Andriy Oblivantsev
18328706bd
CI / test (push) Successful in 5s
- bin/gen-server-keys.sh: generate Ed25519 keypair to etc/server-service.{pub,key,env}
- main.go: read keys from file (ADMIN_PUBLIC_KEY_FILE) when env empty
- docker-compose: env_file etc/server-service.env, mount etc/
- bin/up.sh: auto-run gen-server-keys if etc/server-service.env missing
- ErrRegistrationNotConfigured for clearer 503 when keys not set
- etc/README.md, etc/.gitignore
- bin/gen-admin-key.sh for one-off key gen
- .env.example
Made-with: Cursor
27 lines
812 B
Markdown
27 lines
812 B
Markdown
# Server Service Keys
|
|
|
|
Server Ed25519 keypair for client authentication and registration.
|
|
|
|
## Generate
|
|
|
|
```bash
|
|
./bin/gen-server-keys.sh
|
|
```
|
|
|
|
Creates:
|
|
|
|
- `server-service.pub` — public key; clients download via `GET /v1/service-key`
|
|
- `server-service.key` — private key (keep secret)
|
|
- `server-service.env` — env vars for docker compose (`ADMIN_PUBLIC_KEY`, `SERVICE_PUBLIC_KEY`)
|
|
|
|
## Client Usage
|
|
|
|
Clients fetch the server public key and use it to:
|
|
|
|
1. **Register** — sign the server pubkey, post to `POST /v1/auth/register-by-signature`
|
|
2. **Verify server identity** — for future signed responses or request validation
|
|
|
|
## Docker Compose
|
|
|
|
The api service uses `env_file: etc/server-service.env` and mounts `./etc` so keys are available. Run `./bin/gen-server-keys.sh` before first `docker compose up`.
|