1 minute read

Feb 2023

Overview

Something that I’ve had to do more of recently is create JSON Web Key Sets commonly known as JWKS -private and public keys in JSON format for Terraform to authenticate to Okta via OAuth service applications. There are plenty of online options out there but when running in production, you’ll want to create them locally and not rely on a third party solution. This works for Okta service accounts but the JWKS can be used for other applications and the script updated to create keys with other algorithms and settings.

The script below shows how to achieve this with Python and OpenSSL running on Ubuntu and can be used as a starting point for other operating systems to generate keys locally.

Because the keys are being used in automation (with Terraform to provision Okta resources) they are not protected with a password. These keys should be moved to secure storage such as a password manager / key vault for automation ASAP.

Tested with:

  • Python 3.8.10
  • Ubuntu 20.04.5 LTS

In a virtual environment - install the jwcrypto module if not already installed.

pip install jwcrypto

Copy the contents of main.py to a local main.py file.

python main.py

4 keys will be created in the ‘keys’ directory.

The keys are now ready to be used and can be setup to authenticate Terraform with Okta. Terraform requires the private key in RSA format so use the key service_app_keys_rsa.pem for any Terraform scripts.