-
Notifications
You must be signed in to change notification settings - Fork 10
/
themis.yaml
141 lines (129 loc) · 3.29 KB
/
themis.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
## SPDX-FileCopyrightText: 2017 Comcast Cable Communications Management, LLC
## SPDX-License-Identifier: Apache-2.0
servers:
key:
address: :6500
disableHTTPKeepAlives: true
header:
X-Midt-Server:
- issuer
X-Midt-Version:
- development
issuer:
address: :6501
disableHTTPKeepAlives: true
# tls:
# key: "/etc/themis/key.pem"
# certificateFile: "/etc/themis/cert.pem"
header:
X-Midt-Server:
- issuer
X-Midt-Version:
- development
claims:
address: :6502
disableHTTPKeepAlives: true
header:
X-Midt-Server:
- issuer
X-Midt-Version:
- development
metrics:
address: :6503
disableHTTPKeepAlives: true
health:
address: :6504
disableHTTPKeepAlives: true
header:
X-Midt-Server:
- issuer
X-Midt-Version:
- development
health:
disableLogging: false
custom:
server: development
prometheus:
defaultNamespace: xmidt
defaultSubsystem: issuer
constLabels:
development: "true"
token:
alg: RS256
nonce: true
notBeforeDelta: -15s
duration: 24h
clientCertificates:
# rootCAFile: "/path/to/bundle.pem"
# intermediatesFile: "/path/to/bundle.pem"
trust:
# these trust values are just to illustrate what you can do
# they are unique, so locally you can easily tell which case happened
noCertificates: 10
expiredUntrusted: 100
expiredTrusted: 200
untrusted: 900
trusted: 1000
claims:
- key: mac
header: X-Midt-Mac-Address
parameter: mac
- key: serial
header: X-Midt-Serial-Number
parameter: serial
- key: uuid
header: X-Midt-Uuid
parameter: uuid
- key: iss
value: "development"
- key: sub
value: "client-supplied"
- key: aud
value: "XMiDT"
- key: capabilities
value:
- x1:issuer:test:.*:all
- key: nestedClaims
json: '{
"casePreservedScalar": "true",
"casePreservedArray": ["casePreserved1", "casePreserved2"]
}'
metadata:
- key: mac
header: X-Midt-Mac-Address
parameter: mac
- key: serial
header: X-Midt-Serial-Number
parameter: serial
- key: uuid
header: X-Midt-Uuid
parameter: uuid
partnerID:
claim: partner-id
metadata: pid
header: X-Midt-Partner-ID
parameter: pid
default: comcast
key:
kid: development
type: rsa
bits: 1024
log:
outputPaths:
- stdout
errorOutputPaths:
- stderr
level: DEBUG
encoding: json
# tracing provides configuration around traces using OpenTelemetry.
# (Optional). By default, a 'noop' tracer provider is used and tracing is disabled.
tracing:
# provider is the name of the trace provider to use. Currently, otlp/grpc, otlp/http, stdout, jaeger and zipkin are supported.
# 'noop' can also be used as provider to explicitly disable tracing.
provider: "noop"
# skipTraceExport only applies when provider is stdout. Set skipTraceExport to true
# so that trace information is not written to stdout.
# skipTraceExport: true
# endpoint is where trace information should be routed. Applies to otlp, zipkin, and jaeger. OTLP/gRPC uses port 4317 by default.
# OTLP/HTTP uses port 4318 by default.
# endpoint: "http://localhost:9411/api/v2/spans"