- Environmental Variable:
- Config File Key:
- Required (unless using shared_secret)
Shared Secret File is the location of a file containing the base64 encoded 256-bit key used to mutually authenticate requests between services. It's critical that secret keys are random, and stored safely. Use a key management system or
/dev/urandom to generate a key. For example:
head -c32 /dev/urandom | base64
shared_secret_file points to a file containing the secret. This is useful when deploying in environments that provide secret management like Docker Swarm. For example:
If you adjust your shared secret and/or how it's accessed by Pomerium, you may create a secret mismatch.