shorter jwt secret name

2025-05-07 13:34:24 -04:00 · 2025-05-07 13:34:24 -04:00 · ccba29e3e4
commit ccba29e3e4
parent 53ae1dc377
3 changed files with 12 additions and 6 deletions
--- a/.env.sample
+++ b/.env.sample
@ -22,5 +22,5 @@ LETS_ENCRYPT_ENV=production
 #

 SECRET_SECRET_KEY_VERSION=v1
-SECRET_BASEROW_JWT_SIGNING_KEY_VERSION=v1
+SECRET_JWT_KEY_VERSION=v1

--- a/compose.yml
+++ b/compose.yml
@ -9,12 +9,12 @@ services:
    environment:
      - BASEROW_PUBLIC_URL=https://${DOMAIN}
      - SECRET_KEY_FILE=/run/secrets/secret_key
-      - BASEROW_JWT_SIGNING_KEY_FILE=/run/secrets/baserow_jwt_signing_key
+      - BASEROW_JWT_SIGNING_KEY_FILE=/run/secrets/jwt_key
      - BASEROW_CADDY_ADDRESSES=:80 
      - BASEROW_BUILDER_DOMAINS=${WILDCARD_DOMAIN}
    secrets:
      - secret_key
-      - baserow_jwt_signing_key
+      - jwt_key
    deploy:
      restart_policy:
        condition: on-failure
@ -28,7 +28,7 @@ services:
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
-        - "coop-cloud.${STACK_NAME}.version=0.7.0+1.31.1"
+        - "coop-cloud.${STACK_NAME}.version=1.0.0+1.31.1"
    healthcheck:
      test: ["CMD", "./baserow.sh", "backend-cmd", "backend-healthcheck"]
      interval: 30s
@ -50,6 +50,6 @@ secrets:
  secret_key:
    external: true
    name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
-  baserow_jwt_signing_key:
+  jwt_key:
    external: true
-    name: ${STACK_NAME}_baserow_jwt_signing_key_${SECRET_BASEROW_JWT_SIGNING_KEY_VERSION}
+    name: ${STACK_NAME}_jwt_key_${SECRET_JWT_KEY_VERSION}
--- a/release/1.0.0+1.31.1
+++ b/release/1.0.0+1.31.1
@ -0,0 +1,6 @@
+This upgrade changes the name of the jwt signing key secret from baserow_jwt_signing_key to jwt_key
+EXISTING DEPLOYMENTS MUST COPY THIS SECRET TO THE NEW LOCATION:
+# Retrieve the current jwt key value:
+docker exec <your_baserow_container_name> cat /run/secrets/baserow_jwt_signing_key
+# Create the new secret
+abra app secret insert <your_baserow_domain> jwt_key v1 <value returned by previous command>