Files
geo/deploy/config.local.yaml.example
root b939cfa2fa
Deployment Config CI / Deployment Config (push) Successful in 27s
Backend CI / Backend (push) Successful in 15m4s
feat(auth): support per-deploy login password key override
Multi-replica deployments need every Pod/container to share one RSA private key, otherwise public keys handed to the browser may not match the key that decrypts the resulting ciphertext. Introduce a `*.local.yaml` override layer that ops-config and tenant-config both load on top of the base config, ship example overrides plus compose/k3s wiring, and tolerate PEM bodies that arrive folded or escaped from Secrets.
2026-05-14 11:54:40 +08:00

12 lines
503 B
Plaintext
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
auth:
password_cipher:
enabled: true
key_id: login-password-rsa-oaep-v1
# 多 Pod / 多容器部署必须使用同一把私钥。复制本文件为 config.local.yaml
# 再粘贴完整 PEM;不要提交生产私钥。留空时应用会生成单进程临时私钥,
# 只适合本机单副本试跑,不适合多副本生产。
#
# 生成示例:
# openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out login-password-rsa.pem
private_key_pem: ""