up
Some checks failed
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Build Test Deploy / authority-container (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
Some checks failed
Build Test Deploy / docs (push) Has been cancelled
Build Test Deploy / deploy (push) Has been cancelled
Build Test Deploy / build-test (push) Has been cancelled
Build Test Deploy / authority-container (push) Has been cancelled
Docs CI / lint-and-preview (push) Has been cancelled
This commit is contained in:
@@ -23,6 +23,25 @@ storage:
|
||||
# databaseName: "stellaops_authority"
|
||||
commandTimeout: "00:00:30"
|
||||
|
||||
# Signing configuration for revocation bundles and JWKS.
|
||||
signing:
|
||||
enabled: true
|
||||
activeKeyId: "authority-signing-2025-dev"
|
||||
keyPath: "../certificates/authority-signing-2025-dev.pem"
|
||||
algorithm: "ES256"
|
||||
keySource: "file"
|
||||
# provider: "default"
|
||||
additionalKeys:
|
||||
- keyId: "authority-signing-dev"
|
||||
path: "../certificates/authority-signing-dev.pem"
|
||||
source: "file"
|
||||
# Rotation flow:
|
||||
# 1. Generate a new PEM under ./certificates (e.g. authority-signing-2026-dev.pem).
|
||||
# 2. Trigger the .gitea/workflows/authority-key-rotation.yml workflow (or run
|
||||
# ops/authority/key-rotation.sh) with the new keyId/keyPath.
|
||||
# 3. Update activeKeyId/keyPath above and move the previous key into additionalKeys
|
||||
# so restarts retain retired material for JWKS consumers.
|
||||
|
||||
# Bootstrap administrative endpoints (initial provisioning).
|
||||
bootstrap:
|
||||
enabled: false
|
||||
|
||||
Reference in New Issue
Block a user