Skip to content

feat(confidentialhttp): AuthConfig for pluggable signing#341

Draft
wentzeld wants to merge 2 commits intomainfrom
signingExpansion
Draft

feat(confidentialhttp): AuthConfig for pluggable signing#341
wentzeld wants to merge 2 commits intomainfrom
signingExpansion

Conversation

@wentzeld
Copy link
Copy Markdown
Contributor

@wentzeld wentzeld commented Apr 20, 2026

Summary

  • Adds optional AuthConfig auth = 3 to ConfidentialHTTPRequest.
  • 8 signing variants: ApiKey, Basic, Bearer, HMAC-SHA256, AWS SigV4, custom HMAC, OAuth2 client_credentials, OAuth2 refresh_token.
  • Backwards compatible — buf breaking clean.

Dependency chain

Must merge first. Downstream PRs bump to this commit:

  • chainlink-common → proto version bump + signer package
  • cre-sdk-go → proto version bump + Go helpers
  • cre-sdk-typescript → submodule bump + TS helpers

@wentzeld
feat(confidentialhttp): add AuthConfig for pluggable request signing
c1be802 
  Adds ApiKey, Basic, Bearer, HMAC (SHA256/SigV4/Custom), and OAuth2
  (client_credentials, refresh_token) variants on ConfidentialHTTPRequest.

  Fully backwards-compatible: auth is an optional field; existing workflows
  with no auth configured behave exactly as before.
@changeset-bot
Copy link
Copy Markdown

changeset-bot Bot commented Apr 20, 2026
edited
Loading

⚠️ No Changeset found

Latest commit: 42bbf05

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 20, 2026
edited
Loading

The latest Buf updates on your PR. Results from workflow Regenerate Protobuf Files / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed⏩ skippedApr 20, 2026, 1:40 PM

nolag
nolag reviewed Apr 20, 2026
View reviewed changes
Comment thread cre/capabilities/networking/confidentialhttp/v1alpha/client.proto
Comment on lines +97 to +98
string username_secret_name = 1; // required
string password_secret_name = 2; // required
Copy link
Copy Markdown
Contributor

@nolag nolag Apr 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

username can be either a secret, or a value. It's not necessarily private.

The secret for the password can't just be a string, it should be SecretIdentifier.

Same for the rest of the secret and non-nessesarily secret values.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nolag nolag nolag left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@wentzeld @nolag