Module config

Expand description

Configuration loading and validation.

The Kipuka EST server is configured via a single TOML file. The top-level Config struct owns all sub-configurations and provides Config::from_file for loading with semantic validation.

§Example configuration

[server]
listen_addr = "0.0.0.0:8443"

[tls]
enabled = true
cert_file = "/etc/kipuka/server.crt"
key_file  = "/etc/kipuka/server.key"
ca_file   = "/etc/kipuka/est-ca.pem"

[database]
url = "sqlite:///var/lib/kipuka/kipuka.db"

[[ca]]
id = "default"
is_default = true
key_file  = "/etc/kipuka/ca.key"
cert_file = "/etc/kipuka/ca.crt"

[est]
simpleenroll = true
simplereenroll = true

[audit]
enabled = true

Re-exports§

pub use crate::ocsp::OcspConfig;

Structs§

AdminConfig: [admin] section — administrative API configuration.
AdminGssapiConfig: GSSAPI/SPNEGO configuration for admin authentication.
AuditConfig: [audit] section — audit trail configuration.
CaConfig: [[ca]] section — per-CA key material and issuance policy.
CmpConfig: [cmp] section — CMP v3 certificate management endpoint.
CmsEstConfig: [cms_est] section — CMS message-level security for EST.
CoapConfig: [coap] section — CoAP transport for constrained devices.
Config: Root configuration for the Kipuka EST server.
DbConfig: [database] section — connection pool configuration.
EstConfig: [est] section — global EST protocol settings.
EstLabelConfig: [[est.label]] — per-label enrollment profile.
HsmConfig: [hsm] section — PKCS#11 HSM configuration.
OcspStaplingConfig: OCSP stapling configuration for the TLS listener.
OtpConfig: [otp] section — OTP enrollment authentication configuration.
OtpLdapConfig: LDAP backend configuration for OTP storage (RHELBU-3536 R7).
ServerConfig: [server] section — network listener and general server tuning.
StarConfig: [star] section — Short-Term Automatic Renewal certificates.
TlsConfig: [tls] section — TLS configuration for the EST listener.

Enums§

AdminAuthMethod: Admin authentication method.
ClientAuthMode: Client certificate authentication mode.
EstAuthMethod: Authentication method for EST enrollment requests.
HsmProvider: HSM provider identifier.
OtpStorageBackend: OTP storage backend.
OverflowPolicy: What to do when audit storage is exhausted (FAU_STG.4).
RotationPolicy: Audit log rotation policy.

Module config

Module config Copy item path

§Example configuration

Re-exports§

Structs§

Enums§

Module config