chore: update .env.example files for RS256 + Redis
- Root .env.example: replace JWT_SECRET/JWT_ALGORITHM with JWT_PUBLIC_KEY, add REDIS_URL - Auth Service .env.example: JWT_PRIVATE_KEY + JWT_PUBLIC_KEY with generation instructions
This commit is contained in:
Roberto Musso
14
.env.example
14
.env.example
@@ -4,9 +4,17 @@ ENV=dev
|
||||
# ── Database ──────────────────────────────────────────────────────────────────
|
||||
DATABASE_URL=postgresql+asyncpg://postgres:postgres@localhost:5432/adiuva
|
||||
|
||||
# ── Auth ──────────────────────────────────────────────────────────────────────
|
||||
JWT_SECRET=replace-with-a-long-random-secret
|
||||
JWT_ALGORITHM=HS256
|
||||
# ── Redis ─────────────────────────────────────────────────────────────────────
|
||||
REDIS_URL=redis://localhost:6379/0
|
||||
|
||||
# ── Auth (JWT RS256) ──────────────────────────────────────────────────────────
|
||||
# Public key for optional local JWT verification (Traefik ForwardAuth handles
|
||||
# this in production — services trust X-User-* headers from Traefik).
|
||||
# Generate keypair:
|
||||
# openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048
|
||||
# openssl rsa -in private.pem -pubout -out public.pem
|
||||
# Paste PEM content with literal \n for newlines.
|
||||
JWT_PUBLIC_KEY=
|
||||
JWT_ACCESS_TOKEN_EXPIRE_MINUTES=30
|
||||
JWT_REFRESH_TOKEN_EXPIRE_DAYS=30
|
||||
|
||||
|
||||
19
services/auth/.env.example
Normal file
19
services/auth/.env.example
Normal file
@@ -0,0 +1,19 @@
|
||||
# ── Auth Service ──────────────────────────────────────────────────────────────
|
||||
# This file contains env vars specific to the Auth Service.
|
||||
# Shared vars (DATABASE_URL, REDIS_URL, etc.) come from the root .env
|
||||
# or from docker-compose environment.
|
||||
|
||||
# ── JWT RS256 Keys ────────────────────────────────────────────────────────────
|
||||
# Generate keypair:
|
||||
# openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048
|
||||
# openssl rsa -in private.pem -pubout -out public.pem
|
||||
#
|
||||
# Paste PEM content with literal \n for newlines:
|
||||
# JWT_PRIVATE_KEY=-----BEGIN PRIVATE KEY-----\nMIIEvQ...
|
||||
# JWT_PUBLIC_KEY=-----BEGIN PUBLIC KEY-----\nMIIBIj...
|
||||
|
||||
# PRIVATE KEY — used to SIGN JWTs. NEVER share outside this service.
|
||||
JWT_PRIVATE_KEY=
|
||||
|
||||
# PUBLIC KEY — used to VERIFY JWTs.
|
||||
JWT_PUBLIC_KEY=
|
||||
Reference in New Issue
Block a user