PostgREST JWT Authentication

Add JWT-based authentication in PostgREST.

1. JWT Secret

Note

PostgREST can share the JWT secret with Caddy.

Generate a secret:

openssl rand -base64 32

Put the secret in the environment file:

app/.env

JWT_SECRET=(your secret)

PostgREST

Add the secret to the PostgREST service:

postgrest:
  environment:
    PGRST_JWT_SECRET: ${JWT_SECRET:?}
    PGRST_JWT_SECRET_IS_BASE64: true
    PGRST_APP_SETTINGS_JWT_EXP: 3600 # Recommended - the default is no expiry!

Postgres

The secret is needed in the Postgres service because a migration will configure PostgREST:

db/.env

JWT_SECRET=(your secret)

db/compose.yaml

postgres:
  environment:
    JWT_SECRET: ${JWT_SECRET:?}

Add a migration to configure PostgREST:

db/postgres/migrations/02-auth_schema.sql

\set pgrst_jwt_secret '$JWT_SECRET'

-- Set the JWT secret in the db - despite it being set in the JWT_SECRET
-- env var, this appears to be also required
alter system set pgrst.jwt_secret = :'pgrst_jwt_secret';

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

PostgREST JWT Authentication

1. JWT Secret

PostgREST

Postgres

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally