feat: Add option to use HS512 secret for JWT instead of ED25519 (#680)

* Add functionality for HS512 JWT tokens * Add HS512_SECRET to installation docs * Update CHANGELOG.md regarding HS512 * Move HS512_SECRET to advenced section in docs * Move token Keyfunc logic to Server function * Add Keyfunc to spelling * chore: spelling Signed-off-by: Xe Iaso <me@xeiaso.net> --------- Signed-off-by: Xe Iaso <me@xeiaso.net> Co-authored-by: Martin Weidenauer <mweidenauer@nanx0as46153.anx.local> Co-authored-by: Xe Iaso <me@xeiaso.net>
2025-06-26 12:06:44 +02:00 · 2025-06-26 12:06:44 +02:00 · 59f5b07281
commit 59f5b07281
parent 1562f88c35
7 changed files with 68 additions and 36 deletions
--- a/docs/docs/admin/installation.mdx
+++ b/docs/docs/admin/installation.mdx
@ -93,11 +93,12 @@ If you don't know or understand what these settings mean, ignore them. These are

 :::

-| Environment Variable          | Default value | Explanation                                                                                                                                         |
-| :---------------------------- | :------------ | :-------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `TARGET_SNI`                  | unset         | If set, overrides the TLS handshake hostname in requests forwarded to `TARGET`.                                                                     |
-| `TARGET_HOST`                 | unset         | If set, overrides the Host header in requests forwarded to `TARGET`.                                                                                |
-| `TARGET_INSECURE_SKIP_VERIFY` | `false`       | If `true`, skip TLS certificate validation for targets that listen over `https`. If your backend does not listen over `https`, ignore this setting. |
+| Environment Variable          | Default value | Explanation                                                                                                                                                             |
+| :---------------------------- | :------------ | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `TARGET_SNI`                  | unset         | If set, overrides the TLS handshake hostname in requests forwarded to `TARGET`.                                                                                         |
+| `TARGET_HOST`                 | unset         | If set, overrides the Host header in requests forwarded to `TARGET`.                                                                                                    |
+| `TARGET_INSECURE_SKIP_VERIFY` | `false`       | If `true`, skip TLS certificate validation for targets that listen over `https`. If your backend does not listen over `https`, ignore this setting.                     |
+| `HS512_SECRET`                | unset         | Secret string for JWT HS512 algorithm. If this is not set, Anubis will use ED25519 as defined via the variables above. The longer the better; 128 chars should suffice. |

 </details>