jwtproxy:
  signer_proxy:
    enabled: true
    listen_addr: :8080
    ca_key_file: {{ conf_dir }}/mitm.key
    ca_crt_file: {{ conf_dir }}/mitm.cert

    signer:
      issuer: quay
      expiration_time: 5m
      max_skew: 1m
      private_key:
        type: preshared
        options:
          key_id: {{ key_id }}
          private_key_path: {{ conf_dir }}/quay.pem
  verifier_proxies:
  - enabled: true
    listen_addr: unix:/tmp/jwtproxy_secscan.sock
    verifier:
      upstream: unix:/tmp/gunicorn_secscan.sock
      audience: {{ audience }}
      key_server:
        type: keyregistry
        options:
          issuer: {{ security_issuer }}
          registry: {{ registry }}