github/pocket-id
1
1
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2026-01-10 03:17:57 -05:00
Code Issues Packages Projects Releases Wiki Activity

🚀 Feature: ephemeral private key (do not store private key on disk) #131

New Issue
Closed
opened 2025-07-08 08:40:39 -04:00 by AtHeartEngineer · 0 comments
AtHeartEngineer commented 2025-07-08 08:40:39 -04:00
Owner
Copy Link

Originally created by @ItalyPaleAle on 5/28/2025

Feature description

Instead of saving the private key to disk, Pocket ID could optionally generate a key when it starts up and keep it in-memory only. This would be optional.

Pros:

  • Private keys are never stored un-encrypted on disk (see also #580)
  • The key is rotated frequently, every time Pocket ID starts up

Cons:

  • The key changes every time Pocket ID is started, which means that tokens issued by Pocket ID would be invalidated on every restart. This may or may not be acceptable depending on what the downstream clients expect. This is why this feature is optional.

Pitch

This is another relatively simple feature to implement that helps protecting the "keys to the kingdom". It may not be suitable for all scenarios, but many users who run Pocket ID in their homelab would likely have minimal to no impact when using this.

*Originally created by @ItalyPaleAle on 5/28/2025* ### Feature description Instead of saving the private key to disk, Pocket ID could optionally generate a key when it starts up and keep it in-memory only. This would be **optional**. Pros: - Private keys are never stored un-encrypted on disk (see also #580) - The key is rotated frequently, every time Pocket ID starts up Cons: - The key changes every time Pocket ID is started, which means that tokens issued by Pocket ID would be invalidated on every restart. This _may or may not_ be acceptable depending on what the downstream clients expect. This is why this feature is optional. ### Pitch This is another relatively simple feature to implement that helps protecting the "keys to the kingdom". It may not be suitable for _all_ scenarios, but many users who run Pocket ID in their homelab would likely have minimal to no impact when using this.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
breaking
breaking
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
bug
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
dependencies
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
feature
go
go
javascript
javascript
javascript
javascript
javascript
javascript
needs more upvotes
needs more upvotes
needs more upvotes
needs more upvotes
needs more upvotes
needs more upvotes
open to pull requests
open to pull requests
open to pull requests
open to pull requests
open to pull requests
No Label feature feature feature feature feature feature feature feature feature feature feature feature feature feature feature feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
AtHeartEngineer
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github/pocket-id#131
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?