Hi, I'm using this in an automated build process that uses git and docker. Everything is in git excepts for secrets, which we put on s3. AFAICS there is no way to pull the private keys remotely? Any suggestions for this, other than the obvious of adding a curl in the docker entrypoint? Thanks!
I'm not sure if this is _the_ standard or just _a_ standard, but JWKS would be one nice way of verifying a JWT against a remote set of keys.
See https://auth0.com/docs/jwks
Even better would be the ability to define a remote set of keys for prod and override this in a test env to specify a known keypair. This would mean integration tests could generate JWTs and they would be verifiable without an internet connection.
Most helpful comment
I'm not sure if this is _the_ standard or just _a_ standard, but JWKS would be one nice way of verifying a JWT against a remote set of keys.
See https://auth0.com/docs/jwks
Even better would be the ability to define a remote set of keys for
prodand override this in atestenv to specify a known keypair. This would mean integration tests could generate JWTs and they would be verifiable without an internet connection.