Standardize naming convention for "passkey." Some variables were plural, some were singular which can lead to confusion.

bin/periphery/src/api/router.rs

@@ -83,7 +83,7 @@ async fn guard_request_by_passkey(
   req: Request<Body>,
   next: Next,
 ) -> serror::Result<Response> {
-  if periphery_config().passkeys.is_empty() {
+  if periphery_config().passkey.is_empty() {
     return Ok(next.run(req).await);
   }
   let Some(req_passkey) = req.headers().get("authorization") else {
@@ -97,7 +97,7 @@ async fn guard_request_by_passkey(
     .context("failed to convert passkey to str")
     .status_code(StatusCode::UNAUTHORIZED)?;
   if periphery_config()
-    .passkeys
+    .passkey
     .iter()
     .any(|passkey| passkey == req_passkey)
   {

bin/periphery/src/config.rs

@@ -108,11 +108,11 @@ pub fn periphery_config() -> &'static PeripheryConfig {
       allowed_ips: env
         .periphery_allowed_ips
         .unwrap_or(config.allowed_ips),
-      passkeys: maybe_read_list_from_file(
-        env.periphery_passkeys_file,
-        env.periphery_passkeys,
+      passkey: maybe_read_list_from_file(
+        env.periphery_passkey_file,
+        env.periphery_passkey,
       )
-      .unwrap_or(config.passkeys),
+      .unwrap_or(config.passkey),
       include_disk_mounts: env
         .periphery_include_disk_mounts
         .unwrap_or(config.include_disk_mounts),

client/core/rs/src/entities/config/periphery.rs

@@ -66,7 +66,7 @@ pub struct CliArgs {
   #[arg(long)]
   pub merge_nested_config: Option<bool>,
 
-  /// Extends config arrays, eg. allowed_ips, passkeys.
+  /// Extends config arrays, eg. allowed_ips, passkey.
   /// Will override the equivalent env configuration.
   /// Default: true
   #[arg(long)]
@@ -113,7 +113,7 @@ pub struct Env {
   #[serde(default = "super::default_merge_nested_config")]
   pub periphery_merge_nested_config: bool,
 
-  /// Will extend config arrays (eg. `allowed_ips`, `passkeys`) across multiple config files.
+  /// Will extend config arrays (eg. `allowed_ips`, `passkey`) across multiple config files.
   /// Default: `true`
   ///
   /// Note. This is overridden if the equivalent arg is passed in [CliArgs].
@@ -161,10 +161,10 @@ pub struct Env {
 
   /// Override `allowed_ips`
   pub periphery_allowed_ips: Option<ForgivingVec<IpNetwork>>,
-  /// Override `passkeys`
-  pub periphery_passkeys: Option<Vec<String>>,
-  /// Override `passkeys` from file
-  pub periphery_passkeys_file: Option<PathBuf>,
+  /// Override `passkey`
+  pub periphery_passkey: Option<Vec<String>>,
+  /// Override `passkey` from file
+  pub periphery_passkey_file: Option<PathBuf>,
   /// Override `include_disk_mounts`
   pub periphery_include_disk_mounts: Option<ForgivingVec<PathBuf>>,
   /// Override `exclude_disk_mounts`
@@ -267,12 +267,12 @@ pub struct PeripheryConfig {
   #[serde(default)]
   pub allowed_ips: ForgivingVec<IpNetwork>,
 
-  /// Limits the accepted passkeys.
+  /// Limits the accepted passkey.
   /// Default: none
   ///
   /// Note: this should be configured to increase security.
   #[serde(default)]
-  pub passkeys: Vec<String>,
+  pub passkey: Vec<String>,
 
