Apologies if this is a FAQ, I'm new to this and it's better to be careful with security.
I have a project built using API Platform, using JWT for authentication. So in my .env file I have JWT_SECRET_KEY, JWT_PUBLIC_KEY and JWT_PASSPHRASE config. My project is on Github with a pipeline set up to deploy on Heroku.
Currently it's a private project, so that's all safe, but while it works in development on Docker it's not currently working when deployed to Heroku:
Uncaught PHP Exception Lexik\Bundle\JWTAuthenticationBundle\Exception\JWTEncodeFailureException: "Unable to create a signed JWT from the given configuration." at /app/vendor/lexik/jwt-authentication-bundle/Encoder/LcobucciJWTEncoder.php line 41
Any suggestions for how I might have misconfigured the deployment?
In case it's relevant, in time I want to make the github repository public. It doesn't feel great to have an open github project with my passphrase and private key files. What is the recommended approach to this - should I be generating the keys as part of deploying? Doing that correctly might also resolve whatever the problem is here.
After further experimentation, this works to generate new keys on install.
"post-install-cmd": [
"@auto-scripts",
"chmod -R 777 public/",
"chmod -R 777 config/",
"mkdir -p config/jwt",
"openssl genrsa -out config/jwt/private.pem 4096",
"openssl rsa -pubout -in config/jwt/private.pem -out config/jwt/public.pem"
],
Closing as solved, thank you for sharing your solution.
Most helpful comment
After further experimentation, this works to generate new keys on install.