2933: Add Keep signing key configuration to Docker.

This is a little hypothetical until we Dockerize the new Keep server,
but it's necessary to get the API server running.

Refs #2933.

diff --git a/docker/api/secret_token.rb.in b/docker/api/secret_token.rb.in
index 201870bdd86932bf8e6720556085552cf9a658bd..30084803f08f7733ab8c127e25b1dfa77b68f946 100644 (file)
--- a/docker/api/secret_token.rb.in
+++ b/docker/api/secret_token.rb.in
@@ -5,3 +5,8 @@
 # Make sure the secret is at least 30 characters and all random,
 # no regular words or you'll be exposed to dictionary attacks.
 Server::Application.config.secret_token = '@@API_SECRET@@'
+
+# The blob_signing_key is a string of alphanumeric characters used
+# to sign permission hints for Keep locators. It must be identical
+# to the permission key given to Keep.
+Server::Application.config.blob_signing_key = '@@KEEP_SIGNING_SECRET@@'

diff --git a/docker/config.yml.example b/docker/config.yml.example
index da06fee255f046f701cc1b92585d106f45e16f8e..515fcbefd5121bbddb567c54aaa768b1008cc538 100644 (file)
--- a/docker/config.yml.example
+++ b/docker/config.yml.example
@@ -45,6 +45,10 @@ ARVADOS_PROD_PW:
 # will be chosen randomly at build time. This is the
 # recommended setting.
 
+# The signing key shared by Keep at the API server to verify
+# blob permission signatures.
+KEEP_SIGNING_SECRET:
+
 # The value for the Rails config.secret_token setting.
 API_SECRET: