Set up proper secret key for JWT in production

tengen-io / server

:white_circle: Server implementation of the board game Go

MIT License

13 stars 4 forks source link

Set up proper secret key for JWT in production #20

Closed camirmas closed 5 years ago

camirmas commented 5 years ago

Right now in jwt.go we have this function:

func getKey() []byte {
    h := sha256.New()

    return h.Sum([]byte("TODO: pull secret key from safe place"))
}

This is clearly not acceptable for production, let's set this function up to pull from Docker secrets files like we do with Postgres when we are in a prod environment.