Clarify authentication and token management

ethereum · Mar 8, 2024 · eb0db88 · eb0db88
1 parent a71e126
commit eb0db88
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/keymanager-oapi.yaml b/keymanager-oapi.yaml
@@ -13,8 +13,10 @@ info:
     and "Accept: application/json" headers.
 
     All sensitive routes are to be authenticated with a token. This token should be provided by the user via a secure channel:
-      - Log the token to stdout when running the binary with the key manager API enabled
-      - Read the token from a file available to the binary
+      - Log the token file path to stdout when running the binary with the key manager API enabled
+      - Read the token from a file available to the binary, the path to the token file should be configurable
+      - If the token file does not exist or is empty, generate a new token and write it to the file
+      - The token should remain the same across multiple restarts of the binary
   version: "v1.0.0"
   contact:
     name: Ethereum Github
@@ -63,7 +65,7 @@ components:
     bearerAuth:
       type: http
       scheme: bearer
-      bearerFormat: URL safe token, optionally JWT
+      bearerFormat: URL safe, opaque token
 
   schemas:
     Pubkey: