-
Notifications
You must be signed in to change notification settings - Fork 0
Configuration
Cédric Clerget edited this page Feb 8, 2021
·
1 revision
The server can get configuration from multiple sources depending on how the server is started, a configuration can be passed as first argument, if not specified it will to parse a file at /usr/local/etc/spks/server.yaml, if there no configuration found or specified it will use sensible defaults which are suitable for testing purpose only.
-
bind-address: Bind address/port where server listen on -
public-url: Public URL as exposed to external clients (also used in mail template) -
signing-pgpkey: Signing PGP key used by the server to sign public key identities, this can be a path or a base64 encoded string containing the PGP key in armored ASCII format. The PGP key must contain both public and private key (without password) in armored ASCII format -
certificate: HTTP TLS configuration-
public-key: Path to (or base64 encoded) public key for HTTPS support -
private-key: Path to (or base64 encoded) private key for HTTPS support
-
-
admin-email: Administrator email address, also used as sender address when sending verification emails -
mail-identity-domains: Filter public key identities based on mail address domain -
mail-identity-verification: Enable/Disable the mail identity verification, the server send an email to the mail address set in PGP key identity inviting user to validate his key -
key-push-rate-limit: Defines the rate limit limiting the number of key push requests that a user can do per minute (example: "2/1" allows 2 key push requests per minute) -
mail: SMTP mail client configuration-
smtp-server: Hostname/ip of the SMTP server -
smtp-port: Port of the SMTP server -
smtp-username: Username account to use to send mail from this server -
smtp-password: Password credentials to use to send mail -
smtp-insecure-tls: Use insecure TLS connection -
subject: Mail message subject -
message: Mail message (see the 'Mail message template' for the template variables)
-
-
db: Database used by the server to store public keys ("default" is the only supported value) -
db-config: Database related configuration (for "default" database)-
dir: Database storage directory
-
Environment variables always take precedence over configuration values from the configuration file. Here the list of recognized environment variables:
| Environment variable | YAML directive overridden |
|---|---|
SPKS_BIND_ADDRESS |
bind-address |
SPKS_PUBLIC_URL |
public-url |
SPKS_SIGNING_PGPKEY |
signing-pgpkey |
SPKS_PUBLIC_KEY_CERT |
certificate.public-key |
SPKS_PRIVATE_KEY_CERT |
certificate.private-key |
SPKS_ADMIN_EMAIL |
admin-email |
SPKS_MAIL_IDENTITY_DOMAINS |
mail-identiy-domains |
SPKS_MAIL_IDENTITY_VERIFICATION |
mail-identity-verification |
SPKS_KEY_PUSH_RATE_LIMIT |
key-push-rate-limit |
SPKS_MAIL_SMTP_SERVER |
mail.smtp-server |
SPKS_MAIL_SMTP_PORT |
mail.smtp-port |
SPKS_MAIL_SMTP_USERNAME |
mail.smtp-username |
SPKS_MAIL_SMTP_PASSWORD |
mail.smtp-password |
SPKS_MAIL_SMTP_INSECURE_TLS |
mail.smtp-insecure-tls |
SPKS_DBCONFIG_DIR |
db-config.dir |
The default mail message template is:
Hello {{.Name}},
You've just submitted a public key on {{.PublicURL}}, this requires you to validate
that the key was pushed by you, so in order to finalize the validation process you
need to enter one of the following command from the same machine you originally pushed
the key:
- if you pushed it with Singularity please enter the following command in your terminal:
singularity key push -u {{.PublicAuthURL}} {{.Fingerprint}}
- if you pushed it with gpg tool, please enter the following command in your terminal:
curl --data-urlencode "keytext=$(gpg --armor --export {{.Fingerprint}})" {{.PublicAuthURL}}/pks/add
---------------------
This message was sent from the public key server {{.PublicURL}}.
Please ignore this message if you didn't submit this key or report any abuse by responding to this message.
Available variables are:
-
{{.Name}}: the name set by user during the creation of his public PGP key -
{{.PublicURL}}: the configured public URL -
{{.PublicAuthURL}}: the generated public URL with token used to validate the public PGP key submission -
{{.Fingerprint}}: the user's public PGP key fingerprint