Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Server - Message Identification - ID Generation - Collect VAPID Public Keys #722

Open
data-sync-user opened this issue Jul 1, 2024 · 1 comment
Open

Server - Message Identification - ID Generation - Collect VAPID Public Keys #722

data-sync-user opened this issue Jul 1, 2024 · 1 comment
Assignees
@jrconlin

Comments

@data-sync-user
Copy link
Collaborator

Collect the VAPID Public key information for all trackable message generation providers.

┆Issue is synchronized with this Jira Task
@data-sync-user
Copy link
Collaborator Author

➤ JR Conlin commented:

I have contacted Eric Maydeck, who can access the FxA VAPID public and private key data. Even though these keys are public facing data, we should still consider them reasonably sensitive (they could be used to identify traffic in flight) so they should not be exposed outside of SRE control.

Part of #739 ( https://github.com/mozilla-services/autopush-rs/pull/739|smart-link ) includes instructions on how to convert the VAPID public PEM file to an x962 “raw” format that can be included as part of the deployment settings. (This conversion need only happen if/when the FxA VAPID key changes, which is a very infrequent event.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jrconlin jrconlin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jrconlin @data-sync-user