custodia.conf

# /etc/custodia/custodia.conf

[global]
debug = true
# server_socket = /var/run/custodia/custodia.sock
server_url = http+unix://%2Fvar%2Frun%2Fcustodia%2Fcustodia.sock
# server_url = http://localhost:8080/secrets
auditlog = /var/log/custodia/audit.log

[store:sqlite]
handler = custodia.store.sqlite.SqliteStore
dburi = /var/lib/custodia/secrets.db
table = secrets

[store:encrypted_sqlite]
handler = custodia.store.encgen.EncryptedOverlay
backing_store = sqlite
master_key = /var/lib/custodia/secrets.key
master_enctype = A128CBC-HS256
autogen_master_key = true

[auth:creds]
handler = custodia.httpd.authenticators.SimpleCredsAuth
uid = 0
gid = 0

[authz:paths]
handler = custodia.httpd.authorizers.SimplePathAuthz
paths = /. /secrets

[/]
handler = custodia.root.Root
store = encrypted_sqlite

[/secrets/forwarder]
handler = custodia.forwarder.Forwarder
forward_uri = http://localhost:8080/secrets/loop