daml/ledger-service/jwt
pbatko-da bd01a211f4
[DPP-418] Protect Participant TLS keys (#10629)
Adding support for accepting server's private key as an encrypted file (since storing unencrypted private key in a file system might be a risk).

Encrypted private key is assumed to be encrypted using AES or similar algorithm. The details necessary to decrypt it are be obtained from a secrets server over HTTP as JSON document. The URL to secret's server is supplied through the new `--secrets-url` CLI parameter.

One can supply private in either plaintext (old behavior) or ciphertext: if a private key's file ends with .enc suffix it is assumed to be ciphertext. Otherwise it is assumed to be plain text.

CHANGELOG_BEGIN
- [DPP-418] [Participant] Add support for supplying server's private key as an encrypted file and then decrypting it with the help of a secrets server.
CHANGELOG_END
2021-08-30 09:24:52 +02:00
..
src [DPP-418] Protect Participant TLS keys (#10629) 2021-08-30 09:24:52 +02:00
BUILD.bazel [DPP-418] Protect Participant TLS keys (#10629) 2021-08-30 09:24:52 +02:00
README.md JWT HMAC256 Authorization (#2389) 2019-08-07 16:26:26 +00:00

JWT (JSON Web Token)

How to generate JWT

TODO