**IAM Token Encryption Configuration Module**
We are excited to introduce a new **IAM configuration module** to streamline token encryption management and enhance security controls. This update focuses on centralized CLI-driven configuration for token encryption settings, ensuring consistency and flexibility in cryptographic handling.
**Key Additions:**
- **CLI Configuration Options**:
- Added support for configuring token encryption via two domains:
- `iam`: Select the token encryption algorithm (currently **HS256**).
- `token_hs256`: Set the encryption key value.
- Defaults: `HS256` is preconfigured as the algorithm, and `secret` is the default encryption key.
- **Dynamic Algorithm Initialization**:
- Implemented `get_token_encryption_algorithm()` to dynamically load the configured algorithm (e.g., HS256) and inject the corresponding encryption key from the CLI settings.
- **Validation & Security**:
- Added safeguards to reject unsupported algorithms, ensuring only explicitly allowed methods (currently HS256) are used.
- **Integration**:
- Aligned with existing constants (`glc_iam_c.ALGORITHM_HS256`) and cryptographic implementations (`algorithms.HS256`) for consistency.
- Module location: `gcl_iam/opts.py`.
This enhancement empowers administrators to manage token encryption settings directly via CLI, improving both security and configurability. Future updates will expand support for additional algorithms.
**Upgrade Note**: Ensure encryption keys are updated from the default (`secret`) in production environments.