config

Module: config

Structs

AuthorityConfig - Authority configuration loaded from TOML file and/or environment variables.
AuthorityTlsConfig - TLS configuration for the Authority gRPC server.
TlsIdentityPaths - Fully validated TLS identity paths.

Enums

Struct

Authority configuration loaded from TOML file and/or environment variables.

Environment variables take precedence over TOML values and use the FIRMA_AUTHORITY_ prefix (e.g., FIRMA_AUTHORITY_LISTEN_ADDR).

Fields:

listen_addr: String - gRPC listen address (default: [::1]:50051).
policy_dir: std::path::PathBuf - Directory containing .cedar policy files streamed to sidecars for enforcement.
issuance_policy_dir: std::path::PathBuf - Directory containing .cedar policy files used to gate capability issuance.
schema_path: Option<std::path::PathBuf> - Optional path to the Cedar schema file.
revocation_file: std::path::PathBuf - Path to the revocation file (one token ID per line).
max_ttl_seconds: i32 - Maximum token TTL in seconds (default: 3600).
key_file: std::path::PathBuf - Path to the Ed25519 signing key file (64-byte raw or PEM).
log_level: String - Log level filter (default: info).
bundle_ttl_seconds: u32 - Policy bundle TTL advertised to sidecars in seconds (default: 30).
tls: AuthorityTlsConfig - Authority TLS configuration.

Methods:

fn load(config_path: Option<&PathBuf>) -> Result<Self, ConfigError> - Load configuration by merging an optional TOML file with environment variable overrides.
fn load_resolved(file: &std::path::Path, config_dir: &std::path::Path) -> Result<Self, ConfigError> - Parse a resolved config file (flat or [authority]-sectioned via
fn tls_identity_paths(self: &Self) -> Result<Option<TlsIdentityPaths>, String> - Returns TLS identity paths when both TLS fields are configured.
fn rebase_defaults(self: & mut Self, config_dir: &std::path::Path) - Re-base every relative resource path against config_dir;

Trait Implementations:

Deserialize
- fn deserialize<__D>(__deserializer: __D) -> _serde::__private228::Result<Self, <__D as >::Error>
Default
- fn default() -> Self
Clone
- fn clone(self: &Self) -> AuthorityConfig
Debug
- fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result

Struct

TLS configuration for the Authority gRPC server.

Both values are required together to enable TLS.

Fields:

tls_cert_path: Option<std::path::PathBuf> - Path to the TLS certificate file (PEM). Must be set together with
tls_key_path: Option<std::path::PathBuf> - Path to the TLS private key file (PEM). Must be set together with
mtls_client_ca_cert_path: Option<std::path::PathBuf> - Path to the PEM CA certificate used to verify Sidecar mTLS client
mtls_client_ca_key_path: Option<std::path::PathBuf> - Path to the PEM CA private key used by firma authority issue-client-cert
authorized_clients_path: Option<std::path::PathBuf> - Path to the TOML file listing authorized client identities (CN or DNS

Trait Implementations:

Deserialize
- fn deserialize<__D>(__deserializer: __D) -> _serde::__private228::Result<Self, <__D as >::Error>
Default
- fn default() -> AuthorityTlsConfig
Clone
- fn clone(self: &Self) -> AuthorityTlsConfig
Debug
- fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result

Enum

Variants:

Traits: Error

Trait Implementations:

Display
- fn fmt(self: &Self, __formatter: & mut ::core::fmt::Formatter) -> ::core::fmt::Result
Debug
- fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result

Struct

Fully validated TLS identity paths.

Fields:

Trait Implementations:

Clone
- fn clone(self: &Self) -> TlsIdentityPaths
Debug
- fn fmt(self: &Self, f: & mut $crate::fmt::Formatter) -> $crate::fmt::Result