# mcias-dev.conf — Local development configuration for mciassrv
#
# Suitable for running mciassrv on a developer workstation.
# DO NOT use this configuration in production:
#   - Tokens expire quickly (for rapid test iteration).
#   - The master key passphrase is trivial.
#   - TLS paths point to local self-signed certificates.
#
# Generate a self-signed certificate for local development:
#   openssl req -x509 -newkey ed25519 -days 365 \
#     -keyout /tmp/mcias-dev.key -out /tmp/mcias-dev.crt \
#     -subj "/CN=localhost" -nodes
#
# Set the master passphrase:
#   export MCIAS_MASTER_PASSPHRASE=devpassphrase
#
# Start the server:
#   mciassrv -config /path/to/mcias-dev.conf

[server]
listen_addr = "127.0.0.1:8443"
grpc_addr   = "127.0.0.1:9443"
tls_cert    = "/tmp/mcias-dev.crt"
tls_key     = "/tmp/mcias-dev.key"

[database]
path = "/tmp/mcias-dev.db"

[tokens]
issuer         = "https://localhost:8443"
default_expiry = "1h"
admin_expiry   = "30m"
service_expiry = "24h"

[argon2]
# OWASP minimums maintained even in dev; do not reduce further.
time    = 2
memory  = 65536
threads = 4

[master_key]
passphrase_env = "MCIAS_MASTER_PASSPHRASE"