You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
The Dockerfile is currently set to generate these keys, meaning that they get regenerated each time an image is built. The keys should be kept the same between deployments as otherwise all signed in user's sessions would be invalidated. Also, from a security perspective, such keys should not be generated during build because they can easily be found in the image.
Because of the above, it is best to generate these keys outside of Docker (on the Docker host for example) and then import them in the container via Docker volumes.
Acceptance criteria:
Dockerfile does not generate JWT signing keys
JWT signing keys are imported via Docker volumes
Image builds successfully
Container works as expected
The text was updated successfully, but these errors were encountered:
Description:
The
Dockerfile
is currently set to generate these keys, meaning that they get regenerated each time an image is built. The keys should be kept the same between deployments as otherwise all signed in user's sessions would be invalidated. Also, from a security perspective, such keys should not be generated during build because they can easily be found in the image.Because of the above, it is best to generate these keys outside of Docker (on the Docker host for example) and then import them in the container via Docker volumes.
Acceptance criteria:
The text was updated successfully, but these errors were encountered: