Privacy works with JWT tokens. A JWT Token can be retrieved from the endpoint GET
/issue-jwt. Depending on the parameters, a jwt token can be valid for either a container, or a namespace:
/issue-jwt?namespace_id=1: issues JWT valid for all containers inside namespace with ID
/issue-jwt?container_id=1: issues JWT valid only for container with id
Note that you may (optional) provide an expiration date (formatted "yyyy-mm-ddT00:00:00Z") for the token: example
/issue-jwt?expires_at=2022-01-02T00:00:00Z&namespace_id=1 will generate a token, valid for all containers inside Namespace with id
1, and this token will be valid until January 2nd 2022.
The token will have the following claims:
Tokens are not stored by Scaleway and can not be retrieved if lost (but new tokens can be generated).
Token revocation is not yet supported, the best way to reset the tokens is to destroy and recreate the namespaces and all of its containers.
It will set the following environment variables, which you can use in your application to validate incoming requests (token provided by our APIs):
false based on your privacy settings
SCW_PUBLIC_KEY: PEM-encoded public Key used to decrypt tokens
SCW_NAMESPACE_ID: Current Namespace ID
SCW_APPLICATION_ID: Current Container ID
As described above, tokens generated from our API will contain either
namespace id or
application id in its claims, so you may verify it's validity (after decrypting the JWT with the inject