On Fri, Mar 20, 2026 at 4:39 PM Daniel Watford <[email protected]> wrote:
> I'm not up to speed on the recent work around JWT keys, but I believe we > want a unique secret per OFBiz deployment? > > I suspect the patch against Dockerfile will have the effect of baking the > secret into the container image at build time. This means all containers > that use the image will end up using the same secret. > > If we want the secret to be unique for each container instance, then we > will probably need to replicate the behaviour of the gradle generateSecret > task into docker-entrypoint.sh. We did something similar for loading the > admin user's password into OFBiz - > > https://github.com/apache/ofbiz-framework/blob/a93b04bbb2205e4395f134c85e57a44e56b8c861/docker/docker-entrypoint.sh#L224 Alternatively, we could move the execution of: ./gradlew generateSecretKeys right before line 114 (before loading demo data). Jacopo
