[global]
server_version = "IPAKeys/0.0.1"
server_socket = $IPA_CUSTODIA_SOCKET
auditlog = $IPA_CUSTODIA_AUDIT_LOG

[auth:simple]
handler = custodia.httpd.authenticators.SimpleCredsAuth
uid = $UID
gid = $GID

[auth:header]
handler = custodia.httpd.authenticators.SimpleHeaderAuth
header = GSS_NAME

[authz:kemkeys]
handler = ipapython.secrets.kem.IPAKEMKeys
paths = /keys
store = ipa
server_keys = $IPA_CUSTODIA_CONF_DIR/server.keys

[store:ipa]
handler = ipapython.secrets.store.iSecStore
ldap_uri = $LDAP_URI

[/keys]
handler = custodia.secrets.Secrets
allowed_keytypes = kem
store = ipa