Security Configuration
monetr uses Platform-Agnostic Security Tokens for authentication as well as other stateless validation. For example, the links sent for resetting your password via email include a short-lived token signed and scoped exclusively for password resets. This is all done using github.com/aidantwoods/go-paseto.
These tokens require an Ed25519 public and private key. If you are using
the provided Docker compose file then these are generated automatically the first time the server starts (via
--generate-certificates on the serve command). The generated certificate is stored in a single file
/etc/monetr/ed25519.key in PEM format, containing both the public and private key.
security:
privateKey: </etc/monetr/ed25519.key> # Path to your PEM encoded certificate.| Name | Type | Default | Description |
|---|---|---|---|
privateKey | String | /etc/monetr/ed25519.key | The path to the PEM encoded Ed25519 certificate that monetr will use for all security tokens. |
This configuration cannot be defined via environment variable at this time.
Generate Your Own Certificate
If you want to provide your own certificate you can generate your own certificate using the following command:
openssl genpkey -algorithm ED25519 -out ed25519.keyTo see the public key from this generated certificate:
openssl pkey -in ed25519.key -pubout -textmonetr does not support certificate rotation for the security certificate. To rotate the certificate simply regenerate the certificate file and restart the monetr server. Any existing tokens will no longer be considered valid, this will also logout any currently active or signed on users.