Required variables
Authentication
Set one of these to enable JWT validation on key requests. If neither is set, the key server runs in development mode with no authentication.
If both are set,
AUTH_JWKS_URL takes precedence.
How auth works
- The player sends
Authorization: Bearer <token>on every key request - The key server validates the JWT signature
- If valid, the key is derived and returned
- If invalid or expired, the server returns
401 Unauthorized
Optional variables
Docker volumes
Health check
GET /health returns 200 OK with { "status": "ok" }. Use this for Docker health checks and load balancer probes.