torrent: use quay.pem to mint JWT (#1425)

config.py

@@ -298,6 +298,9 @@ class DefaultConfig(object):
   # If None, will be calculated off of the SERVER_HOSTNAME (default)
   JWTPROXY_AUDIENCE = None
 
+  # The location of the private key generated for this instance
+  INSTANCE_SERVICE_KEY_LOCATION = 'conf/quay.pem'
+
   # Torrent management flags
   FEATURE_BITTORRENT = False
   BITTORRENT_PIECE_SIZE = 512 * 1024

util/registry/torrent.py

@@ -1,10 +1,9 @@
-import time
-import hashlib
-import urllib
-
 import bencode
-import resumablehashlib
+import hashlib
 import jwt
+import resumablehashlib
+import time
+import urllib
 
 from cachetools import lru_cache
 
@@ -12,6 +11,7 @@ from app import app
 
 
 ANNOUNCE_URL = app.config.get('BITTORRENT_ANNOUNCE_URL')
+PRIVATE_KEY_LOCATION = app.config.get('INSTANCE_SERVICE_KEY_LOCATION')
 FILENAME_PEPPER = app.config.get('BITTORRENT_FILENAME_PEPPER')
 REGISTRY_TITLE = app.config.get('REGISTRY_TITLE')
 JWT_ISSUER = app.config.get('JWT_AUTH_TOKEN_ISSUER')
@@ -29,7 +29,7 @@ def _torrent_jwt(info_dict):
     'infohash': _infohash(info_dict),
   }
 
-  private_key = _load_private_key(app.config['JWT_AUTH_PRIVATE_KEY_PATH'])
+  private_key = _load_private_key(PRIVATE_KEY_LOCATION)
   return jwt.encode(token_data, private_key, 'RS256')
 
 def _infohash(infodict):