feat: Add Vault signer for JWT#4512
Merged
Merged
Conversation
nabokihms
force-pushed
the
vault-signer
branch
2 times, most recently
from
7e4d504 to
7854bc4
Compare
Introduce a signer interface with Vault and local implementations for JWT signing. Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>
nabokihms
force-pushed
the
vault-signer
branch
from
7854bc4 to
20fdfef
Compare
AlwxSin
reviewed
Feb 6, 2026
Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>
Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>
Member
Author
|
@sagikazarmark could you please take a look? I plan to add integration tests in future releases. |
Signed-off-by: maksim.nabokikh <max.nabokih@gmail.com>
Member
Author
|
@sagikazarmark if you are ok, let's merge this, and I will provide integration tests. |
sagikazarmark
approved these changes
Feb 9, 2026
Signed-off-by: Maksim Nabokikh <maksim.nabokikh@flant.com>
Signed-off-by: Maksim Nabokikh <max.nabokih@gmail.com>
nabokihms
added
release-note/new-feature
Member
Author
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This pull request introduces a new, pluggable signing interface for JWT tokens in the server, allowing for both local and Vault-based signing. The changes refactor how signing keys are managed and accessed throughout the codebase, replacing direct storage access with a new Signer abstraction, and update configuration, server initialization, and key verification logic accordingly.
What this PR does / why we need it
Outsourcing the signing function to an external provider is crucial for security reasons. Signer abstraction allows us to add more signers in the future.
Special notes for your reviewer
Docs https://dexidp.io/docs/configuration/tokens/#token-signing-configuration