API Reference
Configuration

Configuration

The SecureOptions interface defines the configuration options for the secureConnect() function.

Interface

interface SecureOptions {
  spiffe: {
    trustDomain: string;
    keyDir: string;
  };
  policy?: {
    endpoint?: string;
    initialPolicy?: PolicyDocument;
  };
  rpc?: {
    connection?: {
      endpoint?: string;
      hostname?: string;
      port?: number;
    };
  };
  monitoring?: {
    onEvent?: (event: SecurityEvent) => void;
  };
}
 
interface PolicyDocument {
  id: string;
  rego: string;
}

Properties

spiffe (required)

Identity management configuration using SPIFFE standard.

  • trustDomain: string
    • The SPIFFE trust domain (e.g., "company.local")
    • Required for identity verification
  • keyDir: string
    • Directory for storing identity certificates
    • Must be writable by the process

policy (optional)

Policy enforcement configuration using OPA.

  • endpoint: string
  • initialPolicy: PolicyDocument
    • Initial Rego policy document with ID and code
    • Optional, can be loaded later

rpc (optional)

Secure communication configuration.

  • connection:
    • endpoint: string
      • Full RPC endpoint URL
      • Alternative to separate hostname/port
    • hostname: string
      • Server hostname
      • Default: "localhost"
    • port: number
      • Server port number
      • Default: 50051

monitoring (optional)

Security event monitoring configuration.

  • onEvent: (event: SecurityEvent) => void
    • Event handler for security events
    • If not provided, events are logged to console
    • Note: Monitoring is always enabled, this just customizes the handler

Default Monitoring

If no monitoring configuration is provided, events are automatically logged to console in this format:

console.log('[AZTP:Security]', JSON.stringify({
  type: 'identity|policy|rpc|business',
  agentId: 'agent-id',
  timestamp: '2024-01-10T12:00:00.000Z',
  data: {
    // Event-specific data
  }
}, null, 2));

Examples

Basic Configuration (Identity Only)

const options: SecureOptions = {
  spiffe: {
    trustDomain: "company.local",
    keyDir: "./certs"
  }
};

With Policy Enforcement

const options: SecureOptions = {
  spiffe: {
    trustDomain: "company.local",
    keyDir: "./certs"
  },
  policy: {
    endpoint: "http://localhost:8181",
    initialPolicy: {
      id: "basic_policy",
      rego: `
        package aztp.authz
        default allow = false
        allow {
          input.action == "read"
        }
      `
    }
  }
};

Full Configuration

const options: SecureOptions = {
  spiffe: {
    trustDomain: "company.local",
    keyDir: "./certs"
  },
  policy: {
    endpoint: "http://localhost:8181",
    initialPolicy: myPolicyDocument
  },
  rpc: {
    connection: {
      hostname: "localhost",
      port: 50051
    }
  },
  monitoring: {
    onEvent: (event) => {
      console.log('[Security Event]', event);
    }
  }
};
IndexTypes