While I am waiting for my managed cloud sign up request to be processed.
I am running the server along with the database using ECS. I am trying to set all the security requirements but I am missing some information about the following:
“console.signing_key”
“socket.server_key”
“session.encryption_key”
“runtime.http_key”
Why they required, when to use them, and how they should be generated?
You can find a description of each config option in [the documentation]9https://heroiclabs.com/docs/install-configuration).
Short answer is socket.server_key and runtime.http_key are values used to verify incoming requests, set these to random strings of a decent length (I’d recommend at least 12 characters) and they’ll be shared with callers making requests. console.signing_key and session.encryption_key are private values used as signing keys for console and user session tokens, also set these to random values and keep them entirely private in the server.
That said you won’t need to worry about these too much. The managed cloud dashboard will help you set good values.