Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

auth: use a centrally stored jwt signing private key #1402

Merged
merged 12 commits into from
Nov 23, 2023
Merged

auth: use a centrally stored jwt signing private key #1402

merged 12 commits into from
Nov 23, 2023

Conversation

iulianbarbu
Copy link
Contributor

@iulianbarbu iulianbarbu commented Nov 18, 2023
edited
Loading

Description of change

We want our auth service to not generate a new private key for JWT signing at each release. This change should help in not invalidating the cached JWTs on the gateway when auth is released in isolation.

  • start auth service based on an environment secret passed through a flag, for JWT signing.
  • local development will use a default secret set in the docker-compose.dev.yml, to not require setting it up in the environment before starting the stack locally (the secret is compromised since it is stored in version control and we shouldn't use it for anything outside local development).
  • the JWT signing private key parsing logic will fail early in case the provided key is not valid (e.g when empty if forgetting to set it)

How has this been tested? (if applicable)

  • checked the parsing locally by starting the auth service
  • Tested on staging:
  1. deployed all services
  2. deployed a project
  3. scaled auth service down to 0 and then up to 1
  4. rerun immediately a command
  5. checked auth logs and no JWT conversion happened in auth while doing 4 (meaning a cached JWT was used successfully).

@iulianbarbu iulianbarbu changed the title Feature/eng 1857 store centrally and use the auth jwt signing pairkey auth: use a centrally stored jwt signing private key Nov 18, 2023
@iulianbarbu iulianbarbu force-pushed the feature/eng-1857-store-centrally-and-use-the-auth-jwt-signing-pairkey branch 2 times, most recently from 62b2f78 to eeac485 Compare November 20, 2023 16:38
oddgrd
oddgrd reviewed Nov 22, 2023
View reviewed changes
Copy link
Contributor

@oddgrd oddgrd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense! I left one question.

auth/src/args.rs Show resolved Hide resolved
Kazy
Kazy reviewed Nov 22, 2023
View reviewed changes
auth/src/args.rs Show resolved Hide resolved
auth/src/secrets.rs Outdated Show resolved Hide resolved
@iulianbarbu iulianbarbu force-pushed the feature/eng-1857-store-centrally-and-use-the-auth-jwt-signing-pairkey branch 3 times, most recently from 771ec52 to cc88518 Compare November 22, 2023 12:53
chesedo
chesedo reviewed Nov 22, 2023
View reviewed changes
Copy link
Contributor

@chesedo chesedo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really nice!! 🥳

Left small comments.

auth/src/args.rs Show resolved Hide resolved
auth/src/secrets.rs Outdated Show resolved Hide resolved
docker-compose.dev.yml Show resolved Hide resolved
@iulianbarbu iulianbarbu force-pushed the feature/eng-1857-store-centrally-and-use-the-auth-jwt-signing-pairkey branch 2 times, most recently from 4e13fa4 to ec21ef7 Compare November 22, 2023 13:55
@iulianbarbu iulianbarbu mentioned this pull request Nov 22, 2023
Merged
@iulianbarbu iulianbarbu force-pushed the feature/eng-1857-store-centrally-and-use-the-auth-jwt-signing-pairkey branch from 84e917e to 565d4b6 Compare November 22, 2023 20:17
@iulianbarbu iulianbarbu force-pushed the feature/eng-1857-store-centrally-and-use-the-auth-jwt-signing-pairkey branch from 565d4b6 to 31a96fd Compare November 23, 2023 07:59
@iulianbarbu iulianbarbu force-pushed the feature/eng-1857-store-centrally-and-use-the-auth-jwt-signing-pairkey branch from 31a96fd to 220df0d Compare November 23, 2023 08:05
chesedo
chesedo reviewed Nov 23, 2023
View reviewed changes
Copy link
Contributor

@chesedo chesedo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Small nit

auth/src/secrets.rs Outdated Show resolved Hide resolved
@jonaro00 @chesedo
nit: simplify comment
1b38ca7 
Co-authored-by: Pieter <pieter@chesedo.me>
@jonaro00 jonaro00 merged commit b7471ac into main Nov 23, 2023
@jonaro00 jonaro00 deleted the feature/eng-1857-store-centrally-and-use-the-auth-jwt-signing-pairkey branch November 23, 2023 11:05
@iulianbarbu iulianbarbu mentioned this pull request Dec 14, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chesedo chesedo chesedo left review comments

@Kazy Kazy Awaiting requested review from Kazy

@oddgrd oddgrd Awaiting requested review from oddgrd

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@iulianbarbu @Kazy @chesedo @oddgrd @jonaro00