-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsafe_house.example.toml
More file actions
96 lines (87 loc) · 2.61 KB
/
Copy pathsafe_house.example.toml
File metadata and controls
96 lines (87 loc) · 2.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
[database]
# Database Path
# -------------
# Location at which the database shall be stored.
#
# Environment: SAFEHOUSE_DATABASE_PATH
# Default: ./data
path = "./data"
# Database Compression
# --------------------
# Whether the database shall be compressed using zlib.
#
# Environment: SAFEHOUSE_DATABASE_COMPRESS
# Default: true
compress = true
[security]
# Authentication Method
# ---------------------
# Method which shall be used for authenticating users.
#
# The following options are currently available:
#
# - none => all features (apart from the instance administration) are available without
# authentication - USE WITH GREAT CARE
#
# - internal => authentication is performed within safe_house through an internal user list
#
# Environment: SAFEHOUSE_SECURITY_AUTH_METHOD
# Default: internal
auth_method = "internal"
[document]
# Expiration Job Frequency
# ------------------------
# Period at which document expiration is performed (in minutes).
#
# Environment: SAFEHOUSE_DOCUMENT_EXPIRATION_JOB_MINUTES
# Default: 30
expiration_job_minutes = 30
# Key Derivation Rounds
# ---------------------
# Rounds performed for the key derivation algorithm on the client side when decrypting documents.
#
# Higher values cause key derivation to take longer but increase resilience against attempts to
# brute force the key material.
#
# Note: This value is persisted within documents. As such, changes to this value are only reflected
# in newly created documents.
#
# Environment: SAFEHOUSE_DOCUMENT_KEY_DERIVATION_ROUNDS
# Default: 600_000
key_derivation_rounds = 600000
[ratelimit]
# Rate Limit Enabled
# ------------------
# Whether rate limiting shall be applied to vulnerable endpoints.
#
# Default: true
enabled = true
# Login Burst Limit
# -----------------
# Maximum number of burst login requests permitted to be sent at a given time.
#
# Default: 8
auth_login_burst = 8
# Login Limit Regain Period
# -------------------------
# Defines the amount of minutes that have to pass before another request to the login endpoint is
# added to the remaining quota.
#
# This value effectively describes the maximum frequency at which logins may be performed (e.g.
# every 10 minutes if set to 10).
#
# Default: 10
auth_login_regain_minutes = 10
# Document Creation Limit
# -----------------------
# Maximum number of documents which may be created per hour from a given network address.
#
# Default: 10
document_creations_per_hour = 10
# Document View Limit
# -------------------
# Maximum number of document views which may be performed within a given hour for a given network
# address.
#
# Default: 30
document_views_per_hour = 30