pplate/cannamanage
1
0
Fork 0
Code Issues 9 Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deploy): use valid base64 JWT secret in docker-compose
Deploy to Production / test (push) Has been cancelled
Details
Deploy to Production / deploy (push) Has been cancelled
Details

Browse Source 
After a successful login the backend returned HTTP 500:
io.jsonwebtoken.io.DecodingException: Illegal base64 character: '-'.
JwtService.getSigningKey() does Decoders.BASE64.decode(secret) before building
the HMAC key (JJWT 0.12 convention). The compose secret was the plaintext
'docker-dev-secret-key-minimum-32-characters-long-for-hmac', which contains
hyphens and is not valid base64, so token signing threw once auth succeeded.

Replace with a proper base64 value (openssl rand -base64 48). The base
application.properties default was already correctly base64-encoded; only the
docker override was wrong.
This commit is contained in:
Patrick Plate
2026-06-13 10:08:34 +02:00
parent 6570ea364a
commit dac884c4fe
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker-compose.yml
+4 -1
View File
@@ -28,7 +28,10 @@ services:
SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/cannamanage
SPRING_DATASOURCE_USERNAME: cannamanage
SPRING_DATASOURCE_PASSWORD: cannamanage_dev
CANNAMANAGE_SECURITY_JWT_SECRET: docker-dev-secret-key-minimum-32-characters-long-for-hmac
# JwtService base64-decodes this secret (Decoders.BASE64.decode) before using it as the
# HMAC-SHA key. It MUST be valid base64 — a plaintext string with hyphens throws
# "Illegal base64 character: '-'" at token-signing time (HTTP 500 after a successful login).
CANNAMANAGE_SECURITY_JWT_SECRET: hmSULRhmFYcOXDwYxb7bGXp7Bovh+hXgua/VqF44Ts/N+8YELWpWiqQ+aLrymCuM
depends_on:
db:
condition: service_healthy