mirror of https://github.com/element-hq/lk-jwt-service.git synced 2026-03-29 08:39:55 +00:00

Go to file

Gaël Goinvic eee9ca263d Add LIVEKIT_KEY_FILE, rename env vars to _FROM_FILE and trim keys&secrets (#93 )

* Add LIVEKIT_KEY_SECRET_FILE and trim keys&secrets

* Rename env vars for consistency with livekit

* Add LIVEKIT_KEY_FILE variable in README

* comment readKeySecret logic

* reformat var names

2025-04-04 16:36:19 +02:00

.github

Update GitHub Actions (#74 )

2025-03-01 23:49:12 +01:00

tests

Add LIVEKIT_KEY_FILE, rename env vars to _FROM_FILE and trim keys&secrets (#93 )

2025-04-04 16:36:19 +02:00

.gitignore

Add CI to lint & build docker images

2023-06-30 11:35:02 +01:00

Dockerfile

Fix DNS resolution with host aliases + Fix TLS Verifiy on default transport (#92 )

2025-04-04 16:09:19 +02:00

go.mod

Update dependency go to v1.24.1 (#90 )

2025-04-01 08:51:55 +02:00

go.sum

Update github.com/matrix-org/gomatrixserverlib digest to 479c9ab (#89 )

2025-04-01 08:51:27 +02:00

LICENSE

AGPL-3 license

2023-07-10 17:00:49 +01:00

main_test.go

Add LIVEKIT_KEY_FILE, rename env vars to _FROM_FILE and trim keys&secrets (#93 )

2025-04-04 16:36:19 +02:00

main.go

Add LIVEKIT_KEY_FILE, rename env vars to _FROM_FILE and trim keys&secrets (#93 )

2025-04-04 16:36:19 +02:00

README.md

Add LIVEKIT_KEY_FILE, rename env vars to _FROM_FILE and trim keys&secrets (#93 )

2025-04-04 16:36:19 +02:00

renovate.json

Only propose non-security dependency updates that are 5 days old

2025-01-28 10:55:54 +00:00

README.md

LiveKit Token Management Service

This service is currently used for a single reason: generate JWT tokens with a given identity for a given room, so that users can use them to authenticate against LiveKit SFU.

It works by allowing a token obtained via the Matrix Client-Server API OpenID endpoint to be exchanged for a LiveKit JWT token which can be used to access a LiveKit SFU.

This functionality is defined by MSC4195: MatrixRTC using LiveKit backend.

Usage

This service is used when hosting the Element Call video conferencing application against a LiveKit backend.

Alongside this service, you will need to a LiveKit SFU and the Element Call web application.

Installation

The available releases can be found here.

From docker image

docker run -e LIVEKIT_URL="ws://somewhere" -e LIVEKIT_KEY=devkey -e LIVEKIT_SECRET=secret -p 8080:8080 ghcr.io/element-hq/lk-jwt-service:0.1.2

From release file

Download the tar file from the URL on the release page:

wget https://github.com/element-hq/lk-jwt-service/archive/refs/tags/v0.1.1.tar.gz
tar -xvf v0.1.1.tar.gz
mv lk-jwt-service-0.1.1 lk-jwt-service

Build the service:

cd lk-jwt-service
go build -o lk-jwt-service .

To start the service locally:

LIVEKIT_URL="ws://somewhere" LIVEKIT_KEY=devkey LIVEKIT_SECRET=secret ./lk-jwt-service

Configuration

The service is configured via environment variables:

Variable	Description	Required
`LIVEKIT_URL`	The websocket URL of the LiveKit SFU	Yes
`LIVEKIT_KEY` or `LIVEKIT_KEY_FROM_FILE`	The API key or key file path for the LiveKit SFU	Yes
`LIVEKIT_SECRET` or `LIVEKIT_SECRET_FROM_FILE`	The secret or secret file path for the LiveKit SFU	Yes
`LIVEKIT_KEY_FILE`	file path to LiveKit SFU key-file format (`APIkey: secret`)	mutually exclusive with `LIVEKIT_KEY` and `LIVEKIT_SECRET`
`LIVEKIT_JWT_PORT`	The port the service listens on	No - defaults to 8080

Disable TLS verification

For testing and debugging (e.g. in the absence of trusted certificates while testing in a lab) you can disable TLS verification for the outgoing connection to the Matrix homeserver by setting the environment variable LIVEKIT_INSECURE_SKIP_VERIFY_TLS to YES_I_KNOW_WHAT_I_AM_DOING.