Skip to content

Commit c032397

Browse files
committed
make the keys base64.urlsafe
1 parent 27c3fd8 commit c032397

1 file changed

Lines changed: 5 additions & 2 deletions

File tree

charts/wger/templates/hooks/jwt-keygen.yaml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,9 @@ spec:
3939
# Derive the public key (PEM format)
4040
openssl rsa -pubout -in /tmp/jwt.key -out /tmp/jwt.pub
4141
42+
# The keys are base64-wrapped JWK, with python `base64.urlsafe_b64encode`
43+
# https://github.com/wger-project/wger/blob/master/wger/core/management/commands/generate-jwt-keys.py
44+
#
4245
# Update or create the secret
4346
cat <<EOF | kubectl apply -f -
4447
apiVersion: v1
@@ -47,7 +50,7 @@ spec:
4750
name: {{ .Values.app.jwt.secret.name | default "jwt" }}
4851
namespace: {{ .Release.Namespace }}
4952
stringData:
50-
private-key: {{ .Values.app.jwt.secret.privateKey | default $(cat /tmp/jwt.key) | quote }}
51-
public-key: {{ .Values.app.jwt.secret.publicKey | default $(cat /tmp/jwt.pub) | quote }}
53+
private-key: {{ .Values.app.jwt.secret.privateKey | default $(cat /tmp/jwt.key | base64 -w0 | tr '+/' '-_') | quote }}
54+
public-key: {{ .Values.app.jwt.secret.publicKey | default $(cat /tmp/jwt.pub | base64 -w0 | tr '+/' '-_') | quote }}
5255
EOF
5356
{{- end }}

0 commit comments

Comments
 (0)