feat(dev): generate OIDC signing keys on just dev if missing #22

Merged

longjacksonle merged 1 commit from feat/dev-ensure-oidc-keys into main 2026-05-31 19:29:21 +02:00

Conversation 0 Commits 1 Files changed 1 +17 -3

longjacksonle commented 2026-05-31 19:29:17 +02:00

Owner

Copy link

bunyip-api is the OIDC issuer and loads an Ed25519 signing key at startup (OIDC_JWT_PRIVATE_KEY_PATH), so a fresh clone fails to boot until the key exists - the .env.example only documents the manual openssl steps in a comment. Add an idempotent ensure-oidc-keys recipe that generates secrets/dev-2026.pem + .pub.pem (kid dev-2026, matching the .env.example defaults) when absent, and make dev / dev-detach / dev-sso depend on it alongside ensure-env. Mirrors mokosh-server's ensure-oidc-keys. The keypair stays gitignored.

Co-Authored-By: Claude Opus 4.8 (1M context) noreply@anthropic.com

bunyip-api is the OIDC issuer and loads an Ed25519 signing key at startup (OIDC_JWT_PRIVATE_KEY_PATH), so a fresh clone fails to boot until the key exists - the .env.example only documents the manual openssl steps in a comment. Add an idempotent `ensure-oidc-keys` recipe that generates secrets/dev-2026.pem + .pub.pem (kid dev-2026, matching the .env.example defaults) when absent, and make dev / dev-detach / dev-sso depend on it alongside ensure-env. Mirrors mokosh-server's ensure-oidc-keys. The keypair stays gitignored. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

longjacksonle added 1 commit 2026-05-31 19:29:17 +02:00

feat(dev): generate OIDC signing keys on just dev if missing ... 7926e5be3c

bunyip-api is the OIDC issuer and loads an Ed25519 signing key at startup (OIDC_JWT_PRIVATE_KEY_PATH), so a fresh clone fails to boot until the key exists - the .env.example only documents the manual openssl steps in a comment. Add an idempotent `ensure-oidc-keys` recipe that generates secrets/dev-2026.pem + .pub.pem (kid dev-2026, matching the .env.example defaults) when absent, and make dev / dev-detach / dev-sso depend on it alongside ensure-env. Mirrors mokosh-server's ensure-oidc-keys. The keypair stays gitignored.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

longjacksonle merged commit 50131e9f63 into main 2026-05-31 19:29:21 +02:00

longjacksonle deleted branch feat/dev-ensure-oidc-keys 2026-05-31 19:29:22 +02:00

longjacksonle referenced this pull request from a commit 2026-05-31 19:29:22 +02:00

Merge pull request 'feat(dev): generate OIDC signing keys on `just dev` if missing' (#22) from feat/dev-ensure-oidc-keys into main

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No labels

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

psa-systems/bunyip!22

No description provided.