cameleer/cameleer-server
1
0
Fork 0
Code Issues 41 Pull Requests Actions Packages Projects Releases Wiki Activity

Add CAMELEER_JWT_SECRET to K8s deployment secrets #45

New Issue
Closed
opened 2026-03-14 12:39:07 +01:00 by claude · 2 comments
claude commented 2026-03-14 12:39:07 +01:00
Owner
Copy Link

Context

JWT secret is now configurable via CAMELEER_JWT_SECRET env var (a4de2a7). Without it, tokens are invalidated on every server restart causing agent re-registration storms.

Steps

  1. Generate a stable secret: openssl rand -base64 32
  2. Add CAMELEER_JWT_SECRET to the cameleer-auth K8s Secret in deploy/ manifests
  3. Add it to the CI deploy step where secrets are created (--dry-run=client | kubectl apply)
  4. Add to Gitea org secrets: CAMELEER_JWT_SECRET
  5. Update the server Deployment to mount the secret as an env var

Impact

Tokens survive server restarts. Agents no longer need to re-register after deployments.

## Context JWT secret is now configurable via `CAMELEER_JWT_SECRET` env var (a4de2a7). Without it, tokens are invalidated on every server restart causing agent re-registration storms. ## Steps 1. Generate a stable secret: `openssl rand -base64 32` 2. Add `CAMELEER_JWT_SECRET` to the `cameleer-auth` K8s Secret in `deploy/` manifests 3. Add it to the CI deploy step where secrets are created (`--dry-run=client | kubectl apply`) 4. Add to Gitea org secrets: `CAMELEER_JWT_SECRET` 5. Update the server Deployment to mount the secret as an env var ## Impact Tokens survive server restarts. Agents no longer need to re-register after deployments.
claude commented 2026-03-14 22:16:22 +01:00
Author
Owner
Copy Link

Already present in deploy/server.yamlCAMELEER_JWT_SECRET env var sourced from secret cameleer-auth.

Already present in `deploy/server.yaml` — `CAMELEER_JWT_SECRET` env var sourced from secret `cameleer-auth`.
claude commented 2026-03-17 10:12:38 +01:00
Author
Owner
Copy Link

Resolved — CAMELEER_JWT_SECRET is already configured in deploy/server.yaml (lines 57-62), sourced from the cameleer-auth K8s secret. Closing.

Resolved — `CAMELEER_JWT_SECRET` is already configured in `deploy/server.yaml` (lines 57-62), sourced from the `cameleer-auth` K8s secret. Closing.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
accessibility
Accessibility (a11y) improvements
 bug
Something isn't working correctly
 cleanup
Code cleanup, dead code removal, refactoring
 epic
Epic: groups related issues
 feature
New functionality
 pmf
Product-market fit: critical for first market offer
 route-diagram
Route diagram page and execution overlay
 security
Authentication, authorization, RBAC
 ui
Frontend / React UI
 ux
UX/usability improvements
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claude
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: cameleer/cameleer-server#45
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?