Privacy works with JWT tokens. A JWT Token can be retrieved from the endpoint GET /issue-jwt
. Depending on the parameters, a jwt token can be valid for either a container, or a namespace:
/issue-jwt?namespace_id=1
: issues JWT valid for all containers inside namespace with ID 1
./issue-jwt?container_id=1
: issues JWT valid only for container with id 1
.
Note that you may (optional) provide an expiration date (formatted "yyyy-mm-ddT00:00:00Z") for the token: example /issue-jwt?expires_at=2022-01-02T00:00:00Z&namespace_id=1
will generate a token, valid for all containers inside Namespace with id 1
, and this token will be valid until January 2nd 2022.
The token will have the following claims:
Tokens are not stored by Scaleway and can not be retrieved if lost (but new tokens can be generated).
Token revocation is not yet supported, the best way to reset the tokens is to destroy and recreate the namespaces and all of its containers.
It will set the following environment variables, which you can use in your application to validate incoming requests (token provided by our APIs):
SCW_PUBLIC
: true
or false
based on your privacy settingsSCW_PUBLIC_KEY
: PEM-encoded public Key used to decrypt tokensSCW_NAMESPACE_ID
: Current Namespace IDSCW_APPLICATION_ID
: Current Container ID
As described above, tokens generated from our API will contain either namespace id
or application id
in its claims, so you may verify it's validity (after decrypting the JWT with the inject SCW_PUBLIC_KEY
).