Current state: Single broker instance, SQLite on disk. The signing key IS persistent — tokens already issued survive a restart. Audit trail and revocation lists are persisted to SQLite and reloaded. What's lost: challenge nonces (30s TTL) and in-memory agent records.
The question from the community: "Broker goes down, every agent loses its credential source. What is the HA plan?"
The real answer today: Agents with valid tokens keep working during a restart — they're self-contained JWTs verified against the persistent key. They just can't register NEW agents until the broker is back.
What's needed:
Who needs this: Any small company running agents in production where broker downtime means agents can't authenticate.
Current state: Single broker instance, SQLite on disk. The signing key IS persistent — tokens already issued survive a restart. Audit trail and revocation lists are persisted to SQLite and reloaded. What's lost: challenge nonces (30s TTL) and in-memory agent records.
The question from the community: "Broker goes down, every agent loses its credential source. What is the HA plan?"
The real answer today: Agents with valid tokens keep working during a restart — they're self-contained JWTs verified against the persistent key. They just can't register NEW agents until the broker is back.
What's needed:
/v1/health)Who needs this: Any small company running agents in production where broker downtime means agents can't authenticate.