JSON Web Token Secrets

NeMo Data Store uses JSON Web Tokens (JWTs) for authentication. You can either generate a JWT secret value manually or let NeMo Data Store create one automatically.

Manual JWT Secret Generation

To generate a valid JWT secret, run this command in your terminal:

dd if=/dev/urandom bs=1 count=32 status=none | base64 | tr '/+' '_-' | tr -d '='

Automatic JWT Secret Generation

You can let NeMo Data Store automatically generate a JWT secret by leaving the values empty in your values.yaml file:

## JWT Secrets Configuration
## @param jwtSecret.value - Specify a custom JWT secret value
## @param jwtSecret.existingSecret - Name of an existing secret resource containing the JWT secret
## @param jwtSecret.existingSecretKey - Key in the existing secret containing the JWT secret
jwtSecret:
  value: ""
  existingSecret: ""
  existingSecretKey: ""

Sample Generated Secret

Here’s an example of the Kubernetes secret that NeMo Data Store generates:

apiVersion: v1
kind: Secret
metadata:
  name: nds-lfs-jwt-existing-secret
type: Opaque
stringData:
  jwtSecret: "Y2Z2elB5U1BGb3g0Unk5T1U5a0ZSRkk1OXpNbWNs132"