64 lines
1.6 KiB
YAML
64 lines
1.6 KiB
YAML
schemaVersion: 1
|
|
issuer: http://authority.sealed-ci.local
|
|
accessTokenLifetime: 00:02:00
|
|
refreshTokenLifetime: 01:00:00
|
|
identityTokenLifetime: 00:05:00
|
|
authorizationCodeLifetime: 00:05:00
|
|
deviceCodeLifetime: 00:15:00
|
|
pluginDirectories:
|
|
- /app
|
|
plugins:
|
|
configurationDirectory: /app/plugins
|
|
descriptors:
|
|
standard:
|
|
type: standard
|
|
assemblyName: StellaOps.Authority.Plugin.Standard
|
|
enabled: true
|
|
configFile: standard.yaml
|
|
storage:
|
|
connectionString: mongodb://sealedci:sealedci@mongo:27017/authority?authSource=admin
|
|
databaseName: authority
|
|
commandTimeout: 00:00:30
|
|
signing:
|
|
enabled: true
|
|
activeKeyId: sealed-ci
|
|
keyPath: /certificates/authority-signing-dev.pem
|
|
algorithm: ES256
|
|
keySource: file
|
|
bootstrap:
|
|
enabled: false
|
|
crypto:
|
|
providers: []
|
|
security:
|
|
senderConstraints:
|
|
dpop:
|
|
enabled: true
|
|
proofLifetime: 00:02:00
|
|
replayWindow: 00:05:00
|
|
nonce:
|
|
enabled: false
|
|
mtls:
|
|
enabled: false
|
|
airGap:
|
|
egress:
|
|
mode: Sealed
|
|
allowLoopback: true
|
|
allowPrivateNetworks: true
|
|
remediationDocumentationUrl: https://docs.stella-ops.org/airgap/sealed-ci
|
|
supportContact: airgap-ops@stella-ops.org
|
|
sealedMode:
|
|
enforcementEnabled: true
|
|
evidencePath: /artifacts/sealed-mode-ci/latest/authority-sealed-ci.json
|
|
maxEvidenceAge: 00:30:00
|
|
cacheLifetime: 00:01:00
|
|
requireAuthorityHealthPass: true
|
|
requireSignerHealthPass: true
|
|
requireAttestorHealthPass: true
|
|
requireEgressProbePass: true
|
|
tenants:
|
|
- name: sealed-ci
|
|
roles:
|
|
operators:
|
|
scopes:
|
|
- policy:read
|