mirror of
https://github.com/ClusterCockpit/cc-backend
synced 2026-06-17 17:07:29 +02:00
Jan Eitzinger
83d04dff17
Secrets (JWT keys, LDAP sync password, OIDC client id/secret, cross-login keys) are now configured directly in config.json under the auth section where they are used. Each secret can still be supplied via its existing environment variable, which takes precedence over the config value. The godotenv dependency, the .env file, configs/env-template.txt and the loadEnvironment() bootstrap step are removed. -init now writes the demo JWT keys into config.json instead of a .env file. Closes #283 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Entire-Checkpoint: 3a7cb814c53f
28 lines
1.0 KiB
Markdown
28 lines
1.0 KiB
Markdown
# Convert a public Ed25519 key (in PEM format) for use in ClusterCockpit
|
|
|
|
Imagine you have externally generated JSON Web Tokens (JWT) that should be accepted by CC backend. This external provider shares its public key (used for JWT signing) in PEM format:
|
|
|
|
```
|
|
-----BEGIN PUBLIC KEY-----
|
|
MCowBQYDK2VwAyEA+51iXX8BdLFocrppRxIw52xCOf8xFSH/eNilN5IHVGc=
|
|
-----END PUBLIC KEY-----
|
|
```
|
|
|
|
Unfortunately, ClusterCockpit does not handle this format (yet). You can use this tool to convert the public PEM key into a representation for CC:
|
|
|
|
```
|
|
cross-login-public-key: "+51iXX8BdLFocrppRxIw52xCOf8xFSH/eNilN5IHVGc="
|
|
```
|
|
|
|
Instructions
|
|
|
|
- `cd tools/convert-pem-pubkey/`
|
|
- Insert your public ed25519 PEM key into `dummy.pub`
|
|
- `go run . dummy.pub`
|
|
- Set the result as `cross-login-public-key` under `auth.jwts` in ClusterCockpit's
|
|
`config.json` (or supply it via the `CROSS_LOGIN_JWT_PUBLIC_KEY` environment
|
|
variable, which takes precedence)
|
|
- (Re)start ClusterCockpit backend
|
|
|
|
Now CC can validate generated JWTs from the external provider.
|