fix(api): default jwt secret (#2207)

keephq · Oct 15, 2024 · 505657a · 505657a
1 parent 2b2f9e7
commit 505657a
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 8 deletions.
diff --git a/docs/deployment/configuration.mdx b/docs/deployment/configuration.mdx
@@ -75,10 +75,9 @@ Authentication configuration determines how Keep verifies user identities and ma
 | Env var | Purpose | Required | Default Value | Valid options |
 |:-------------------:|:-------:|:----------:|:-------------:|:-------------:|
 | **AUTH_TYPE** | Specifies the authentication type | No | "noauth" | "auth0", "keycloak", "db", "noauth", "oauth2proxy" |
-| **JWT_SECRET** | Secret key for JWT token generation and validation | Yes | None | Any strong secret string |
-| **JWT_ALGORITHM** | Algorithm used for JWT | No | "HS256" | Any valid JWT algorithm |
-| **KEEP_DEFAULT_USERNAME** | Default username for the admin user | No | "keep" | Any valid username string |
-| **KEEP_DEFAULT_PASSWORD** | Default password for the admin user | No | "keep" | Any strong password string |
+| **KEEP_JWT_SECRET** | Secret key for JWT token generation and validation (DB auth only) | Yes | None | Any strong secret string |
+| **KEEP_DEFAULT_USERNAME** | Default username for the admin user (DB auth only) | No | "keep" | Any valid username string |
+| **KEEP_DEFAULT_PASSWORD** | Default password for the admin user (DB auth only)| No | "keep" | Any strong password string |
 | **KEEP_FORCE_RESET_DEFAULT_PASSWORD** | Forces reset of default user password | No | "false" | "true" or "false" |
 | **KEEP_DEFAULT_API_KEYS** | Comma-separated list of default API keys to provision | No | "" | Format: "name:role:secret,name:role:secret" |
 

diff --git a/keep/identitymanager/identity_managers/db/db_authverifier.py b/keep/identitymanager/identity_managers/db/db_authverifier.py
@@ -15,10 +15,12 @@ class DbAuthVerifier(AuthVerifierBase):
 
     def _verify_bearer_token(self, token: str) -> AuthenticatedEntity:
         # validate the token
-        jwt_secret = os.environ.get("KEEP_JWT_SECRET")
-        if not jwt_secret:
-            self.logger.warning("missing KEEP_JWT_SECRET environment variable")
-            raise HTTPException(status_code=401, detail="Missing JWT secret")
+        jwt_secret = os.environ.get("KEEP_JWT_SECRET", "jwtsecret")
+        # if default
+        if jwt_secret == "jwtsecret":
+            self.logger.warning(
+                "KEEP_JWT_SECRET environment variable is not set, using default value. Should be set in production."
+            )
 
         try:
             payload = jwt.decode(