Closed
Bug 1323025
Opened 8 years ago
Closed 7 years ago
Allow tc-gh to have multiple webhook secrets
Categories
(Taskcluster :: Services, defect)
Taskcluster
Services
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: bstack, Assigned: owlish)
Details
This should allow us to slowly but surely rotate credentials and set up the new integration with new credentials. https://github.com/taskcluster/taskcluster-github/blob/master/src/api.js#L124-L138 is where the webhook secret is currently being verified. I think a nice way to go might be to make cfg.webhook.secret a comma-separated list of secrets and we try to verify against all of them. If any succeed, we accept it the hook!
Comment 1•8 years ago
|
||
The config is loaded with https://github.com/taskcluster/typed-env-config so you can use !env:list WEBHOOK_SECRETS to load that list and handle splitting on commas.
Assignee | ||
Updated•7 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•5 years ago
|
Component: Github → Services
You need to log in
before you can comment on or make changes to this bug.
Description
•