feat(netbird): compute PAT hash at seed time, remove hashedToken requirement#6
Merged
mikkeldamsgaard merged 1 commit intomainfrom Feb 26, 2026
Merged
Conversation
…irement (#5) Leverage Initium v1.0.4's sha256/base64encode MiniJinja filters to compute the hashed_token at seed time from the plaintext PAT. Users no longer need to pre-compute and supply the base64-encoded SHA256 hash in their Kubernetes Secret. - Remove pat.secret.hashedTokenKey from values.yaml - Update seed spec to use {{ env.PAT_TOKEN | sha256(bytes=true) | base64encode }} - Rename PAT_HASHED_TOKEN env var to PAT_TOKEN in Job and sidecar templates - Simplify README PAT generation (no hash computation needed) - Simplify e2e Secret creation (single --from-literal) - Update unit tests (167 passing) Closes #5 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
mikkeldamsgaard
force-pushed
the
issue-5-remove-hashed-token-requirement
branch
from
10225fd to
c791dcc
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
sha256andbase64encodeMiniJinja filters to compute thehashed_tokenat seed time from the plaintext PATpat.secret.hashedTokenKeyfrom values — users only need to supply the plaintext token in their Kubernetes Secret--from-literalSecret creationChanges
values.yamlhashedTokenKey, update PAT comments_helpers.tplenv.PAT_HASHED_TOKEN→env.PAT_TOKEN | sha256(bytes=true) | base64encodepat-seed-job.yamlPAT_HASHED_TOKEN→PAT_TOKENwithtokenKeyserver-deployment.yamlREADME.mdCHANGELOG.mdci/scripts/e2e.shTest plan
helm unittest charts/netbird— 167 tests passinghelm lint charts/netbird— no errorsci/scripts/e2e.sh sqliteci/scripts/e2e.sh postgresci/scripts/e2e.sh mysqlHow to verify
Closes #5
🤖 Generated with Claude Code