I'm not up to speed on the recent work around JWT keys, but I believe we want a unique secret per OFBiz deployment?
I suspect the patch against Dockerfile will have the effect of baking the secret into the container image at build time. This means all containers that use the image will end up using the same secret. If we want the secret to be unique for each container instance, then we will probably need to replicate the behaviour of the gradle generateSecret task into docker-entrypoint.sh. We did something similar for loading the admin user's password into OFBiz - https://github.com/apache/ofbiz-framework/blob/a93b04bbb2205e4395f134c85e57a44e56b8c861/docker/docker-entrypoint.sh#L224 Thanks, Dan. On Thu, 19 Mar 2026 at 16:20, Jacopo Cappellato <[email protected]> wrote: > The following change to Dockerfile should do the trick: > > diff --git a/Dockerfile b/Dockerfile > index 7b36d42507..fb1d6e1c1f 100644 > --- a/Dockerfile > +++ b/Dockerfile > @@ -52,7 +52,7 @@ COPY APACHE2_HEADER build.gradle common.gradle > gradle.properties NOTICE settings > # Build OFBiz while mounting a gradle cache > RUN --mount=type=cache,id=gradle-cache,sharing=locked,target=/root/.gradle > \ > --mount=type=tmpfs,target=runtime/tmp \ > - ["./gradlew", "--console", "plain", "distTar"] > + ["./gradlew", "--console", "plain", "generateSecretKeys", "distTar"] > > > > ################################################################################### > > On Thu, Mar 19, 2026 at 5:01 PM Jacopo Cappellato < > [email protected]> wrote: > > > If you don't manually set the secrets, you must generate them either > > running loadAll (that triggers generateSecretKeys) or by running > > generateSecretKeys directly. > > > > Jacopo > > > > On Thu, Mar 19, 2026 at 4:57 PM Jacques Le Roux via dev < > > [email protected]> wrote: > > > >> Hi, > >> > >> It appears at > >> https://demo-trunk.ofbiz.apache.org/example/control/ReactExample > >> Stable is also affected. > >> > >> Maybe there are other cases. I don't know. > >> > >> Maybe the docker part could be implied, I don't think so. > >> I tried to restart the demos instance in case a loadAll was necessary. > >> But, I don't know why, I was suddenly unable to sudo. > >> > >> TIA > >> > >> Jacques > >> > >> > -- Daniel Watford
