Skip to main content

mint_container_token

Function mint_container_token 

Source
pub fn mint_container_token(
    secret: &str,
    service_name: &str,
    container_id: &str,
    scopes: Vec<TokenScope>,
    ttl: Duration,
    jti: Option<String>,
) -> Result<String, String>
Expand description

Mint a scoped JWT for a container.

The token carries scopes (and the marker role container, which grants nothing on its own — authority comes from the scopes) and the supplied jti. When jti is Some, a matching StoredAccessToken record MUST already be persisted (the auth layer is fail-closed and rejects a jti with no record); pass None to mint an un-revocable token bounded only by the short TTL. It is signed with the daemon’s JWT secret so the API accepts it.

§Errors

Returns an error string if the system clock is unavailable or JWT encoding fails.