type Config struct {
NonceService struct {
cmd.ServiceConfig
MaxUsed int
// TODO(#6610): Remove once we've moved to derivable prefixes by
// default.
NoncePrefix string `validate:"excluded_with=UseDerivablePrefix,omitempty,len=4"`
// UseDerivablePrefix indicates whether to use a nonce prefix derived
// from the gRPC listening address. If this is false, the nonce prefix
// will be the value of the NoncePrefix field. If this is true, the
// NoncePrefixKey field is required.
//
// TODO(#6610): Remove once we've moved to derivable prefixes by
// default.
UseDerivablePrefix bool `validate:"excluded_with=NoncePrefix"`
// NoncePrefixKey is a secret used for deriving the prefix of each nonce
// instance. It should contain 256 bits (32 bytes) of random data to be
// suitable as an HMAC-SHA256 key (e.g. the output of `openssl rand -hex
// 32`). In a multi-DC deployment this value should be the same across
// all boulder-wfe and nonce-service instances. This is only used if
// UseDerivablePrefix is true.
//
// TODO(#6610): Edit this comment once we've moved to derivable prefixes
// by default.
NoncePrefixKey cmd.PasswordConfig `validate:"excluded_with=NoncePrefix,structonly"`
Syslog cmd.SyslogConfig
OpenTelemetry cmd.OpenTelemetryConfig
}
}