   /// If non-empty, only includes specific mount paths in the disk report.
   #[serde(default)]
@@ -353,7 +353,7 @@ impl Default for PeripheryConfig {
       logging: Default::default(),
       pretty_startup_config: Default::default(),
       allowed_ips: Default::default(),
-      passkeys: Default::default(),
+      passkey: Default::default(),
       include_disk_mounts: Default::default(),
       exclude_disk_mounts: Default::default(),
       secrets: Default::default(),
@@ -383,8 +383,8 @@ impl PeripheryConfig {
       logging: self.logging.clone(),
       pretty_startup_config: self.pretty_startup_config,
       allowed_ips: self.allowed_ips.clone(),
-      passkeys: self
-        .passkeys
+      passkey: self
+        .passkey
         .iter()
         .map(|passkey| empty_or_redacted(passkey))
         .collect(),

compose/compose.env

@@ -128,8 +128,8 @@ KOMODO_AWS_SECRET_ACCESS_KEY= # Alt: KOMODO_AWS_SECRET_ACCESS_KEY_FILE
 ## Specify the root directory used by Periphery agent.
 PERIPHERY_ROOT_DIRECTORY=/etc/komodo
 
-## Periphery passkeys must include KOMODO_PASSKEY to authenticate.
-PERIPHERY_PASSKEYS=${KOMODO_PASSKEY}
+## Periphery passkey must include KOMODO_PASSKEY to authenticate.
+PERIPHERY_PASSKEY=${KOMODO_PASSKEY}
 
 ## Specify whether to disable the terminals feature
 ## and disallow remote shell access (inside the Periphery container).

compose/periphery.compose.yaml

@@ -15,7 +15,7 @@ services:
     environment:
       PERIPHERY_ROOT_DIRECTORY: ${PERIPHERY_ROOT_DIRECTORY:-/etc/komodo}
       ## Pass the same passkey as used by the Komodo Core connecting to this Periphery agent.
-      PERIPHERY_PASSKEYS: abc123
+      PERIPHERY_PASSKEY: abc123
       ## Make server run over https
       PERIPHERY_SSL_ENABLED: true
       ## Specify whether to disable the terminals feature

config/core.config.toml

@@ -44,7 +44,7 @@ bind_ip = "[::]"
 
 ## This is the token used to authenticate core requests to periphery.
 ## Ensure this matches a passkey in the connected periphery configs.
-## If the periphery servers don't have passkeys configured, this doesn't need to be changed.
+## If the periphery servers don't have passkey configured, this doesn't need to be changed.
 ## Env: KOMODO_PASSKEY or KOMODO_PASSKEY_FILE
 ## Required, no default
 passkey = "default-passkey-changeme"

config/periphery.config.toml

@@ -109,11 +109,11 @@ exclude_disk_mounts = []
 ## Default: empty, which will not block any request by ip.
 allowed_ips = []
 
-## Optional. Require callers to provide on of the provided passkeys to access the periphery api.
-## Example: passkeys = ["your-passkey"]
-## Env: PERIPHERY_PASSKEYS or PERIPHERY_PASSKEYS_FILE
+## Optional. Require callers to provide on of the provided passkey to access the periphery api.
+## Example: passkey = ["your-passkey"]
+## Env: PERIPHERY_PASSKEY or PERIPHERY_PASSKEY_FILE
 ## Default: empty, which will not require any passkey to be passed by core.
-passkeys = []
+passkey = []
 
 ############
 # Security #

docsite/docs/setup/connect-servers.mdx

@@ -16,8 +16,8 @@ You can install Periphery as a systemd managed process, run it as a [docker cont
 :::warning
 Allowing unintended access to the Periphery agent API is a security risk.
 Ensure to take appropriate measures to block access to the Periphery API, such as firewall rules on port `8120`.
-Additionally, you can whitelist your Komodo Core IP address in the [Periphery config](https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml#L46),
-and configure it to [only accept requests including your Core passkey](https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml#L51).
+Additionally, you can whitelist your Komodo Core IP address in the [Periphery config](https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml#L110),
+and configure it to [only accept requests including your Core passkey](https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml#L116).
 :::
 
 ### Install the Periphery agent - systemd