Skip to content

Signing

required

Under the signing config option the signatures are configured.

alg

enum ES512 optional

The signing algorithm that is used.

Supported values are:

  • ES256
  • ES384
  • ES512
  • EdDSA (ed25519)
  • RS256
  • RS384
  • RS512
  • PS256
  • PS384
  • PS512
config.yaml 
signing:
    alg: EdDSA

rsa_key_len

integer 2048 optional

The rsa_key_len option defines the length of the generated key, if an RSA-based signing key is used and the key is generated by LightHouse because it was not provided externally.

config.yaml 
signing:
    alg: PS256
    rsa_key_len: 4096

key_file

file path required unless key_dir is given

The key_file option specifies the path to the file that contains the private signing key. The public key does not need to be provided; LightHouse will derive it from the private key.

If the key file does exist, LightHouse will use the provided signing key. If the key file does not exist yet, LightHouse generates a new private key according to the specified parameters (e.g. alg).

config.yaml 
signing:
    key_file: /path/to/signing.key

key_dir

directory path required*

Not Yet Implemented

This option is not yet implemented! Currently only key_file is supported.

The key_dir option specifies the path to a directory that contains the private signing key(s). If automatic key rollover is enabled (a feature coming in the future), a key dir must be used instead of a key file.

config.yaml 
signing:
    key_dir: /path/to/keys