# IAM Server Configuration Example
#
# Copy this file to iam.toml and adjust the settings.

[server]
# Listen address
addr = "0.0.0.0:50051"

# TLS configuration (optional)
# [server.tls]
# cert_file = "/etc/iam/certs/server.crt"
# key_file = "/etc/iam/certs/server.key"
# ca_file = "/etc/iam/certs/ca.crt"
# require_client_cert = false

[store]
# Backend type: "memory", "chainfire", or "flaredb"
backend = "memory"

# Chainfire backend configuration
# chainfire_endpoints = ["localhost:2379", "localhost:2380"]

# FlareDB backend configuration
# flaredb_endpoint = "localhost:5432"
# flaredb_namespace = "iam"

[authn]
# JWT/OIDC configuration (optional)
# [authn.jwt]
# jwks_url = "https://auth.example.com/.well-known/jwks.json"
# issuer = "https://auth.example.com"
# audience = "iam"
# jwks_cache_ttl_seconds = 3600

# Internal token configuration
[authn.internal_token]
# Signing key for internal tokens
# IMPORTANT: Change this to a secure random value in production!
signing_key = "change-this-to-a-secure-random-value-in-production"
issuer = "iam"
default_ttl_seconds = 3600      # 1 hour
max_ttl_seconds = 604800        # 7 days

[logging]
# Log level: "trace", "debug", "info", "warn", "error"
level = "info"
# Log format: "text" or "json"
format = "text"