Add constructor for static key strategy #1802
Conversation
xtremerui
force-pushed
the
pr/static-public-key-sync
branch
4 times, most recently
from
a45e269
to
49d556a
Compare
xtremerui
force-pushed
the
pr/static-public-key-sync
branch
from
49d556a
to
87a3b79
Compare
There was a problem hiding this comment.
@xtremerui can you please rebase your PR? And also signoff your commits?
Also, it'd be nice to hear more about your use case for Dex. I recall you maintaining a fork, but PRs like this rather tells that you use Dex as a "library" (or rather configure it in a different way in your own app).
TBH I'm usually not a huge fan of (re)using application code in other applications, but given you seem to be an active user, you might have a story to tell. Also, given that there is no way to add custom connectors at the moment, this could actually be the only way to provide better support for that use case as well.
|
Thx for your time @sagikazarmark reviewing this. The reason that we want to have a static key could be found here concourse/concourse@1199aae Concoures can run of multiple web nodes and each of that has its own dex server. If the key is by default rotating after 6/24 hours, the rotated key will be different in each of them. So we want to make sure there is a default way to deploy Concourse with multiple web nodes that operator don't need to do anything special to sync the signing keys between dex servers. |
Co-authored-by: Josh Winters <jwinter@pivotal.io> Signed-off-by: Rui Yang <ruiya@vmware.com>
xtremerui
force-pushed
the
pr/static-public-key-sync
branch
from
87a3b79
to
bd2234c
Compare
|
Gotcha! I think the docker failure is normal at this point, so I think this is good to go. |
Allow user to provide a static key for signing without rotation.