Fernet Keys & Tokens¶
Sandwich Cloud uses Fernet tokens for authorization. These tokens require a key to be encrypted. The key must be a 32-byte base64 encoded string. Multiple Fernet Keys can be used to allow key rotation.
These tokens contain information about the user or service account and what roles they have access to. User tokens expire one day after they are generated while service account tokens expire 30 minutes after they are requested from the Metadata service.
There are many ways to authenticate to Sandwich Cloud. Authentication is pluggable and is handled by drivers.
The Database driver authenticates users against a database that is managed by Sandwich Cloud.
The Github driver authenticates users against public GitHub or a private Github Enterprise installation.