permitio · danyi1212 · Jan 28, 2025 · Jan 9, 2025
diff --git a/app-tests/docker-compose-app-tests.yml b/app-tests/docker-compose-app-tests.yml
@@ -24,6 +24,7 @@ services:
       - OPAL_POLICY_REPO_WEBHOOK_PARAMS={"secret_header_name":"x-webhook-token","secret_type":"token","secret_parsing_regex":"(.*)","event_request_key":"gitEvent","push_event_value":"git.push"}
       - OPAL_AUTH_PUBLIC_KEY=${OPAL_AUTH_PUBLIC_KEY}
       - OPAL_AUTH_PRIVATE_KEY=${OPAL_AUTH_PRIVATE_KEY}
+      - OPAL_AUTH_PRIVATE_KEY_PASSPHRASE=${OPAL_AUTH_PRIVATE_KEY_PASSPHRASE}
       - OPAL_AUTH_MASTER_TOKEN=${OPAL_AUTH_MASTER_TOKEN}
       - OPAL_AUTH_JWT_AUDIENCE=https://api.opal.ac/v1/
       - OPAL_AUTH_JWT_ISSUER=https://opal.ac/

diff --git a/app-tests/run.sh b/app-tests/run.sh
@@ -3,14 +3,16 @@ set -e
 
 export OPAL_AUTH_PUBLIC_KEY
 export OPAL_AUTH_PRIVATE_KEY
+export OPAL_AUTH_PRIVATE_KEY_PASSPHRASE
 export OPAL_AUTH_MASTER_TOKEN
 export OPAL_CLIENT_TOKEN
 export OPAL_DATA_SOURCE_TOKEN
 
 function generate_opal_keys {
   echo "- Generating OPAL keys"
 
-  ssh-keygen -q -t rsa -b 4096 -m pem -f opal_crypto_key -N ""
+  OPAL_AUTH_PRIVATE_KEY_PASSPHRASE="123456"
+  ssh-keygen -q -t rsa -b 4096 -m pem -f opal_crypto_key -N "$OPAL_AUTH_PRIVATE_KEY_PASSPHRASE"
   OPAL_AUTH_PUBLIC_KEY="$(cat opal_crypto_key.pub)"
   OPAL_AUTH_PRIVATE_KEY="$(tr '\n' '_' < opal_crypto_key)"
   rm opal_crypto_key.pub opal_crypto_key

diff --git a/docker/docker-compose-with-security.yml b/docker/docker-compose-with-security.yml
@@ -39,6 +39,7 @@ services:
       # private key (used for signing on new JWT tokens).
       - OPAL_AUTH_PUBLIC_KEY=${OPAL_AUTH_PUBLIC_KEY}
       - OPAL_AUTH_PRIVATE_KEY=${OPAL_AUTH_PRIVATE_KEY}
+      - OPAL_AUTH_PRIVATE_KEY_PASSPHRASE=${OPAL_AUTH_PRIVATE_KEY_PASSPHRASE}
       # the master token is used in only one scenario - when we want to generate a new JWT token.
       # the /token api endpoint on the OPAL server is the only endpoint that requires the master token.
       - OPAL_AUTH_MASTER_TOKEN=${OPAL_AUTH_MASTER_TOKEN}

diff --git a/docker/run-example-with-security.sh b/docker/run-example-with-security.sh
@@ -22,7 +22,8 @@ echo "keys and run OPAL in *secure mode*."
 echo "------------------------------------------------------------------"
 
 echo "generating opal crypto keys..."
-ssh-keygen -q -t rsa -b 4096 -m pem -f opal_crypto_key -N ""
+export OPAL_AUTH_PRIVATE_KEY_PASSPHRASE="123456"
+ssh-keygen -q -t rsa -b 4096 -m pem -f opal_crypto_key -N "$OPAL_AUTH_PRIVATE_KEY_PASSPHRASE"
 
 echo "saving crypto keys to env vars and removing temp key files..."
 export OPAL_AUTH_PUBLIC_KEY=`cat opal_crypto_key.pub`