updates signign key settings

ZPain8464 · ZPain8464 · commit 6ddee410e034 · 2024-07-25T17:28:41.000-04:00
diff --git a/content/docs/reference/reference.json b/content/docs/reference/reference.json
@@ -532,7 +532,7 @@
   "shared-secret": {
     "id": "shared-secret",
     "title": "Shared Secret",
-    "path": "/shared-secret-settings#shared-secret",
+    "path": "/shared-secret",
     "description": "Shared Secret is the base64-encoded, 256-bit key used to mutually authenticate requests between services.",
     "services": [],
     "type": "string",
@@ -541,7 +541,7 @@
   "shared-secret-file": {
     "id": "shared-secret-file",
     "title": "Shared Secret File",
-    "path": "/shared-secret-settings#shared-secret-file",
+    "path": "/shared-secret#shared-secret-file",
     "description": "File path containing base64-encoded shared secret.",
     "services": [],
     "type": "string",
@@ -1476,7 +1476,7 @@
   "signing-key": {
     "id": "signing-key",
     "title": "Signing Key",
-    "path": "/signing-key-settings#signing-key",
+    "path": "/signing-key",
     "description": "Signing Key is the key used to sign a user's attestation JWT which can be consumed by upstream applications to pass along identifying user information like username, id, and groups.",
     "services": [],
     "type": "string",
@@ -1485,7 +1485,7 @@
   "signing-key-file": {
     "id": "signing-key-file",
     "title": "Signing Key File",
-    "path": "/signing-key-settings#signing-key-file",
+    "path": "/signing-key",
     "description": "File path to a secret containing the signing key, used to sign a user's attestation JWT which can be consumed by upstream applications to pass along identifying user information like username, id, and groups.",
     "services": [],
     "type": "string",
diff --git a/content/docs/reference/shared-secret.mdx b/content/docs/reference/shared-secret.mdx
@@ -13,9 +13,7 @@ toc_max_heading_level: 2
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
-# Shared Secret Settings
-
-## Shared Secret
+# Shared Secret
 
 **Shared Secret** is the base64-encoded, 256-bit key used to mutually authenticate requests between Pomerium services. It's critical that secret keys are random, and stored safely.
 
diff --git a/content/docs/reference/signing-key.mdx b/content/docs/reference/signing-key.mdx
@@ -1,8 +1,8 @@
 ---
 # cSpell:ignore ecparam genkey noout QCN7adG2AmIK3UdHJvVJkldsUc6XeBRz83Z4rXX8Va4 ary66nrvA55TpaiWADq8b3O1CYIbvjqIHpXCY
 
-id: signing-key-settings
-title: Signing Key Settings
+id: signing-key
+title: Signing Key
 sidebar_label: Signing Key Settings
 description: |
   This page discusses the signing key settings Pomerium uses to sign the Pomerium JWT that's sent to upstream services to verify a user's identity.
@@ -17,20 +17,19 @@ toc_max_heading_level: 2
 import Tabs from '@theme/Tabs';
 import TabItem from '@theme/TabItem';
 
-# Signing Key Settings
-
-## Signing Key
+# Signing Key
 
 **Signing Key** is one or more PEM-encoded private keys used to sign a user's attestation JWT, which can be consumed by upstream applications to pass along identifying user information like username, id, and groups.
 
-### How to configure
+## How to configure
 
 <Tabs>
 <TabItem value="Core" label="Core">
 
 | **Config file keys** | **Environment variables** | **Type** | **Usage**    |
 | :------------------- | :------------------------ | :------- | :----------- |
 | `signing_key`        | `SIGNING_KEY`             | `string` | **optional** |
+| `signing_key_file`   | `SIGNING_KEY_FILE`        | `string` | **optional** |
 
 </TabItem>
 <TabItem value="Enterprise" label="Enterprise">
@@ -49,6 +48,16 @@ See Kubernetes [bootstrap secrets](/docs/k8s/reference#spec) for more informatio
 </TabItem>
 </Tabs>
 
+## Examples
+
+```yaml
+signing_key: LS0tLS1CRUdJTiBFQyBQUklWQVRFIEtFWS0tLS0tCk1IY0NBUUVFSUNUWHlVQ0phYmlHTW1wd3VqYlBmWHhNS2MzWjNFM0tEcmlEbmQwZktiTmtvQW9HQ0NxR1NNNDkKQXdFSG9VUURRZ0FFM1FYQmZ1eEV1UEhJT0ZDb3RaaXBOMUFqM3UrOUtFRWd4RFVURW9CcjYxYXpaYWFvYlRGbwo0cGY3WFRSbzVhM2U2aDdKUW9wckp4QSszd0dwTUpSYWl3PT0KLS0tLS1FTkQgRUMgUFJJVkFURSBLRVktLS0tLQo=
+```
+
+```bash
+SIGNING_KEY_FILE='/run/secrets/POMERIUM_SIGNING_KEY'
+```
+
 ### How to use signing key
 
 If set, the signing key's public key(s) can be retrieved by hitting Pomerium's well-known JWKS endpoint:
@@ -105,51 +114,3 @@ To implement key rotation, follow a 3-step process:
 3. Remove the old key from the list.
 
 With sufficient time between the steps, this process should be resilient to caching of the JWKS endpoint by applications.
-
-## Signing Key File
-
-**Signing Key File** is the path to a file containing a [Signing Key](#signing-key).
-
-The signing key is the private key used to sign a user's attestation JWT, which can be consumed by upstream applications to pass along identifying user session information such as username, id, and groups.
-
-See [Signing Key](#signing-key) for more information.
-
-### How to configure
-
-<Tabs>
-<TabItem value="Core" label="Core">
-
-| **Config file keys** | **Environment variables** | **Type** | **Usage**    |
-| :------------------- | :------------------------ | :------- | :----------- |
-| `signing_key_file`   | `SIGNING_KEY_FILE`        | `string` | **optional** |
-
-### Examples
-
-Signing Key File is useful when deploying in environments that provide secret management like [Docker Swarm](https://docs.docker.com/engine/swarm/secrets/).
-
-For example:
-
-```yaml
-signing_key_file: '/run/secrets/POMERIUM_SIGNING_KEY'
-```
-
-```bash
-SIGNING_KEY_FILE='/run/secrets/POMERIUM_SIGNING_KEY'
-```
-
-</TabItem>
-<TabItem value="Enterprise" label="Enterprise">
-
-`signing_key_file` is a bootstrap configuration setting and is not configurable in the Console.
-
-</TabItem>
-<TabItem value="Kubernetes" label="Kubernetes">
-
-| **Name**              | **Type** | **Usage**    |
-| :-------------------- | :------- | :----------- |
-| `secrets.signing_key` | `string` | **optional** |
-
-See Kubernetes [bootstrap secrets](/docs/k8s/reference#spec) for more information.
-
-</TabItem>
-</Tabs>
diff --git a/static/_redirects b/static/_redirects
@@ -463,8 +463,8 @@ https://0-20-0.docs.pomerium.com/category/guides https://0-20-0.docs.pomerium.co
 /docs/reference/the-number-of-trusted-hops /docs/reference/x-forwarded-for-settings#xff-number-of-trusted-hops
 
 # Signing Key settings
-/docs/reference/signing-key /docs/reference/signing-key-settings#signing-key
-/docs/reference/signing-key-file /docs/reference/signing-key-settings#signing-key-file
+/docs/reference/signing-key /docs/reference/signing-key
+/docs/reference/signing-key-file /docs/reference/signing-key
 
 # Shared Secret settings
 /docs/reference/shared-secret /docs/reference/shared-secret-settings#shared-secret
