bertsky
commented
1 year ago We currently have
| name | default | comment |
|---|---|---|
| APP_KEY | ./kitodo/.ssh/id_rsa | file path with private SSH key of ocrd user (should match one of MANAGER_KEYS) |
| MANAGER_KEYS | ./ocrd/manager/.ssh/authorized_keys | file path with public SSH keys of users allowed to log in |
| MANAGER_KEY | ./ocrd/manager/.ssh/id_rsa | file path with private SSH key of internal ocrd user (should match one of CONTROLLER_KEYS) |
| CONTROLLER_KEYS | ./ocrd/controller/.ssh/authorized_keys | file path with public SSH keys of users allowed to log in |
(from documentation, automatically extracted from .env).
I agree it's a bit cryptic (singular vs. plural keys). But I don't like long variable names, and we should not name the keys after what they are used for, but where they are installed.
So how about …
- APP_PRIV_KEYFILE
- MANAGER_PUB_KEYFILE
- MANAGER_PRIV_KEYFILE
- CONTROLLER_PUB_KEYFILE
…instead?
markusweigelt
I regularly get confused by the naming of the environment variables for SSH keys. For example, when I read
MANAGER_KEY, I immediately assume that it's the key to access the manager when it's actually the manager's key to access the controller. Similarly, there areMANAGER_KEYSandCONTROLLER_KEYSwhich I wouldn't know how to use either if it weren't for the explanatory comments next to them in the example.envfile.Therefore, I propose the following new names:
MANAGER_KEY->MANAGER__CONTROLLER_ACCESS_KEYMANAGER_KEYS->MANAGER__AUTHORIZED_KEYSCONTROLLER_KEYS->CONTROLLER__AUTHORIZED_KEYSNote that I included double underscores after the name of the service that the respective variables belong to. I find that it especially communicates the purpose of
MANAGER__CONTROLLER_ACCESS_KEYmore clearly that way.