1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
# LuckDB Configuration Example
# Copy this file to config.toml and modify as needed
[]
# =============================================================================
# STORAGE CONFIGURATION
# =============================================================================
# Storage path for database files
# Can be a directory (e.g., "./data") or a specific file path (e.g., "./data/luckdb.json")
# If not specified, uses platform-specific default:
# - Windows: %USERPROFILE%\.luckdb
# - macOS/Linux: ~/.luckdb
= "./data"
# Auto-save interval in seconds (optional)
# Set to None or comment out for manual saving only
# Recommended for production: 300 (5 minutes)
# For development: 60 (1 minute) or manual
= 300
# Maximum number of backup files to keep
# Backups are created automatically when saving (if enabled)
# Set to 0 to disable backups
= 10
# =============================================================================
# ENCRYPTION CONFIGURATION
# =============================================================================
# Enable AES-256 encryption for data at rest
# When enabled, all data written to disk will be encrypted
# encryption_enabled = false # Default: false
= true
# Password for encryption key derivation
# REQUIRED when encryption_enabled = true
# Use a strong, unique password for each deployment
# Store this password securely - you'll need it to decrypt data
= "your_secure_encryption_password_here"
# =============================================================================
# AUTHENTICATION CONFIGURATION (Client-Server Mode)
# =============================================================================
# Username for authentication
# Optional: only required for client-server mode
= "admin"
# Password for authentication
# Optional: only required for client-server mode
# Use a strong password for production deployments
= "your_secure_auth_password_here"
# =============================================================================
# SERVER CONFIGURATION (Client-Server Mode)
# =============================================================================
# Server address and port for client connections
# Format: "host:port"
# Use "0.0.0.0:27017" to listen on all interfaces (not recommended for production)
# Use "127.0.0.1:27017" for local connections only
= "127.0.0.1:27017"
# =============================================================================
# PERFORMANCE CONFIGURATION
# =============================================================================
# Maximum number of concurrent client connections (optional)
# Default: 100
= 100
# Connection timeout in seconds (optional)
# Default: 30
= 30
# Query timeout in seconds (optional)
# Default: 60
= 60
# =============================================================================
# LOGGING CONFIGURATION
# =============================================================================
# Log level (optional)
# Options: "error", "warn", "info", "debug", "trace"
# Default: "info"
= "info"
# Log file path (optional)
# If not specified, logs go to stdout/stderr
# log_file = "./logs/luckdb.log"
# =============================================================================
# ADVANCED CONFIGURATION
# =============================================================================
# Enable query caching (optional)
# Can improve performance for repeated queries
# Default: false
= true
# Maximum cache size in MB (optional)
# Default: 100
= 100
# Enable compression for network data (optional)
# Default: true
= true
# =============================================================================
# DEVELOPMENT CONFIGURATION
# =============================================================================
# Enable debug mode (optional)
# Provides additional debugging information
# WARNING: Do not enable in production for security reasons
# debug_mode = false
# Enable query logging (optional)
# Logs all queries for debugging and analysis
# Default: false
= false
# Enable performance metrics (optional)
# Collects detailed performance statistics
# Default: false
= true
# =============================================================================
# EXAMPLE CONFIGURATIONS
# =============================================================================
# === DEVELOPMENT SETUP ===
# Uncomment for development environment
# [luckdb]
# storage_path = "./dev_data"
# encryption_enabled = false
# auto_save_interval_seconds = 60
# log_level = "debug"
# log_queries = true
# debug_mode = true
# === PRODUCTION SETUP ===
# Uncomment for production environment
# [luckdb]
# storage_path = "/var/lib/luckdb/data"
# encryption_enabled = true
# encryption_password = "CHANGE_ME_IN_PRODUCTION"
# auth_username = "admin"
# auth_password = "CHANGE_ME_IN_PRODUCTION"
# server_address = "127.0.0.1:27017"
# auto_save_interval_seconds = 300
# max_backup_files = 30
# log_level = "info"
# log_file = "/var/log/luckdb/luckdb.log"
# query_cache_enabled = true
# query_cache_size_mb = 500
# === TESTING SETUP ===
# Uncomment for testing environment
# [luckdb]
# storage_path = "./test_data"
# encryption_enabled = false
# auto_save_interval_seconds = null # Manual save only
# max_connections = 10
# log_level = "error"
# =============================================================================
# SECURITY NOTES
# =============================================================================
# 1. Encryption Password:
# - Use a strong, unique password for encryption
# - Store the password securely (password manager, environment variables, etc.)
# - Losing the password means losing access to encrypted data
# - Change encryption password requires data migration
# 2. Authentication:
# - Use strong passwords for auth_username and auth_password
# - Consider using environment variables for sensitive configuration
# - Rotate authentication credentials regularly
# 3. Network Security:
# - Use "127.0.0.1" for local-only access when possible
# - Configure firewall rules to restrict access to the server port
# - Consider using TLS termination proxy for internet-facing deployments
# 4. File Permissions:
# - Ensure appropriate file permissions on storage_path
# - Restrict access to configuration files containing passwords
# - Use file system encryption for additional security
# =============================================================================
# ENVIRONMENT VARIABLES
# =============================================================================
# Configuration values can be overridden with environment variables:
# - LUCKDB_STORAGE_PATH
# - LUCKDB_ENCRYPTION_ENABLED
# - LUCKDB_ENCRYPTION_PASSWORD
# - LUCKDB_AUTH_USERNAME
# - LUCKDB_AUTH_PASSWORD
# - LUCKDB_SERVER_ADDRESS
# - LUCKDB_AUTO_SAVE_INTERVAL_SECONDS
# - LUCKDB_MAX_BACKUP_FILES
# - LUCKDB_LOG_LEVEL
# Example:
# export LUCKDB_ENCRYPTION_PASSWORD="your_password_from_env"
# export LUCKDB_AUTH_PASSWORD="auth_password_from_env"