b939cfa2fa
Multi-replica deployments need every Pod/container to share one RSA private key, otherwise public keys handed to the browser may not match the key that decrypts the resulting ciphertext. Introduce a `*.local.yaml` override layer that ops-config and tenant-config both load on top of the base config, ship example overrides plus compose/k3s wiring, and tolerate PEM bodies that arrive folded or escaped from Secrets.
9 lines
366 B
Plaintext
9 lines
366 B
Plaintext
auth:
|
||
password_cipher:
|
||
enabled: true
|
||
key_id: ops-password-rsa-oaep-v1
|
||
# 建议与租户端使用不同私钥。复制本文件为 ops-config.local.yaml,
|
||
# 所有 ops-api 副本必须读取同一份私钥;不要提交生产私钥。
|
||
# 留空时应用会生成单进程临时私钥,只适合本机单副本试跑。
|
||
private_key_pem: ""
|