herocode/horus
14
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
horus/docs/supervisor/auth.md
Timur Gordon c9c84676b3 revert: rename back to docs directory
2025-11-14 11:10:32 +01:00

1.2 KiB
Raw Permalink Blame History

Supervisor Authentication

The supervisor has two authentication systems:

  1. An authentication system based on scoped symmetric API keys.
  2. An authentication of the signatures of a job's canonical representation.

The first is used to control access to the supervisor API, the second is used to authenticate the signatories of a job, such that the runners can implement access control based on the signatories.

API Key Management

API keys are used to authenticate requests to the supervisor. They are created using the auth.key.create method and can be listed using the key.list method.

API Key Scopes

API keys have a scope that determines what actions they can perform. The following scopes are available:

  • admin: Full access to all supervisor methods.
  • registrar: Access to methods related to job registration and management.
  • user: Access to methods related to job execution and management.

API Key Usage

API keys are passed as a header in the Authorization field of the request. The format is Bearer <key>.

API Key Rotation

API keys can be rotated using the key.remove method. This will invalidate the old key and create a new one.