-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathconfig.yaml.example
63 lines (50 loc) · 2.22 KB
/
config.yaml.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# You probably want to configure these
canonicalUrl: https://path.to/rproxy
bindAddr: localhost:8080
# Maximum size of nonce to sign. Best to keep above 64.
maxNonceSize: 128
# Will still sign a timestamp if its this far of our current local time
# in seconds.
acceptableLag: 60
# The default signature algorithm. Either ed25519 or xmssmt.
defaultSigAlg: xmssmt
# Path to store private keys. Will be generated if not present.
# WARNING: do not make backups or copies of xmssmt.key. See the README.
xmssmtKeyPath: xmssmt.key
ed25519KeyPath: ed25519.key
# XMSS(MT) instance to use.
xmssmtAlg: XMSSMT-SHAKE_40/4_256
# Number of signature sequence numbers to preallocate. If the server
# crashes, this is the amount of signatures lost.
xmssmtBorrowedSeqNos: 1000
# Require a proof-of-work of the given difficulty for the favious
# signature algorithms. If null, no proof of work is required.
xmssmtPowDifficulty: 16
ed25519PowDifficulty: null
# Generate proof-of-work nonces from the given key. Useful if running
# several Atum servers between the same URL.
powKey: null
# How often to rotate the proof-of-work nonce.
powWindow: 24h0m0s
# List of other trusted public keys.
# Each entry should be of the form: alg-base64encodedPk
#
# This can be used for several reasons:
#
# 1. It can list a keypair whose signatures are still trusted, but
# to which access was lost, for instance because it ran out of
# signatures in case of XMSSMT or because the private key was
# corrupted.
# 2. A keypair might be included of another redundant copy of this
# server. (Servers must never use the same XMSSMT key, see
# the README --- instead generate a new keypair for each server
# and list the public keys in eachothers `otherTrustedPublicKeys`.)
#otherTrustedPublicKeys:
# - ed25519-/jm13Cfq5Gr+iMqQweoRvJv+HbU7+JNFJIHq1WTm+ww=
# - xmssmt-6gdaBKiEUa2MnwoMp0y1vBSx86YkyG6QOWEB9F0/7tPladMNZPE5+s6FUE4yqPB105RPd6kKnc7qT47Srt8CwZ2zKovNmcRg1jB315ZECK3JDpeLLglG38D6kYmJw2kPdhmdrsleMIUEqBwYwGWekjJ7L8IiwSf2tleI5B6ZZkklJJUq
# How often should clients check in about the validity of public keys?
publicKeyCacheDuration: 720h0m0s
# Enable Prometheus metrics?
# NOTE these are hosted publicly at /metrics.
enableMetrics: false
# vim: ft=yaml