In the context of the FDO TO2 protocol, we need to use a token as the session key during the Device Onboarding process (see related task here).
To achieve this, we plan to use Phoenix.Tokens, which provide JWT-like semantics and rely on a secret_key_base to sign and verify tokens.
We would like to have this secret_key_base configured as a fixed value, retrieved from the system environment variable SECRET_KEY_BASE, and made available when the Astarte Pairing Service is running in the cluster.
Key requirements:
Fallback behavior:
In the unlikely event that this requirement is not met (e.g., cluster migration), a self-healing retry mechanism is already in place to handle token validation failures gracefully.
In the context of the FDO TO2 protocol, we need to use a token as the session key during the Device Onboarding process (see related task here).
To achieve this, we plan to use Phoenix.Tokens, which provide JWT-like semantics and rely on a secret_key_base to sign and verify tokens.
We would like to have this secret_key_base configured as a fixed value, retrieved from the system environment variable SECRET_KEY_BASE, and made available when the Astarte Pairing Service is running in the cluster.
Key requirements:
The SECRET_KEY_BASE must be the same across all replicas of the Astarte Pairing Service.
The value must remain stable across pod restarts and crashes.
Fallback behavior:
In the unlikely event that this requirement is not met (e.g., cluster migration), a self-healing retry mechanism is already in place to handle token validation failures gracefully.