feat(postgraphile)!: use ecdsa key

dargmuesli · dargmuesli · commit 2f477d77ce6a · 2026-03-14T06:40:06.000+01:00
diff --git a/src/development/postgraphile/compose.yaml b/src/development/postgraphile/compose.yaml
@@ -46,7 +46,7 @@ services:
         target: /run/environment-variables/POSTGRAPHILE_OWNER_CONNECTION
     volumes:
       - ../../../../postgraphile/:/srv/app/ # dargstack:dev-only
-      - ../../production/postgraphile/configurations/jwtRS256.key.pub:/run/environment-variables/POSTGRAPHILE_JWT_PUBLIC_KEY:ro
+      - ./configurations/jwtES256.key.pub:/run/environment-variables/POSTGRAPHILE_JWT_PUBLIC_KEY:ro
       - pnpm-data:/srv/.pnpm-store/ # dargstack:dev-only
       - postgraphile-data:/srv/app/node_modules # dargstack:dev-only
 volumes:
@@ -60,6 +60,7 @@ x-dargstack:
       template: postgres://{{secret:postgres-role-service-postgraphile-username}}:{{secret:postgres-role-service-postgraphile-password}}@postgres:5432/{{secret:postgres-db}}
     postgraphile-jwt-secret:
       type: private_key
+      key_type: ecdsa
     postgraphile-owner-connection:
       type: template
       template: postgres://{{secret:postgres-user}}:{{secret:postgres-password}}@postgres:5432/{{secret:postgres-db}}
diff --git a/src/development/postgraphile/configurations/jwtES256.key.pub b/src/development/postgraphile/configurations/jwtES256.key.pub
@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgIYyEMm+hZzEnXhJLGUx9lwr3cKs
+W2uJ+zLvei380CrUEPARnWQNR/V0usS0EFypTQllniuCpbLG6un87kxh6w==
+-----END PUBLIC KEY-----
diff --git a/src/development/postgraphile/configurations/jwtRS256.key.pub b/src/development/postgraphile/configurations/jwtRS256.key.pub
diff --git a/src/development/reccoom/compose.yaml b/src/development/reccoom/compose.yaml
@@ -33,7 +33,7 @@ services:
       - reccoom-openai-api-key
     volumes:
       - ../../../../reccoom/:/srv/app/ # dargstack:dev-only
-      - ../../production/postgraphile/configurations/jwtRS256.key.pub:/run/configurations/jwtRS256.key.pub:ro
+      - ./configurations/jwtES256.key.pub:/run/configurations/jwtES256.key.pub:ro
   reccoom_postgres:
     # You can access reccoom's database via `adminer`.
     deploy:
diff --git a/src/development/vibetype/compose.yaml b/src/development/vibetype/compose.yaml
@@ -72,7 +72,7 @@ services:
       - ../../../artifacts/certificates/:/srv/certificates/ # dargstack:dev-only
       - ../../../../vibetype/:/srv/app/ # dargstack:dev-only
       - vibetype-data:/srv/app/node_modules # dargstack:dev-only
-      - ../postgraphile/configurations/jwtRS256.key.pub:/run/environment-variables/NUXT_PUBLIC_VIO_AUTH_JWT_PUBLIC_KEY:ro
+      - ../postgraphile/configurations/jwtES256.key.pub:/run/environment-variables/NUXT_PUBLIC_VIO_AUTH_JWT_PUBLIC_KEY:ro
 volumes:
   vibetype-data:
     # The frontend's data.
diff --git a/src/production/vibetype/compose.yaml b/src/production/vibetype/compose.yaml
@@ -48,6 +48,6 @@ services:
   #     - source: postgres-role-service-vibetype-username
   #       target: /run/environment-variables/PGUSER
   #   volumes:
-  #     - ./configurations/postgraphile/jwtRS256.key.pub:/run/environment-variables/NUXT_PUBLIC_VIO_AUTH_JWT_PUBLIC_KEY:ro
+  #     - ./configurations/postgraphile/jwtES256.key.pub:/run/environment-variables/NUXT_PUBLIC_VIO_AUTH_JWT_PUBLIC_KEY:ro
 volumes:
   vibetype_data: (( prune ))
