security:
  api:
    jwt:
      sign:
        expiresIn: 5m
        # to avoid invalid verification token, more info on JWT page
        notBefore: 0

storage: ./storage

auth:
  htpasswd:
    file: ./htpasswd

packages:
  '@token/*':
    access: $authenticated
    publish: $authenticated
  'only-you-can-publish':
    access: $authenticated
    publish: $authenticated

log: { type: stdout, format: pretty, level: debug }

## enable token for testing
flags:
  token: true