GenomicDataInfrastructure · KarlG-nbis · Sep 25, 2025 · Sep 25, 2025 · Sep 25, 2025 · Sep 25, 2025
diff --git a/README.md b/README.md
diff --git a/config/TLS-example/README.md b/config/TLS-example/README.md
@@ -22,7 +22,9 @@ inbox:
     secretkey:
 
 c4gh:
-    passphrase:
+  privateKeys:
+    - filepath:
+      passphrase: 
 
 elixir:
     id:

diff --git a/config/TLS-example/config.yaml b/config/TLS-example/config.yaml
@@ -31,8 +31,9 @@ broker:
   # clientKey: /certificates/tls.key
 
 c4gh:
-  passphrase: ""
-  filepath: "/c4gh/gdi.sec.pem"
+  privateKeys:
+    - filepath: "/c4gh/gdi.sec.pem"
+      passphrase: ""
 
 db:
   host: "postgres"

diff --git a/config/TLS-example/docker-compose.yml b/config/TLS-example/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
   auth:
     container_name: auth
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.23-auth
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14-auth
-    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14-auth
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
-    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14-auth
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - public
     ports:
@@ -31,7 +31,7 @@ services:
       interval: 5s
       timeout: 20s
       retries: 20
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.23-rabbitmq
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14-rabbitmq
     networks:
       - secure
     ports:
@@ -63,7 +63,7 @@ services:
       interval: 5s
       timeout: 20s
       retries: 20
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.23-postgres
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14-postgres
     networks:
       - secure
     restart: always
@@ -80,7 +80,7 @@ services:
     environment:
       - DB_PASSWORD=${download_DB_PASSWORD}
       - DB_USER=download
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.23-download
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14-download
     networks:
       - public
       - secure
@@ -109,7 +109,7 @@ services:
       - BROKER_USER=finalize
       - DB_PASSWORD=${finalize_DB_PASSWORD}
       - DB_USER=finalize
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.23
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - secure
     restart: always
@@ -132,7 +132,7 @@ services:
       - BROKER_USER=ingest
       - DB_PASSWORD=${ingest_DB_PASSWORD}
       - DB_USER=ingest
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.23
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - secure
     restart: always
@@ -155,7 +155,7 @@ services:
       - BROKER_USER=mapper
       - DB_PASSWORD=${mapper_DB_PASSWORD}
       - DB_USER=mapper
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.23
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - secure
     restart: always
@@ -178,7 +178,7 @@ services:
       - BROKER_USER=verify
       - DB_PASSWORD=${verify_DB_PASSWORD}
       - DB_USER=verify
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.23
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - secure
     restart: always
@@ -201,7 +201,7 @@ services:
       - BROKER_USER=inbox
       - DB_PASSWORD=${s3inbox_DB_PASSWORD}
       - DB_USER=inbox
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.2.23
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - public
       - secure

diff --git a/config/config.yaml.example b/config/config.yaml.example
@@ -28,8 +28,9 @@ broker:
   ssl: "false"
 
 c4gh:
-  passphrase: "c4ghpass"
-  filepath: "/shared/c4gh.sec.pem"
+  privateKeys:
+  - filepath: "/shared/c4gh.sec.pem"
+    passphrase: "c4ghpass"
 
 db:
   host: "postgres"

diff --git a/docker-compose-demo.yml b/docker-compose-demo.yml
@@ -38,7 +38,7 @@ services:
       interval: 5s
       timeout: 10s
       retries: 20
-    image: python:3.10-slim
+    image: python:3.10-slim-bookworm
     networks:
       - public
     ports:

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -16,7 +16,7 @@ services:
       - PGPASSWORD=${credentials_PGPASSWORD}
     env_file:
       - .env
-    image: python:3.10-slim
+    image: python:3.10-slim-bookworm
     networks:
       - secure
     volumes:
@@ -27,7 +27,7 @@ services:
   auth:
     container_name: auth
     command: sda-auth
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     depends_on:
       credentials:
         condition: service_completed_successfully
@@ -65,7 +65,7 @@ services:
       interval: 5s
       timeout: 20s
       retries: 20
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25-rabbitmq
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14-rabbitmq
     networks:
       - secure
     ports:
@@ -89,7 +89,7 @@ services:
       interval: 5s
       timeout: 20s
       retries: 20
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25-postgres
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14-postgres
     networks:
       - secure
     restart: always
@@ -139,10 +139,9 @@ services:
       - DB_PASSWORD=${download_DB_PASSWORD}
       - DB_USER=${download_DB_USER}
       - OIDC_CONFIGURATION_URL=http://${DOCKERHOST:-dockerhost}:8080/oidc/.well-known/openid-configuration
-      - ARCHIVE_TYPE=s3seekable
     extra_hosts:
       - ${DOCKERHOST:-dockerhost}:host-gateway
-    image: harbor.nbis.se/gdi/sda-download:20240415
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14-download
     networks:
       - public
       - secure
@@ -173,7 +172,7 @@ services:
       - BROKER_USER=${finalize_BROKER_USER}
       - DB_PASSWORD=${finalize_DB_PASSWORD}
       - DB_USER=${finalize_DB_USER}
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - secure
     restart: always
@@ -199,7 +198,7 @@ services:
       - BROKER_USER=${ingest_BROKER_USER}
       - DB_PASSWORD=${ingest_DB_PASSWORD}
       - DB_USER=${ingest_DB_USER}
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - secure
     restart: always
@@ -225,7 +224,7 @@ services:
       - BROKER_USER=${mapper_BROKER_USER}
       - DB_PASSWORD=${mapper_DB_PASSWORD}
       - DB_USER=${mapper_DB_USER}
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - secure
     restart: always
@@ -251,7 +250,7 @@ services:
       - BROKER_USER=${verify_BROKER_USER}
       - DB_PASSWORD=${verify_DB_PASSWORD}
       - DB_USER=${verify_DB_USER}
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - secure
     restart: always
@@ -280,7 +279,7 @@ services:
       - SERVER_JWTPUBKEYURL=http://${DOCKERHOST:-dockerhost}:8080/oidc/jwk
     extra_hosts:
       - ${DOCKERHOST:-dockerhost}:host-gateway
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - public
       - secure
@@ -297,7 +296,7 @@ services:
     depends_on:
       credentials:
         condition: service_completed_successfully
-    image: ghcr.io/neicnordic/sensitive-data-archive:v0.3.25
+    image: ghcr.io/neicnordic/sensitive-data-archive:v3.0.14
     networks:
       - secure
     restart: always