HashiCorp Vault configuration for DID keys and Hydra credentials storage. When enabled, Vault provides persistent storage for: - DID private/public keys (ensures same DID across pod restarts) - Hydra OAuth2 client credentials (prevents duplicate client registrations) This is critic
| 957 | |
| 958 | |
| 959 | class VaultSettings(BaseSettings): |
| 960 | """HashiCorp Vault configuration for DID keys and Hydra credentials storage. |
| 961 | |
| 962 | When enabled, Vault provides persistent storage for: |
| 963 | - DID private/public keys (ensures same DID across pod restarts) |
| 964 | - Hydra OAuth2 client credentials (prevents duplicate client registrations) |
| 965 | |
| 966 | This is critical for Kubernetes deployments where pods are ephemeral. |
| 967 | """ |
| 968 | |
| 969 | model_config = SettingsConfigDict( |
| 970 | env_file=".env", |
| 971 | env_prefix="VAULT__", |
| 972 | extra="allow", |
| 973 | ) |
| 974 | |
| 975 | # Vault connection |
| 976 | url: str = Field( |
| 977 | default="http://localhost:8200", |
| 978 | validation_alias=AliasChoices("VAULT__URL", "VAULT_ADDR"), |
| 979 | description="Vault server URL (e.g., https://vault.example.com:8200)", |
| 980 | ) |
| 981 | token: str = Field( |
| 982 | default="", |
| 983 | validation_alias=AliasChoices("VAULT__TOKEN", "VAULT_TOKEN"), |
| 984 | description="Vault authentication token for API access", |
| 985 | ) |
| 986 | |
| 987 | # Enable/disable Vault |
| 988 | enabled: bool = Field( |
| 989 | default=False, |
| 990 | description="Enable Vault integration for persistent credential storage", |
| 991 | ) |
| 992 | |
| 993 | |
| 994 | class OAuthSettings(BaseSettings): |