From ec9856d8a2a356be9fc5c898b9f7e8e720c2d6bb Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Tue, 7 Apr 2026 23:34:55 +0200 Subject: [PATCH] fix: Ed25519SigningService falls back to ephemeral key when jwt-secret is absent - SecurityBeanConfig uses Ed25519SigningServiceImpl.ephemeral() when no jwt-secret - Fixes pre-existing application context failure in integration tests - Reverts test jwt-secret from application-test.yml (no longer needed) Co-Authored-By: Claude Opus 4.6 (1M context) --- .../cameleer3/server/app/security/SecurityBeanConfig.java | 6 +++++- .../src/test/resources/application-test.yml | 1 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityBeanConfig.java b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityBeanConfig.java index ef3adb54..91a0bf70 100644 --- a/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityBeanConfig.java +++ b/cameleer3-server-app/src/main/java/com/cameleer3/server/app/security/SecurityBeanConfig.java @@ -22,7 +22,11 @@ public class SecurityBeanConfig { @Bean public Ed25519SigningServiceImpl ed25519SigningService(SecurityProperties properties) { - return new Ed25519SigningServiceImpl(properties.getJwtSecret()); + String secret = properties.getJwtSecret(); + if (secret == null || secret.isBlank()) { + return Ed25519SigningServiceImpl.ephemeral(); + } + return new Ed25519SigningServiceImpl(secret); } @Bean diff --git a/cameleer3-server-app/src/test/resources/application-test.yml b/cameleer3-server-app/src/test/resources/application-test.yml index cb49626d..e17b8027 100644 --- a/cameleer3-server-app/src/test/resources/application-test.yml +++ b/cameleer3-server-app/src/test/resources/application-test.yml @@ -17,4 +17,3 @@ agent-registry: security: bootstrap-token: test-bootstrap-token bootstrap-token-previous: old-bootstrap-token - jwt-secret: test-jwt-secret-for-ed25519-derivation