Configure JWT signing
Configure JWT signing
Audited signs the JWTs it issues, and you must configure signing with one of two options:
- HMAC (simpler) — set
ADT_JWT_SECRETto a long random string. Tokens are signed and verified with this shared secret. - ECDSA key pair — set both
ADT_JWT_PUBLIC_KEYandADT_JWT_PRIVATE_KEY(PEM). Tokens are signed with the private key and verified with the public key.
If ADT_JWT_SECRET is set, it takes precedence. Otherwise both key pair variables are required.
Startup fails without JWT signing
The service will not start unless one option is fully configured — either ADT_JWT_SECRET, or both ADT_JWT_PUBLIC_KEY and ADT_JWT_PRIVATE_KEY.