Skip to main content

Shared Secret File

  • Environmental Variable: SHARED_SECRET_FILE
  • Config File Key: shared_secret_file
  • Kubernetes: see bootstrap secrets
  • Type: string
  • Required (unless using shared_secret)

Shared Secret File is the location of a file containing the base64 encoded 256-bit key used to mutually authenticate requests between services. It's critical that secret keys are random, and stored safely. Use a key management system or /dev/urandom to generate a key. For example:

head -c32 /dev/urandom | base64

shared_secret_file points to a file containing the secret. This is useful when deploying in environments that provide secret management like Docker Swarm. For example:

shared_secret_file: '/run/secrets/POMERIUM_SHARED_SECRET'
tip

If you adjust your shared secret and/or how it's accessed by Pomerium, you may create a secret mismatch.