5

I have my app deployed to Heroku, then I added an api with LexikJWTAuthenticationBundle for authentication. I created public and private keys with a passphrase like the documentation says, and it works great on my local machine, yet I do not know how to create or copy those files to Heroku.

John Armstrong
  • 236
  • 2
  • 5

2 Answers2

5

With LexikJWTAuthenticationBundle v2.5.0, this is now possible to give keys as environment variables : commit 154c60e90b8f10e1fdca819a681b5f189e8ed9ef.

Replace keys path for string keys in lexik_jwt_authentication.yaml :

Before :

lexik_jwt_authentication:
    private_key_path: '%kernel.project_dir%/%env(JWT_PRIVATE_KEY_PATH)%'
    public_key_path: '%kernel.project_dir%/%env(JWT_PUBLIC_KEY_PATH)%'

After :

lexik_jwt_authentication:
    secret_key: '%env(JWT_SECRET_KEY)%'
    public_key: '%env(JWT_PUBLIC_KEY)%'

I didn't find a solution to paste full keys as string in .env file, so I kept private_key_path and public_key_path in config/dev/lexik_jwt_authentication.yaml for my dev environment, and used secret_key and public_key only in config/prod/lexik_jwt_authentication.yaml, for my Heroku production.

To finish, add env variables on Heroku, deploy and you're done :

JWT_PUBLIC_KEY

JWT_SECRET_KEY

Sybio
  • 8,565
  • 3
  • 44
  • 53
-1

You probably have something like that in your config.yml:

lexik_jwt_authentication:
    private_key_path: '%kernel.root_dir%/var/jwt/private.pem'   
    public_key_path:  '%kernel.root_dir%/var/jwt/public.pem'    
    pass_phrase:      'somepassphrase'                        
    token_ttl:        2592000

In my case this resolves to a path like /app/var/jwt/ and in that folder I have two files private.pem and public.pem.

You say it's running in dev, so you should have something similar. So you just have to upload/checkin/deploy the folder structure and files with your standard deployment (Symfony and other) files to Heroku. What is your exact issue?

Strong recommendation: You should have different set of key pairs for every environment, so in a minimal setup you shouldn't define the lexik_jwt_authentication not in your config.yml but twice, in your config_dev.yml and your config_prod.yml and and have a different set of pem files for dev and prod.

LBA
  • 3,859
  • 2
  • 21
  • 60
  • 1
    You are not answering the question. He's asking how to generate private and public key on Heroku's server, during deployment. I guess. That's a good question IMHO. And I would like to know the answer too. – Juuuuuu Jan 08 '17 at 18:30
  • OP asks e.g. "copy those files to Heroku" - that's what I tried to tackle, not more not less. If someone has a better answer he/she should provide it. – LBA Jan 09 '17 at 10:30