Persist JWT signing key in dedicated /data folder by default (#128)

jbern0rd · web-flow · commit 4a728869c6ff · 2024-02-28T12:23:49.000+01:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -17,6 +17,10 @@ All notable changes to this project will be documented in this file.
 - Verify TEE tasks `enclaveSignature` before accepting IPFS upload. (#125 #126)
 - Persist `WorkerpoolAuthorization` instances to MongoDB. (#127)
 
+### Bug Fixes
+
+- Persist JWT signing key in dedicated `/data` folder by default. (#128)
+
 ### Quality
 
 - Remove results download endpoints which are never used. (#117)
diff --git a/Dockerfile b/Dockerfile
@@ -13,7 +13,8 @@ RUN groupadd --system appuser \
 
 WORKDIR /app
 COPY $jar iexec-result-proxy.jar
-RUN chown -R appuser:appuser /app
+RUN mkdir /data
+RUN chown -R appuser:appuser /app /data
 
 USER appuser
 ENTRYPOINT [ "java", "-Djava.security.egd=file:/dev/./urandom", "-jar", "iexec-result-proxy.jar" ]
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -23,7 +23,7 @@ ipfs:
   port: ${IEXEC_IPFS_PORT:5001}
 
 jwt:
-  key-path: /app/jwt-sign.key
+  key-path: /data/jwt-sign.key
 
 springdoc:
   packagesToScan: com.iexec.resultproxy
