1e2e395676
- Add field_validator to expand literal \n in PEM keys (auth config + shared config) - Set extra='ignore' on shared Settings so service-specific .env vars don't cause ValidationError - Add *.pem to .gitignore
35 lines
1.2 KiB
Python
35 lines
1.2 KiB
Python
"""Auth Service — local configuration.
|
|
|
|
Contains secrets that ONLY the Auth Service needs (e.g., JWT private key).
|
|
These are NOT in shared/config.py to prevent other services from accessing them.
|
|
"""
|
|
|
|
from pydantic import field_validator
|
|
from pydantic_settings import BaseSettings, SettingsConfigDict
|
|
|
|
|
|
class AuthSettings(BaseSettings):
|
|
# RS256 private key (PEM format). Used to SIGN JWTs.
|
|
# Only the Auth Service has this. Generate with:
|
|
# openssl genpkey -algorithm RSA -out private.pem -pkeyopt rsa_keygen_bits:2048
|
|
# Then set the env var (newlines as \n):
|
|
# JWT_PRIVATE_KEY="-----BEGIN PRIVATE KEY-----\nMIIEv..."
|
|
JWT_PRIVATE_KEY: str = ""
|
|
|
|
# RS256 public key (PEM format). Used to VERIFY JWTs.
|
|
# Derived from the private key:
|
|
# openssl rsa -in private.pem -pubout -out public.pem
|
|
JWT_PUBLIC_KEY: str = ""
|
|
|
|
@field_validator("JWT_PRIVATE_KEY", "JWT_PUBLIC_KEY", mode="before")
|
|
@classmethod
|
|
def _expand_pem_newlines(cls, v: str) -> str:
|
|
if isinstance(v, str) and r"\n" in v:
|
|
return v.replace(r"\n", "\n")
|
|
return v
|
|
|
|
model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8")
|
|
|
|
|
|
auth_settings = AuthSettings()
|