chore(udt-001): RSA key generation script

2026-04-13 21:35:56 -03:00
parent 1e5cac737b
commit 88ecaa2c7f
2 changed files with 58 additions and 0 deletions
--- a/src/api/SIGCM2.Api/keys/README.md
+++ b/src/api/SIGCM2.Api/keys/README.md
@@ -0,0 +1,28 @@
+# JWT RSA Keys
+
+This directory holds the RSA 2048 key pair used for JWT RS256 signing.
+
+## Files (gitignored)
+
+- `private.pem` — RSA private key (NEVER commit this)
+- `public.pem`  — RSA public key (NEVER commit this)
+- `.gitkeep`    — keeps this directory tracked in git
+
+## Regenerate keys
+
+Run from the repo root (requires PowerShell 7 / pwsh):
+
+```powershell
+pwsh -File scripts/generate-keys.ps1
+```
+
+## Production
+
+In production, set these environment variables instead of files:
+
+```
+JWT__PrivateKey=<base64-encoded PEM content>
+JWT__PublicKey=<base64-encoded PEM content>
+```
+
+The API's `RsaKeyLoader` checks environment variables first, falls back to files.