feat(auth): support per-deploy login password key override
Multi-replica deployments need every Pod/container to share one RSA private key, otherwise public keys handed to the browser may not match the key that decrypts the resulting ciphertext. Introduce a `*.local.yaml` override layer that ops-config and tenant-config both load on top of the base config, ship example overrides plus compose/k3s wiring, and tolerate PEM bodies that arrive folded or escaped from Secrets.
This commit is contained in:
@@ -169,6 +169,13 @@ jwt:
|
||||
access_ttl: 15m
|
||||
refresh_ttl: 720h
|
||||
|
||||
auth:
|
||||
password_cipher:
|
||||
# 生产多实例请在 config.local.yaml 中配置同一把 private_key_pem。
|
||||
enabled: true
|
||||
key_id: login-password-rsa-oaep-v1
|
||||
private_key_pem: ""
|
||||
|
||||
log:
|
||||
level: info,warn,error
|
||||
format: json
|
||||
|
||||
Reference in New Issue
Block a user