feat: allow using a local RSA key for machine keys (#7671)

* Allow using a local RSA key for machine keys * Add check for key validity * Fix naming error * docs: provide translations of invalid key --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 21:37:32 +00:00 · 2024-04-23 11:38:07 +02:00
parent df50c3835b
commit e46dd121cd
19 changed files with 80 additions and 13 deletions
--- a/proto/zitadel/management.proto
+++ b/proto/zitadel/management.proto
@@ -1734,7 +1734,7 @@ service ManagementService {

        option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_operation) = {
            summary: "Create Key for machine user";
-            description: "A new key is generated and will be returned in the response. Make sure to store the returned key. Machine keys are used to authenticate with jwt profile."
+            description: "If a public key is not supplied, a new key is generated and will be returned in the response. Make sure to store the returned key. If an RSA public key is supplied, the private key is omitted from the response. Machine keys are used to authenticate with jwt profile."
            tags: "Users";
            tags: "User Machine";
            responses: {
@@ -8504,6 +8504,12 @@ message AddMachineKeyRequest {
            description: "The date the key will expire and no logins will be possible";
        }
    ];
+    bytes public_key = 4 [
+        (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_field) = {
+           example: "\"LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1...\"";
+           description: "Optionally provide a public key of your own generated RSA private key.";
+        }
+    ];
 }

 message AddMachineKeyResponse {