diff options
author | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-02-09 11:16:36 +0100 |
---|---|---|
committer | Tor Brede Vekterli <vekterli@yahooinc.com> | 2023-02-10 14:14:47 +0100 |
commit | 7424ae2c638e2d7cdb7885cbf84b98d5c5258006 (patch) | |
tree | d26241fa56bf3331696f1e3524fb5c43176ac174 /controller-server/src/main/resources | |
parent | f62bb48baf715609606faa82a6119012b8a727de (diff) |
Add a controller handler for resealing decryption tokens
Handles an _already authenticated and authorized request_, using a
config-provided secret private key decrypt the original token and
reseal it towards the requested public key.
Key IDs are expected to be on the format "name.version" where version
is an unsigned integer. The name must exactly match the key name used
to look up the secret private key, or the request will be failed.
Diffstat (limited to 'controller-server/src/main/resources')
-rw-r--r-- | controller-server/src/main/resources/configdefinitions/vespa.hosted.controller.config.core-dump-token-resealing.def | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/controller-server/src/main/resources/configdefinitions/vespa.hosted.controller.config.core-dump-token-resealing.def b/controller-server/src/main/resources/configdefinitions/vespa.hosted.controller.config.core-dump-token-resealing.def new file mode 100644 index 00000000000..eec6e482cf9 --- /dev/null +++ b/controller-server/src/main/resources/configdefinitions/vespa.hosted.controller.config.core-dump-token-resealing.def @@ -0,0 +1,6 @@ +# Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +namespace=vespa.hosted.controller.config + +# Key name for private key used for re-sealing decryption tokens. +# Using the default of "" means the resealing feature is disabled and no key will be looked up. +resealingPrivateKeyName string default="" |