plugin:
  id: com.stellaops.crypto.hsm
  name: HSM Cryptography Provider
  version: 1.0.0
  vendor: Stella Ops
  description: Hardware Security Module integration via PKCS#11
  license: BUSL-1.1

entryPoint: StellaOps.Cryptography.Plugin.Hsm.HsmPlugin

minPlatformVersion: 1.0.0

capabilities:
  - type: crypto
    id: hsm
    algorithms:
      - HSM-RSA-SHA256
      - HSM-RSA-SHA384
      - HSM-RSA-SHA512
      - HSM-RSA-PSS-SHA256
      - HSM-ECDSA-P256
      - HSM-ECDSA-P384
      - HSM-AES-128-GCM
      - HSM-AES-256-GCM

configSchema:
  type: object
  properties:
    libraryPath:
      type: string
      description: Path to PKCS#11 library (.so/.dll). Leave empty for simulation mode.
    slotId:
      type: integer
      default: 0
      description: HSM slot identifier
    pin:
      type: string
      description: PIN for HSM authentication
    tokenLabel:
      type: string
      description: Token label for identifying the HSM
    connectionTimeoutSeconds:
      type: integer
      default: 30
      description: Connection timeout in seconds
    readOnlySession:
      type: boolean
      default: true
      description: Use read-only session (no key generation/modification)
  required: []