Kyle Isom
0b37fde155
- Add [webauthn] section to all config examples - Add active WebAuthn config to run/mcias.conf - Update Dockerfile to use /srv/mcias single mount - Add WebAuthn and TOTP sections to RUNBOOK.md - Fix TOTP QR display (template.URL type) - Add --force-rm to docker build in Makefile Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
51 lines
1.4 KiB
Plaintext
51 lines
1.4 KiB
Plaintext
# mcias-dev.conf — Local development configuration for mciassrv
|
|
#
|
|
# Suitable for running mciassrv on a developer workstation.
|
|
# DO NOT use this configuration in production:
|
|
# - Tokens expire quickly (for rapid test iteration).
|
|
# - The master key passphrase is trivial.
|
|
# - TLS paths point to local self-signed certificates.
|
|
#
|
|
# Generate a self-signed certificate for local development:
|
|
# openssl req -x509 -newkey ed25519 -days 365 \
|
|
# -keyout /tmp/mcias-dev.key -out /tmp/mcias-dev.crt \
|
|
# -subj "/CN=localhost" -nodes
|
|
#
|
|
# Set the master passphrase:
|
|
# export MCIAS_MASTER_PASSPHRASE=devpassphrase
|
|
#
|
|
# Start the server:
|
|
# mciassrv -config /path/to/mcias-dev.toml
|
|
|
|
[server]
|
|
listen_addr = "127.0.0.1:8443"
|
|
grpc_addr = "127.0.0.1:9443"
|
|
tls_cert = "/tmp/mcias-dev.crt"
|
|
tls_key = "/tmp/mcias-dev.key"
|
|
# trusted_proxy not set — direct local development, no reverse proxy.
|
|
|
|
[database]
|
|
path = "/tmp/mcias-dev.db"
|
|
|
|
[tokens]
|
|
issuer = "https://localhost:8443"
|
|
default_expiry = "1h"
|
|
admin_expiry = "30m"
|
|
service_expiry = "24h"
|
|
|
|
[argon2]
|
|
# OWASP minimums maintained even in dev; do not reduce further.
|
|
time = 2
|
|
memory = 65536
|
|
threads = 4
|
|
|
|
[master_key]
|
|
passphrase_env = "MCIAS_MASTER_PASSPHRASE"
|
|
|
|
# WebAuthn — passkey authentication for local development.
|
|
# rp_origin includes the non-standard port since we're not behind a proxy.
|
|
[webauthn]
|
|
rp_id = "localhost"
|
|
rp_origin = "https://localhost:8443"
|
|
display_name = "MCIAS (dev)"
|