# `Pkcs11ex.Config` [๐Ÿ”—](https://github.com/utaladriz/pkcs11ex/blob/v0.1.0/lib/pkcs11ex/config.ex#L1) Configuration schema and validator for `pkcs11ex`. See `docs/specs/api.md` ยง1 for the canonical schema. This module is the authoritative implementation of that schema. Boot-time validation runs from `Pkcs11ex.Application.start/2`; bad configuration prevents the OTP application from starting. Two-stage validation: 1. **Schema validation** via `NimbleOptions` โ€” type-checks every key. 2. **Cross-field invariants** โ€” the eleven rules documented in `api.md` ยง1.5 (allowlist non-empty, default_slot exists, pin_callback rules, key/cert exclusivity, driver existence, driver pin SHA-256 match, etc.). All failures raise `Pkcs11ex.Error` with `reason: :invalid_config` and a `:path` indicating the offending config key. # `alg` ```elixir @type alg() :: :PS256 | :RS256 | :ES256 | :EdDSA ``` # `slot_type` ```elixir @type slot_type() :: :cloud_hsm | :token | :soft_hsm ``` # `t` ```elixir @type t() :: %Pkcs11ex.Config{ algorithms: %{optional(atom()) => module()}, allowed_algs: [alg(), ...], default_slot: atom() | nil, driver_pins: %{optional(String.t()) => String.t()}, session_timeout: non_neg_integer(), signature_header: String.t(), slots: keyword(), telemetry_prefix: [atom()], trust_policy: module() } ``` # `load!` ```elixir @spec load!(opts :: keyword()) :: t() ``` Loads, validates, and structures the configuration. ## Options * `:env` โ€” keyword list to validate. Defaults to `Application.get_all_env(:pkcs11ex)`. * `:check_files` โ€” when `true` (default), validates that each slot's driver exists on disk and that any `:driver_pins` SHA-256 matches the on-disk file. Tests pass `false` to skip these checks. ## Errors Raises `Pkcs11ex.Error` with `reason: :invalid_config` on any failure. The exception's `:path` indicates the offending config key. # `schema` ```elixir @spec schema() :: keyword() ``` Returns the canonical NimbleOptions schema (top-level only). --- *Consult [api-reference.md](api-reference.md) for complete listing*