Generate preshared key on boot

boot.py

@@ -13,20 +13,20 @@ from data.database import ServiceKeyApprovalType
 from data.model.release import set_region_release
 from data.model.service_keys import generate_service_key, approve_service_key
 from util.config.database import sync_database_with_config
+from util.generatepresharedkey import generate_key
 
 
 def create_quay_service_key(seconds_until_expiration):
-  expiration = timedelta(seconds=seconds_until_expiration)
-  private_key, service_key = generate_service_key('quay', datetime.now()+expiration)
-  approve_service_key(service_key.kid, None, ServiceKeyApprovalType.SUPERUSER)
-  jwk = RSAKey(key=private_key).serialize(private=True)
+  quay_key, key_id = generate_key(None, 'quay', 'quay')
 
-  with open('/conf/quay.jwk', mode='w') as f:
+  with open('/conf/quay.pem', mode='w') as f:
     f.truncate(0)
-    f.write(json.dumps(jwk))
+    f.write(quay_key.exportKey())
+
+  return key_id
 
 
-def create_jwtproxy_conf():
+def create_jwtproxy_conf(quay_key_id):
   audience = urlunparse((
     app.config.get('PREFERRED_URL_SCHEME'),
     app.config.get('SERVER_HOSTNAME'), '', '', '', ''))
@@ -37,7 +37,8 @@ def create_jwtproxy_conf():
     template = Template(f.read())
     rendered = template.render(
       audience=audience,
-      registry=registry
+      registry=registry,
+      key_id=quay_key_id
     )
 
   with open('/conf/jwtproxy_conf.yaml', 'w') as f:
@@ -45,11 +46,10 @@ def create_jwtproxy_conf():
 
 
 def main():
-  create_jwtproxy_conf()
-
   if app.config.get('SETUP_COMPLETE', False):
     sync_database_with_config(app.config)
-    create_quay_service_key(app.config.get('QUAY_SERVICE_KEY_EXPIRATION', 500))
+    quay_key_id = create_quay_service_key(app.config.get('QUAY_SERVICE_KEY_EXPIRATION', 500))
+    create_jwtproxy_conf(quay_key_id)
 
   # Record deploy
   if release.REGION and release.GIT_HEAD: