summaryrefslogtreecommitdiffstats
path: root/controller-server/src/main/resources
diff options
context:
space:
mode:
authorTor Brede Vekterli <vekterli@yahooinc.com>2023-02-09 11:16:36 +0100
committerTor Brede Vekterli <vekterli@yahooinc.com>2023-02-10 14:14:47 +0100
commit7424ae2c638e2d7cdb7885cbf84b98d5c5258006 (patch)
treed26241fa56bf3331696f1e3524fb5c43176ac174 /controller-server/src/main/resources
parentf62bb48baf715609606faa82a6119012b8a727de (diff)
Add a controller handler for resealing decryption tokens
Handles an _already authenticated and authorized request_, using a config-provided secret private key decrypt the original token and reseal it towards the requested public key. Key IDs are expected to be on the format "name.version" where version is an unsigned integer. The name must exactly match the key name used to look up the secret private key, or the request will be failed.
Diffstat (limited to 'controller-server/src/main/resources')
-rw-r--r--controller-server/src/main/resources/configdefinitions/vespa.hosted.controller.config.core-dump-token-resealing.def6
1 files changed, 6 insertions, 0 deletions
diff --git a/controller-server/src/main/resources/configdefinitions/vespa.hosted.controller.config.core-dump-token-resealing.def b/controller-server/src/main/resources/configdefinitions/vespa.hosted.controller.config.core-dump-token-resealing.def
new file mode 100644
index 00000000000..eec6e482cf9
--- /dev/null
+++ b/controller-server/src/main/resources/configdefinitions/vespa.hosted.controller.config.core-dump-token-resealing.def
@@ -0,0 +1,6 @@
+# Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
+namespace=vespa.hosted.controller.config
+
+# Key name for private key used for re-sealing decryption tokens.
+# Using the default of "" means the resealing feature is disabled and no key will be looked up.
+resealingPrivateKeyName string default=""