# I was not positive how exactly to group these arguments, the name groups make sense
# to me at the time of writing this.

###################################################################################
#                                  Data Stores                                    #
###################################################################################
# cabundle is used to validate certificates
cabundle: ~/path/to/cabundle

# certpath and keypath together make up the recipients database
certpath: ~/path/to/certificates
keypath: ~/path/to/keys

# pwstore is which the passwords will be saved
pwstore: ~/passdb/passwords/base

###################################################################################
#                               System Resources                                  #
###################################################################################
# card_slot is the pkcs library card to be used, if not specified it will be 0
# card_slot: 0

# identity is the active user of pkpass, defaults to system username
identity: ${put_your_cert_name_here}

# time is use in the clipboard functionality to decide how long to keep a password in the
# clipboard
time: 30

###################################################################################
#                              Password Modifications                             #
###################################################################################
# Escrow is a feature that allows someone to shard shares of passwords to a group of individuals
# none of these shards by themselves will reveal the password, however, enough parts of the shards
# together allow for recovery of said password.

# escrow_users are the group of users that you shard passwords to
# min_escrow is the minimum number of escrow_users needed to recover the password
# escrow_users: bob, alice, jim
# min_escrow: 2

# Pkpass supports the ability to generate passwords based on a user-defined regular expression
# rules_map is used in pkpass's generation functionality, if you ask for a generated password
# it will by default look at 'default'; if you define in your rc file a value for 'rules'
# the new default will be that key

# rules_map:
#   default: "[^\\s]{20}"
#   different_pattern: "([a-z]|[A-Z]|[0-9]){15}"

# rules: different_pattern

###################################################################################
#                            Custom PkPass functionality                          #
###################################################################################
# You can custom define groups in this file as well, is this example mitm
# consists of users bob, alice, eve, chuck and you could distribute a password
# to this group with `pkpass.py distribute -g mitm`
# mitm: bob, alice, eve, chuck

# pkpass supports allowing plugins to connect out to external services for certificates
# connect defines an arbitrary dictionary that will be used for a given connector
# The root name will need to match the installed python module The names of the keys
# under 'ExampleConnector' should match what the connector library is expecting
# there are not global defined keys to use. Consult the library you are importing for what the keys should be
# base directory tells it where to store the certs locally

# connect:
#   base_directory: /path/to/local/certs
#   ExampleConnector:
#     url_arg: "https://example.com"
#     id_arg: "567"
#     key_arg: "super_secret_key"
#     arbitrary_list_arg:
#       - "26994"
#   or an empty map
#   NoReqConnector: {}

###################################################################################
#                                     Theming                                     #
###################################################################################
# pkpass supports colorful output you can turn this off by setting the following to 
# false instead
color: true
# pkpass also supports the user changing the colors that will appear by providing a 
# color map using 256 colors

# theme_map:
#   you can pass in the numerical representation
#   info: "1"
#   if you pass a wrong value, it will go with the default color
#   first_level: "257"
#   you can pass a hex value
#   second_level: "#0000FF"
#   or you could pass the color name
#   warning: "yellow"
