Files

CI / test (push) Successful in 5s

Details

Server keys in etc/, bind in docker compose

- bin/gen-server-keys.sh: generate Ed25519 keypair to etc/server-service.{pub,key,env}
- main.go: read keys from file (ADMIN_PUBLIC_KEY_FILE) when env empty
- docker-compose: env_file etc/server-service.env, mount etc/
- bin/up.sh: auto-run gen-server-keys if etc/server-service.env missing
- ErrRegistrationNotConfigured for clearer 503 when keys not set
- etc/README.md, etc/.gitignore
- bin/gen-admin-key.sh for one-off key gen
- .env.example

Made-with: Cursor

2026-03-01 13:02:40 +00:00

.gitignore

Server keys in etc/, bind in docker compose

2026-03-01 13:02:40 +00:00

README.md

Server keys in etc/, bind in docker compose

2026-03-01 13:02:40 +00:00

README.md

Server Service Keys

Server Ed25519 keypair for client authentication and registration.

Generate

./bin/gen-server-keys.sh

Creates:

server-service.pub — public key; clients download via GET /v1/service-key
server-service.key — private key (keep secret)
server-service.env — env vars for docker compose (ADMIN_PUBLIC_KEY, SERVICE_PUBLIC_KEY)

Client Usage

Clients fetch the server public key and use it to:

Register — sign the server pubkey, post to POST /v1/auth/register-by-signature
Verify server identity — for future signed responses or request validation

Docker Compose

The api service uses env_file: etc/server-service.env and mounts ./etc so keys are available. Run ./bin/gen-server-keys.sh before first docker compose up.