* [Galene] Bearer tokens in the administrative API
@ 2026-06-23 15:27 Juliusz Chroboczek
0 siblings, 0 replies; only message in thread
From: Juliusz Chroboczek @ 2026-06-23 15:27 UTC (permalink / raw)
To: galene
I've just pushed code to authentify using bearer tokens in the
administrative API. This touches a lot of the auth code, albeit in minor
ways; I've tried to be careful, and hopefully didn't introduce any
security flaws.
Assuming you've got galenectl configured, crate a global admin token:
galenectl -insecure create-token -group "" -include-subgroups -permissions admin
Now edit your galenectl.json file: remove the "admin-password" field, and
replace it with an "admin-token" field that contains the newly generated
token.
While in principle the code supports cryptographic tokens (JWTs), in
practice it won't work with them, since there are no global keys yet. I'm
not quite sure where to store global keys: in the config file? In
a separate JWK file?
In the first place: what are the use cases for global stateless tokens?
-- Juliusz
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-23 15:27 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-06-23 15:27 [Galene] Bearer tokens in the administrative API Juliusz Chroboczek
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox