jwtproxy: signer_proxy: enabled: true listen_addr: :8080 ca_key_file: /conf/mitm.key ca_crt_file: /conf/mitm.cert signer: issuer: quay expiration_time: 5m max_skew: 1m private_key: type: preshared options: key_id: {{ key_id }} private_key_path: /conf/quay.pem verifier_proxies: - enabled: true listen_addr: unix:/tmp/jwtproxy_secscan.sock verifier: upstream: unix:/tmp/gunicorn_web.sock audience: {{ audience }} key_server: type: keyregistry options: issuer: clair registry: {{ registry }}