
|
{logger_level, debug},
|
|
{logger, [
|
|
{handler, default, logger_std_h, #{
|
|
config => #{
|
|
type => {file, "/var/log/kds/console.json"}
|
|
},
|
|
formatter =>
|
|
{logger_logstash_formatter, #{
|
|
message_redaction_regex_list => [
|
|
%% pan
|
|
"[0-9]{12,19}",
|
|
%% expiration date
|
|
"[0-9]{2}.[0-9]{2,4}",
|
|
%% cvv
|
|
"[0-9]{3,4}",
|
|
%% JWS and JWE compact representation
|
|
"^ey[JI]([a-zA-Z0-9_-]*.?){1,6}"
|
|
]
|
|
}}
|
|
}}
|
|
]}
|
|
]},
|
|
|
|
{os_mon, [
|
|
{disksup_posix_only, true}
|
|
]},
|
|
|
|
{snowflake, [
|
|
% 1 second
|
|
{max_backward_clock_moving, 1000},
|
|
{machine_id, hostname_hash}
|
|
]},
|
|
|
|
{prometheus, [
|
|
{collectors, [default]}
|
|
]}
|
|
].
|