From 5587dd37e3ecaea52805af7bcb3c517bb10ec36b Mon Sep 17 00:00:00 2001 From: "Kai A. Hiller" Date: Mon, 21 Jul 2025 18:10:14 +0200 Subject: [PATCH 1/4] docs: Remove requirement for arbitrary KIDs --- docs/reference/configuration.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md index 4dad3d6a0..b3b6f6f31 100644 --- a/docs/reference/configuration.md +++ b/docs/reference/configuration.md @@ -257,8 +257,10 @@ The following key types are supported: - ECDSA with the P-384 (`secp384r1`) curve - ECDSA with the K-256 (`secp256k1`) curve -Each entry must have a unique (and arbitrary) `kid`, plus the key itself. -The key can either be specified inline (with the `key` property), or loaded from a file (with the `key_file` property). +Each entry must have a unique `kid`, plus the key itself. The `kid` can be any +case-sensitive string value as long as it is unique to this list; `kid` values +must not be stable across restarts. The key can either be specified inline (with +the `key` property), or loaded from a file (with the `key_file` property). The following key formats are supported: - PKCS#1 PEM or DER-encoded RSA private key From 2ecc502b05e87611f327c51cce7824cc6a52f6f5 Mon Sep 17 00:00:00 2001 From: "Kai A. Hiller" Date: Wed, 23 Jul 2025 09:39:52 +0200 Subject: [PATCH 2/4] Adapt markdown formatting --- docs/reference/configuration.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md index b3b6f6f31..1a8ed2908 100644 --- a/docs/reference/configuration.md +++ b/docs/reference/configuration.md @@ -257,10 +257,11 @@ The following key types are supported: - ECDSA with the P-384 (`secp384r1`) curve - ECDSA with the K-256 (`secp256k1`) curve -Each entry must have a unique `kid`, plus the key itself. The `kid` can be any -case-sensitive string value as long as it is unique to this list; `kid` values -must not be stable across restarts. The key can either be specified inline (with -the `key` property), or loaded from a file (with the `key_file` property). +Each entry must have a unique `kid`, plus the key itself. +The `kid` can be any case-sensitive string value as long as it is unique to this list; +`kid` values must not be stable across restarts. +The key can either be specified inline (with the `key` property), +or loaded from a file (with the `key_file` property). The following key formats are supported: - PKCS#1 PEM or DER-encoded RSA private key From da94650706e82b5ef3e76e012c771cfc0298b366 Mon Sep 17 00:00:00 2001 From: "Kai A. Hiller" Date: Wed, 23 Jul 2025 09:43:43 +0200 Subject: [PATCH 3/4] Fix wording --- docs/reference/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md index 1a8ed2908..5fd35f9d1 100644 --- a/docs/reference/configuration.md +++ b/docs/reference/configuration.md @@ -259,7 +259,7 @@ The following key types are supported: Each entry must have a unique `kid`, plus the key itself. The `kid` can be any case-sensitive string value as long as it is unique to this list; -`kid` values must not be stable across restarts. +`kid` values don’t need to be stable across restarts. The key can either be specified inline (with the `key` property), or loaded from a file (with the `key_file` property). The following key formats are supported: From 858b388eecf2f7f32d1b7f14a227796e841a9829 Mon Sep 17 00:00:00 2001 From: "Kai A. Hiller" Date: Wed, 23 Jul 2025 12:31:38 +0200 Subject: [PATCH 4/4] KIDs must be stable across restarts --- docs/reference/configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md index 5fd35f9d1..9fdd48a26 100644 --- a/docs/reference/configuration.md +++ b/docs/reference/configuration.md @@ -259,7 +259,7 @@ The following key types are supported: Each entry must have a unique `kid`, plus the key itself. The `kid` can be any case-sensitive string value as long as it is unique to this list; -`kid` values don’t need to be stable across restarts. +a key’s `kid` value must be stable across restarts. The key can either be specified inline (with the `key` property), or loaded from a file (with the `key_file` property). The following key formats are supported: