|
Simo Sorce |
8bea4eb |
# /etc/custodia/custodia.conf
|
|
Simo Sorce |
8bea4eb |
|
|
Simo Sorce |
8bea4eb |
[DEFAULT]
|
|
Simo Sorce |
8bea4eb |
libdir = /var/lib/custodia
|
|
Simo Sorce |
8bea4eb |
logdir = /var/log/custodia
|
|
Simo Sorce |
8bea4eb |
rundir = /var/run/custodia
|
|
Simo Sorce |
8bea4eb |
|
|
Simo Sorce |
8bea4eb |
[global]
|
|
Simo Sorce |
8bea4eb |
debug = true
|
|
Simo Sorce |
8bea4eb |
server_socket = ${rundir}/custodia.sock
|
|
Simo Sorce |
8bea4eb |
auditlog = ${logdir}/audit.log
|
|
Simo Sorce |
8bea4eb |
|
|
Simo Sorce |
8bea4eb |
[store:sqlite]
|
|
Simo Sorce |
8bea4eb |
handler = SqliteStore
|
|
Simo Sorce |
8bea4eb |
dburi = ${libdir}/secrets.db
|
|
Simo Sorce |
8bea4eb |
table = secrets
|
|
Simo Sorce |
8bea4eb |
|
|
Simo Sorce |
8bea4eb |
[store:encrypted_sqlite]
|
|
Simo Sorce |
8bea4eb |
handler = EncryptedOverlay
|
|
Simo Sorce |
8bea4eb |
backing_store = sqlite
|
|
Simo Sorce |
8bea4eb |
master_key = ${libdir}/secrets.key
|
|
Simo Sorce |
8bea4eb |
master_enctype = A128CBC-HS256
|
|
Simo Sorce |
8bea4eb |
autogen_master_key = true
|
|
Simo Sorce |
8bea4eb |
|
|
Simo Sorce |
8bea4eb |
[auth:creds]
|
|
Simo Sorce |
8bea4eb |
handler = SimpleCredsAuth
|
|
Simo Sorce |
8bea4eb |
uid = root
|
|
Simo Sorce |
8bea4eb |
gid = root
|
|
Simo Sorce |
8bea4eb |
|
|
Simo Sorce |
8bea4eb |
[authz:paths]
|
|
Simo Sorce |
8bea4eb |
handler = SimplePathAuthz
|
|
Simo Sorce |
8bea4eb |
paths = /. /secrets
|
|
Simo Sorce |
8bea4eb |
|
|
Simo Sorce |
8bea4eb |
[/]
|
|
Simo Sorce |
8bea4eb |
handler = Root
|
|
Simo Sorce |
8bea4eb |
|
|
Simo Sorce |
8bea4eb |
[/secrets]
|
|
Simo Sorce |
8bea4eb |
handler = Secrets
|
|
Simo Sorce |
8bea4eb |
store = encrypted_sqlite
|