Add: create token signing key

author: Lars Wirzenius <liw@liw.fi> 2018-06-16 20:50:32 +0300
committer: Lars Wirzenius <liw@liw.fi> 2018-06-16 20:50:32 +0300
commit: 46f4d44d9565798249e59ab506a325333564de9f (patch)
tree: 30b993a500c1a8486a27204e16d362956d58fd36 /install.mdwn
parent: fa2b83d6fc44271a49695454738819b0a669130d (diff)
download: ick.liw.fi-46f4d44d9565798249e59ab506a325333564de9f.tar.gz
1 files changed, 11 insertions, 1 deletions
diff --git a/install.mdwn b/install.mdwn
index 932fb84..65f9f27 100644
--- a/install.mdwn
+++ b/install.mdwn
@@ -53,7 +53,8 @@ You will need to generate some of the secrets:
 * a worker SSH key (shared between all workers)
 * at least one Qvisqve client secret hash and salt (ideally for each
   worker)
-* optionally, a self-signe TLS certificate, unless you use Let's
+* a JWT token signing key for Qvisqve
+* optionally, a self-signed TLS certificate, unless you use Let's
   Encrypt (instructions for generating that would be nice, please
   help)
 
@@ -103,6 +104,15 @@ that, giving it a different secret than for the workers. You will be
 using this secret to interact with ick yourself.
 
 
+## Generate a Qvisqve token signing key
+
+* `../qvisqve/generate-rsa-key token.key`
+
+This will generate files `token.key` (secret key) and `token.key.pub`
+(public key). Put their contents as values for the variables
+`qvisqve_token_private_key` (private) and `qvisqve_token_public_key`
+(public).
+
 # Run Ansible
 
 * Create a file called `hosts` with contents like the following:
author	Lars Wirzenius <liw@liw.fi>	2018-06-16 20:50:32 +0300
committer	Lars Wirzenius <liw@liw.fi>	2018-06-16 20:50:32 +0300
commit	46f4d44d9565798249e59ab506a325333564de9f (patch)
tree	30b993a500c1a8486a27204e16d362956d58fd36 /install.mdwn
parent	fa2b83d6fc44271a49695454738819b0a669130d (diff)
download	ick.liw.fi-46f4d44d9565798249e59ab506a325333564de9f.tar.gz