19348357725

Committed 13 Nov 2025 10:53PM UTC coverage: 48.38% (+0.02%) from 48.362%

Build # 19348357725

Build Type

push

github

Committed by

web-flow

Commit Message

Add environment variable support to header_injection auth (#2574)

Adds header_value_env field to header_injection authentication strategy,
enabling secrets to be resolved from environment variables at config load
time instead of hardcoded in YAML files.

Changes:
- Add header_value_env field to rawHeaderInjectionAuth struct
- Implement validation: exactly one of header_value or header_value_env required
- Update token_exchange and service_account to use env.Reader consistently
- Add 6 comprehensive test cases covering all edge cases
- Update documentation and examples to show both usage patterns

This follows the same pattern as token_exchange (client_secret_env) and
service_account (credentials_env) strategies. Environment variables are
resolved at config load time with fail-fast validation.

Backward compatible: existing header_value (literal) configurations
continue to work unchanged.

Example usage:
  outgoing_auth:
    backends:
      github:
        type: header_injection
        header_injection:
          header_name: "Authorization"
          header_value_env: "GITHUB_API_TOKEN"

Fixes: #2573

Run Details

16 of 16 new or added lines in 1 file covered. (100.0%)

16 existing lines in 2 files now uncovered.

23489 of 48551 relevant lines covered (48.38%)

36.33 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

82.83

/pkg/transport/proxy/httpsse/http_proxy.go

stacklok / toolhive / 19348357725

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source Not Available

Source File
Press 'n' to go to next uncovered line, 'b' for previous