Summary
loadSecretFromEnv() trims secret-file contents, but the direct LIBRAVDB_AUTH_SECRET environment value is checked before trimming. A value like LIBRAVDB_AUTH_SECRET=" " is truthy, so the gRPC client treats auth as configured with a blank HMAC key.
Impact
The client can enter the signed-auth path without a usable secret and later fail with call initializeSession before authenticated RPCs. It also prevents fallback to LIBRAVDB_AUTH_SECRET_FILE.
Scope
Configuration/debuggability bug. This is not an auth bypass.
Fix Path
Trim the direct env secret before deciding whether it is set. Treat whitespace-only direct secrets as unset so file fallback can still work.
Verification Target
- Unit tests for direct whitespace secret.
- Unit tests proving file fallback still works when direct secret is whitespace.
A previous broad PR (#218) included this but was closed for bundling unrelated changes. Bring this back as a narrow auth-secret patch.
– Vale
Summary
loadSecretFromEnv()trims secret-file contents, but the directLIBRAVDB_AUTH_SECRETenvironment value is checked before trimming. A value likeLIBRAVDB_AUTH_SECRET=" "is truthy, so the gRPC client treats auth as configured with a blank HMAC key.Impact
The client can enter the signed-auth path without a usable secret and later fail with
call initializeSession before authenticated RPCs. It also prevents fallback toLIBRAVDB_AUTH_SECRET_FILE.Scope
Configuration/debuggability bug. This is not an auth bypass.
Fix Path
Trim the direct env secret before deciding whether it is set. Treat whitespace-only direct secrets as unset so file fallback can still work.
Verification Target
A previous broad PR (#218) included this but was closed for bundling unrelated changes. Bring this back as a narrow auth-secret patch.
– Vale