Skip to content

Commit d867e84

Browse files
EliMoshkovichEliMoshkovich
authored
Merge branch 'master' into PER-11752-add-rc-support-ci
2 parents 8af3884 + 6abc1d3 commit d867e84

4 files changed

+7
-2
lines changed

app-tests/docker-compose-app-tests.yml

+1
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ services:
2424
- OPAL_POLICY_REPO_WEBHOOK_PARAMS={"secret_header_name":"x-webhook-token","secret_type":"token","secret_parsing_regex":"(.*)","event_request_key":"gitEvent","push_event_value":"git.push"}
2525
- OPAL_AUTH_PUBLIC_KEY=${OPAL_AUTH_PUBLIC_KEY}
2626
- OPAL_AUTH_PRIVATE_KEY=${OPAL_AUTH_PRIVATE_KEY}
27+
- OPAL_AUTH_PRIVATE_KEY_PASSPHRASE=${OPAL_AUTH_PRIVATE_KEY_PASSPHRASE}
2728
- OPAL_AUTH_MASTER_TOKEN=${OPAL_AUTH_MASTER_TOKEN}
2829
- OPAL_AUTH_JWT_AUDIENCE=https://api.opal.ac/v1/
2930
- OPAL_AUTH_JWT_ISSUER=https://opal.ac/

app-tests/run.sh

+3-1
Original file line numberDiff line numberDiff line change
@@ -3,14 +3,16 @@ set -e
33

44
export OPAL_AUTH_PUBLIC_KEY
55
export OPAL_AUTH_PRIVATE_KEY
6+
export OPAL_AUTH_PRIVATE_KEY_PASSPHRASE
67
export OPAL_AUTH_MASTER_TOKEN
78
export OPAL_CLIENT_TOKEN
89
export OPAL_DATA_SOURCE_TOKEN
910

1011
function generate_opal_keys {
1112
echo "- Generating OPAL keys"
1213

13-
ssh-keygen -q -t rsa -b 4096 -m pem -f opal_crypto_key -N ""
14+
OPAL_AUTH_PRIVATE_KEY_PASSPHRASE="123456"
15+
ssh-keygen -q -t rsa -b 4096 -m pem -f opal_crypto_key -N "$OPAL_AUTH_PRIVATE_KEY_PASSPHRASE"
1416
OPAL_AUTH_PUBLIC_KEY="$(cat opal_crypto_key.pub)"
1517
OPAL_AUTH_PRIVATE_KEY="$(tr '\n' '_' < opal_crypto_key)"
1618
rm opal_crypto_key.pub opal_crypto_key

docker/docker-compose-with-security.yml

+1
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@ services:
3939
# private key (used for signing on new JWT tokens).
4040
- OPAL_AUTH_PUBLIC_KEY=${OPAL_AUTH_PUBLIC_KEY}
4141
- OPAL_AUTH_PRIVATE_KEY=${OPAL_AUTH_PRIVATE_KEY}
42+
- OPAL_AUTH_PRIVATE_KEY_PASSPHRASE=${OPAL_AUTH_PRIVATE_KEY_PASSPHRASE}
4243
# the master token is used in only one scenario - when we want to generate a new JWT token.
4344
# the /token api endpoint on the OPAL server is the only endpoint that requires the master token.
4445
- OPAL_AUTH_MASTER_TOKEN=${OPAL_AUTH_MASTER_TOKEN}

docker/run-example-with-security.sh

+2-1
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,8 @@ echo "keys and run OPAL in *secure mode*."
2222
echo "------------------------------------------------------------------"
2323

2424
echo "generating opal crypto keys..."
25-
ssh-keygen -q -t rsa -b 4096 -m pem -f opal_crypto_key -N ""
25+
export OPAL_AUTH_PRIVATE_KEY_PASSPHRASE="123456"
26+
ssh-keygen -q -t rsa -b 4096 -m pem -f opal_crypto_key -N "$OPAL_AUTH_PRIVATE_KEY_PASSPHRASE"
2627

2728
echo "saving crypto keys to env vars and removing temp key files..."
2829
export OPAL_AUTH_PUBLIC_KEY=`cat opal_crypto_key.pub`

0 commit comments

Comments
 (0)