fix(official-bots): mount JWT public key from ncs-jwt-keys #413
Reference in New Issue
Block a user
Delete Branch "fix/official-bots-jwt-mount"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
The official-bots rollout never mounted the ncs-jwt-keys secret nor set
JWT_PUBLIC_KEY_PATH, so the service fell back to the image-baked
public.pem, which does not match the deployed signing key. Every token
failed RS256 verification -> 401.
Mount ncs-jwt-keys at /secrets/jwt and point JWT_PUBLIC_KEY_PATH there,
mirroring account/core/tournament. Verify-only, no private key.
Co-Authored-By: Claude Opus 4.8 noreply@anthropic.com