TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 14:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: generate webkeys setup step (#10105)

Browse Source 
# Which Problems Are Solved

We are preparing to roll-out and stabilize webkeys in the next version
of Zitadel. Before removing legacy signing-key code, we must ensure all
existing instances have their webkeys generated.

# How the Problems Are Solved

Add a setup step which generate 2 webkeys for each existing instance
that didn't have webkeys yet.

# Additional Changes

Return an error from the config type-switch, when the type is unknown.

# Additional Context

- Part 1/2 of https://github.com/zitadel/zitadel/issues/10029
- Should be back-ported to v3
This commit is contained in:
Tim Möhlmann
2025-06-24 12:41:41 +03:00
committed by GitHub
parent 3a4298c179
commit fa9de9a0f1
4 changed files with 60 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/crypto/web_key.go
View File

@@ -7,6 +7,7 @@ import (
"crypto/rand"
"crypto/rsa"
"encoding/json"
"fmt"
"github.com/go-jose/go-jose/v4"
"github.com/muhlemmer/gu"
@@ -219,6 +220,8 @@ func generateWebKey(keyID string, genConfig WebKeyConfig) (private, public *jose
key, err = ecdsa.GenerateKey(conf.GetCurve(), rand.Reader)
case *WebKeyED25519Config:
_, key, err = ed25519.GenerateKey(rand.Reader)
default:
return nil, nil, fmt.Errorf("unknown webkey config type %T", genConfig)
}
if err != nil {
return nil, nil, err