Skip to main content
Version: 13.x (Current)

Temporary Password Generator

Environment variables

The service needs the following environment variable:

  • PEM_PRIVATE_KEY_PATH (required): the path to a PEM encoded private key used to sign JWT tokens.
  • OTP_HMAC_KEY (required): A 32 bytes random string that will be used to hash the generated codes before being stored on CRUD.
  • OTP_CRUD_NAME (optional, default to otps): Name of the CRUD used to store the issued codes.
  • CRUD_HOST (optional, default to crud-service): the host of the crud-service.
  • LOG_LEVEL (optional, default to info): level of the log. It could be trace, debug, info, warn, error, fatal.
  • HTTP_PORT (optional, default to 3000): port where the web server is exposed.
  • OTP_NUMERIC_ONLY (optional, default to false): flag to enable only 6-digit numeric OTP.

Create a CRUD

The Temporary Password Generator stores the issued codes in a CRUD. You need to create it according to the following schema:

  • hashedCode : string, required.
  • scope : string, required.
  • payload: object, required.
  • expiresAt: date, required.

Add the required indexes:

  • hashedCode, scope: unique
  • expiresAt: ttl, 1. (Optional: useful if you want to delete the expired tokens)

Lastly, set the default CRUD state to PUBLIC

Generate the private key

You can generate a 2048 bit pem encoded private key with the following command:

openssl genrsa -out privatekey.pem 2048