Skip to content

Commit

Permalink
Clarify authentication and token management (#74)
Browse files Browse the repository at this point in the history
* Clarify authentication and token management

* Update description to more closely follow jwt-secret spec

* Consistent spelling of key manager
  • Loading branch information
nflaig authored Mar 29, 2024
1 parent a71e126 commit f99e415
Showing 1 changed file with 7 additions and 4 deletions.
11 changes: 7 additions & 4 deletions keymanager-oapi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,12 @@ info:
All requests by default send and receive JSON, and as such should have either or both of the "Content-Type: application/json"
and "Accept: application/json" headers.
All sensitive routes are to be authenticated with a token. This token should be provided by the user via a secure channel:
- Log the token to stdout when running the binary with the key manager API enabled
- Read the token from a file available to the binary
All sensitive routes MUST be authenticated with a token.
The key manager binary SHOULD accept a configuration parameter: `token-file`, which designates a file containing the hex-encoded token
of at least 256 bits. If such a parameter is not given, the client SHOULD generate such a token and write it to a file, to be reused
across multiple restarts of the binary. If such a parameter is given, but the file or token cannot be read, the client SHOULD treat this
as an error: either abort the startup, or show the error and continue without exposing the key manager routes.
version: "v1.0.0"
contact:
name: Ethereum Github
Expand Down Expand Up @@ -63,7 +66,7 @@ components:
bearerAuth:
type: http
scheme: bearer
bearerFormat: URL safe token, optionally JWT
bearerFormat: URL safe, opaque token

schemas:
Pubkey:
Expand Down

0 comments on commit f99e415

Please sign in to comment.