Shared Secret is the base64-encoded, 256-bit key used to mutually authenticate requests between services. It's critical that secret keys are random, and stored safely.
How to configure
|Config file keys
|required (unless using shared_secret_file)
Pomerium Core configurations do not require a
shared_secret_file. You only need to include a shared secret if you are running the Console.
If you are connecting to the Console, your Pomerium Core and Console configurations require the same shared secret.
See the Enterprise Quickstart for an example implementation.
To generate a key, run the following command:
head -c32 /dev/urandom | base64
Add the value to your configuration file:
shared_secret is a bootstrap configuration setting and is not configurable in the Console.