Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: support multiple jwt public keys #5090

Merged
merged 1 commit into from
Dec 10, 2024
Merged

feat: support multiple jwt public keys #5090

merged 1 commit into from
Dec 10, 2024

Conversation

zacharyhamm
Copy link
Contributor

Support two JWT keys. One used for signing (the primary private key), and an extra one for verification, so that we can rotate keys without downtime, and then remove the "secondary" if desired. It also now possible to specify the key algorithm. ES256 and RS256 are supported but RS256 will be removed.

Adds a new crate, si-jwt-public-key (since this logic needs to be shared between sdf and the module-index).

@zacharyhamm zacharyhamm force-pushed the zack/support-multiple-signing-keys branch 2 times, most recently from 69bdb8d to da87f8f Compare December 9, 2024 19:39
@zacharyhamm zacharyhamm marked this pull request as ready for review December 9, 2024 19:39
@zacharyhamm zacharyhamm requested a review from fnichol December 9, 2024 19:44
@zacharyhamm zacharyhamm force-pushed the zack/support-multiple-signing-keys branch 4 times, most recently from 4f768d6 to c57385f Compare December 9, 2024 20:14
sprutton1
sprutton1 previously approved these changes Dec 9, 2024
View reviewed changes
@zacharyhamm zacharyhamm force-pushed the zack/support-multiple-signing-keys branch from c57385f to 27d25c3 Compare December 10, 2024 15:56
stack72
stack72 previously approved these changes Dec 10, 2024
View reviewed changes
@zacharyhamm zacharyhamm added this pull request to the merge queue Dec 10, 2024
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Dec 10, 2024
@zacharyhamm
feat: support multiple jwt public keys
050eb5c 
Support two JWT keys. One used for signing (the primary private key),
and an extra one for verification, so that we can rotate keys without
downtime, and then remove the "secondary" if desired. It also now
possible to specify the key algorithm. ES256 and RS256 are supported but
RS256 will be removed.

Adds a new crate, `si-jwt-public-key` (since this logic needs to be
shared between sdf and the module-index).
@zacharyhamm zacharyhamm force-pushed the zack/support-multiple-signing-keys branch from 27d25c3 to 050eb5c Compare December 10, 2024 17:51
@zacharyhamm zacharyhamm added this pull request to the merge queue Dec 10, 2024
Merged via the queue into main with commit 3dd4384 Dec 10, 2024
8 checks passed
@zacharyhamm zacharyhamm deleted the zack/support-multiple-signing-keys branch December 10, 2024 18:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stack72 stack72 stack72 approved these changes

@sprutton1 sprutton1 sprutton1 left review comments

@fnichol fnichol Awaiting requested review from fnichol

@johnrwatson johnrwatson Awaiting requested review from johnrwatson

Assignees
No one assigned
Labels
A-auth A-buck2-resources A-bytes-lines-codec A-config-file A-cyclone Area: Function execution engine [Rust] A-dal A-dal-test A-forklift A-module-index A-nats-subscriber A-object-tree A-pinga A-rebaser A-sdf Area: Primary backend API service [Rust] A-si-data-nats A-si-data-pg A-si-layer-cache A-si-pkg A-si-pool-noodle A-si-posthog-rs A-si-settings Area: Backend service settings management [Rust] A-si-std A-si-test-macros A-telemetry-application-rs A-telemetry-rs A-veritech Area: Task execution backend service [Rust]
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zacharyhamm @stack72 @sprutton1